auth0 / node-samlp

SAML Protocol support for node (only IdP for now)
MIT License
136 stars 117 forks source link

Current backwards compatability checks are preventing dependencies from being updated. #110

Closed lukemarkwordtlibertyits closed 3 years ago

lukemarkwordtlibertyits commented 3 years ago

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

Provide a clear and concise description of the issue, including what you expected to happen.

There has been a request to update the node-saml dependency to its current version. issue. I has submitted a PR for this, but the CI is failing. See here. The failure is due to another Auth0 dependency, xml-encryption. This dependency uses default argument values, which are not supported until Node 6. The backwards compatibility checks for this repository checks from Node v4.8.5 onward. The backwards compatibility checks for the xml-encryption repository checks from Node 8 onward.

Since this organization own the node-saml, node-samlp and xml-encryption repository and the node-samlp project utilizes both the node-saml and xml-encryption dependency, it would be helpful for them to have the same backwards compatibility standards, so all repositories can utilize the latest version of each dependency.

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

Where applicable, please include:

  • Code sample to reproduce the issue
  • Log files (redact/remove sensitive information)
  • Application settings (redact/remove sensitive information)
  • Screenshots
git checkout lukemarkwordtlibertyits:master
nvm use v4.8.5
npm test

CLI Failure

Environment

Please provide the following:

lukemarkwordtlibertyits commented 3 years ago

Removed Node 4.8.5 check in my updated Node-Saml PR. https://github.com/auth0/node-samlp/pull/109

tomauth0 commented 3 years ago

Hi @lukemarkwordtlibertyits - as mentioned on the PR comment, the CI for this repo has been switched to GH Actions, and older node versions have been removed from those builds.

Thanks again for your suggestions - hopefully these changes make contributions easier. Tom