Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @simplewebauthn/server from 8.1.1 to 8.3.7 #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @simplewebauthn/server from 8.1.1 to 8.3.7 #6

wants to merge 1 commit into from

Conversation

jsaady
Copy link
Owner

@jsaady jsaady commented Jul 3, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @simplewebauthn/server from 8.1.1 to 8.3.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 7 versions ahead of your current version.

  • The recommended version was released on 5 months ago.

Release notes
Package name: @simplewebauthn/server
  • 8.3.7 - 2024-01-20

    Packages

    Changes

    • [browser] The WebAuthnError class can now be imported from @ simplewebauthn/browser for simpler error detection and handling when calling startRegistration() and startAuthentication() (#505, with thanks to @ zoontek)
    • [server] The COSEPublicKeyEC2, COSEPublicKeyOKP, and COSEPublicKeyRSA types can now be imported from @ simplwebauthn/server/helpers to help type possible return values from decodeCredentialPublicKey() (#504, with thanks to @ mmv08)
    • [server] Custom challenge strings passed to generateRegistrationOptions() will now be treated as UTF-8 strings to align with the existing behavior of generateAuthenticationOptions() (#507)
  • 8.3.6 - 2023-12-29

    Packages

    Changes

    • [server] Updated dependencies to fix an issue with ASN.1 parsing when calling
      verifyAuthenticationResponse() (#499)
  • 8.3.5 - 2023-10-28

    Packages

    Changes

    • [server] Use of the Web Crypto API in edge runtimes has been improved
      (#472)
  • 8.3.4 - 2023-10-27

    Packages

    Changes

    • [server] The library will now try to use globalThis.crypto first before trying to import
      Node's node:crypto as a fallback (#468)
    • [browser, types] Version sync
  • 8.3.3 - 2023-10-26

    Packages

    Changes

    • [server, types] deno vendor will no longer error out because typescript-types/src/dom.ts
      is missing (#466)
    • [server] Authenticator data will now be preserved after bad CBOR encoding is detected and
      temporarily fixed when handling security key responses from Firefox
      (#465)
    • [browser] Version sync due to changes in typescript-types
  • 8.3.2 - 2023-10-11

    Packages

    Changes

    • [server] The cbor-x dependency is now used without pulling in the Node-specific stream API
      for better Web API environment compatibility
      (#455, with thanks to @ Maronato)
  • 8.2.0 - 2023-09-28

    Packages

    Changes

    • [browser] startRegistration() will no longer error out on registration responses generated
      by the 1Password browser extension (#443, with thanks to @ unix)
    • [browser] Helper methods base64URLStringToBuffer() and bufferToBase64URLString() are now
      exported from @ simplewebauthn/browser (#444)
    • [server] verifyRegistrationResponse() and verifyAuthenticationResponse() now accept a new
      expectedType argument that can be used to, for example, verify Secure Payment Confirmation
      responses (#436, with thanks to @ fabiancook)
    • [server] Responses containing malformed authenticator data returned from Firefox 117 will no
      longer raise an error (#441)
  • 8.1.1 - 2023-09-04
from @simplewebauthn/server GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @simplewebauthn/server from 8.1.1 to 8.3.7
8d48eae 
Snyk has created this PR to upgrade @simplewebauthn/server from 8.1.1 to 8.3.7.

See this package in npm:
@simplewebauthn/server

See this project in Snyk:
https://app.snyk.io/org/jsaady/project/2615fb64-0b6d-4329-b01b-3719ba692dee?utm_source=github&utm_medium=referral&page=upgrade-pr
@jsaady jsaady self-assigned this Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jsaady jsaady

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jsaady @snyk-bot