search

socialtables / saml-protocol

A framework-agnostic SAML protocol implementation for service and identity providers
16 stars 5 forks source link

Update dependency xml-encryption to v2 #46

Closed mend-app-cvent[bot] closed 2 years ago

mend-app-cvent[bot] commented 2 years ago

This PR contains the following updates:

Package Type Update Change
xml-encryption dependencies major 0.9.0 -> 2.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2017-1000228 #34
High 7.8 CVE-2021-43138 #39
High 7.5 CVE-2022-24771 #38
High 7.5 CVE-2022-24772 #36
High 7.3 CVE-2020-7720 #37
Medium 6.6 WS-2022-0008 #33
Medium 6.1 CVE-2022-0122 #31
Medium 5.3 CVE-2022-24773 #35
Medium 4.3 CVE-2021-21366 #30

Release Notes

auth0/node-xml-encryption ### [`v2.0.0`](https://togithub.com/auth0/node-xml-encryption/releases/v2.0.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.3.0...v2.0.0) - BREAKING CHANGE: Drops support for Node 8 - Replaces `node-forge` with native crypto functions ### [`v1.3.0`](https://togithub.com/auth0/node-xml-encryption/releases/v1.3.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/e89e7fc1aab58ed828e6263eff530481f46fb0a6...v1.3.0) \[SEC] Bumps xmldom minor version. \[SEC] Bumps glob-parent patch version ### [`v1.2.4`](https://togithub.com/auth0/node-xml-encryption/compare/v1.2.3...e89e7fc1aab58ed828e6263eff530481f46fb0a6) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.2.3...e89e7fc1aab58ed828e6263eff530481f46fb0a6) ### [`v1.2.3`](https://togithub.com/auth0/node-xml-encryption/releases/v1.2.3) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.2.2...v1.2.3) Updated the `xmldom` dependency due to a vulnerability (CVE-2021-21366) in earlier versions. ### [`v1.2.2`](https://togithub.com/auth0/node-xml-encryption/releases/v1.2.2) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/f412aac154df7ab52dc60d1af0f48dc44710d711...v1.2.2) - Dev Remove test files to prevent false positive from SAST checks. ### [`v1.2.1`](https://togithub.com/auth0/node-xml-encryption/compare/v1.2.0...f412aac154df7ab52dc60d1af0f48dc44710d711) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.2.0...f412aac154df7ab52dc60d1af0f48dc44710d711) ### [`v1.2.0`](https://togithub.com/auth0/node-xml-encryption/releases/v1.2.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.1.1...v1.2.0) fix: Moved sinon to devDependency to reduce prod dependency weight. ### [`v1.1.1`](https://togithub.com/auth0/node-xml-encryption/compare/v1.1.0...v1.1.1) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.1.0...v1.1.1) ### [`v1.1.0`](https://togithub.com/auth0/node-xml-encryption/releases/v1.1.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v1.0.0...v1.1.0) Enhancements: - feat: Add support for AES-GCM family ([#​67](https://togithub.com/auth0/node-xml-encryption/issues/67)) - feat: Add warning when insecure algorithm is used. ([#​68](https://togithub.com/auth0/node-xml-encryption/issues/68)) ### [`v1.0.0`](https://togithub.com/auth0/node-xml-encryption/releases/v1.0.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.13.0...v1.0.0) 💥Breaking changes: - typo fix: options.keyEncryptionAlgorighm -> options.keyEncryptionAlgorithm - Deprecate support for node 4/6 Enhancements: - Remove ejs dependencies to use native literals - Move to inline templates to allow webpack - Added option to fail encryption and decryption for non-recommended algorithms (3DES and rsa1.5) ### [`v0.13.0`](https://togithub.com/auth0/node-xml-encryption/releases/v0.13.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.12.0...v0.13.0) - Added support to fail on insecure algorithms. ### [`v0.12.0`](https://togithub.com/auth0/node-xml-encryption/releases/v0.12.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/887c7a3091bc926b53a90b5c57ca6f98022860e1...v0.12.0) - Removes async as a dependency - Drops support for Node 0.10. - Includes test suite for Node 10 and 12 ### [`v0.11.2`](https://togithub.com/auth0/node-xml-encryption/compare/v0.11.1...887c7a3091bc926b53a90b5c57ca6f98022860e1) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.11.1...887c7a3091bc926b53a90b5c57ca6f98022860e1) ### [`v0.11.1`](https://togithub.com/auth0/node-xml-encryption/releases/v0.11.1) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.11.0...v0.11.1) Make sure Node 6-8 are supported ### [`v0.11.0`](https://togithub.com/auth0/node-xml-encryption/compare/v0.10.0...v0.11.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.10.0...v0.11.0) ### [`v0.10.0`](https://togithub.com/auth0/node-xml-encryption/compare/v0.9.0...v0.10.0) [Compare Source](https://togithub.com/auth0/node-xml-encryption/compare/v0.9.0...v0.10.0)