auth0 / node-samlp

SAML Protocol support for node (only IdP for now)
MIT License
136 stars 117 forks source link

Upgraded saml dependency to latest version #109

Closed lukemarkwordtlibertyits closed 3 years ago

lukemarkwordtlibertyits commented 3 years ago

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Describe the purpose of this PR along with any background information and the impacts of the proposed change. For the benefit of the community, please do not assume prior context.

Provide details that support your chosen implementation, including: breaking changes, alternatives considered, changes to the API, etc.

If the UI is being changed, please provide screenshots.

Updated node-saml dependency to latest version (1.0.0)

References

Include any links supporting this change such as a:

  • GitHub Issue/PR number addressed or fixed
  • Auth0 Community post
  • StackOverflow post
  • Support forum thread
  • Related pull requests/issues from other repos

If there are no references, simply delete this section.

In response to this issue.

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

Tests Ran Included

lukemarkwordtlibertyits commented 3 years ago

The CI is failing for v4.8.5 because the latest version of xml-encryption utilizes default argument assignment. This was not supported until Node 6. Considering workarounds. xml-encryption is also maintained by Auth0. Its CLI only checks for backwards compatibility from Node 8 onward. Curious as to why different projects have different backwards compatibility checks?

zxlin commented 3 years ago

I think this would warrant a major revision since it drops support for node v4 it seems like.

@luuuis would this and #105 be able to merge in and released as 5.0.0?

Would be nice to get these merged in as our vulnerability reports are flagging this lib.

tomauth0 commented 3 years ago

Thank you for the suggested updates - we've updated the saml version to v1.0.0 in #114 and updated other libs flagged by npm audit.
These changes are released in v5.0.0. This update also migrates the CI for this repo from Travis to Github Actions - as part of this move we've dropped build support for node v4, v6 & v8.

I'm closing this PR as the changes have been applied - thanks again. Tom