-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): update dependency @simplewebauthn/types to v10 #7155
base: master
Are you sure you want to change the base?
Conversation
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #7155 +/- ##
=======================================
Coverage 73.70% 73.70%
=======================================
Files 346 346
Lines 30003 29986 -17
Branches 839 839
=======================================
- Hits 22114 22102 -12
+ Misses 7020 7014 -6
- Partials 869 870 +1
Flags with carried forward coverage won't be shown. Click here to find out more. |
a240332
to
2bbf785
Compare
✅ Deploy Preview for authelia-staging ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
6d60747
to
4df75c7
Compare
ed32cac
to
b6b04b8
Compare
b589190
to
f3fcf57
Compare
f3fcf57
to
43ea5ad
Compare
This PR contains the following updates:
9.0.1
->10.0.0
Release Notes
MasterKale/SimpleWebAuthn (@simplewebauthn/types)
v10.0.0
Compare Source
Thanks for everything, Node 16 and Node 18, but it's time to move on! The headlining change of this
release is the targeting of Node LTS v20+ as the minimum Node runtime. Additional developer-centric
quality-of-life changes have also been made in the name of streamlining use of SimpleWebAuthn on
both the back end and front end.
This release is packed with updates, so buckle up! Refactor advice for breaking changes is, as
always, offered below.
Packages
Changes
(#531)
user.displayName
now defaults to an empty string if a value is not specified foruserDisplayName
when callinggenerateRegistrationOptions()
(#538)
browserSupportsWebAuthnAutofill()
helper will no longer break in environmentsin which
PublicKeyCredential
is not present(#557, with thanks to @clarafitzgerald)
Breaking Changes
#529:
generateRegistrationOptions()
now expectsBase64URLString
for excluded credential IDsgenerateAuthenticationOptions()
now expectsBase64URLString
for allowed credential IDscredentialID
returned from response verification methods is now aBase64URLString
AuthenticatorDevice.credentialID
is now aBase64URLString
isoBase64URL.isBase64url()
is now calledisoBase64URL.isBase64URL()
#552:
generateRegistrationOptions()
now accepts an optionalUint8Array
instead of astring
foruserID
isoBase64URL.toString()
andisoBase64URL.fromString()
have been renamedgenerateRegistrationOptions()
will now generate random user IDsuser.id
is now treated like a base64url string instartRegistration()
userHandle
is now treated like a base64url string instartAuthentication()
rpID
is now a required argument when callinggenerateAuthenticationOptions()
(#555)
[server]
generateRegistrationOptions()
now expectsBase64URLString
for excluded credential IDsThe
isoBase64URL
helper can be used to massageUint8Array
credential IDs into base64url strings:Before
After
The
type
argument is no longer needed either.[server]
generateAuthenticationOptions()
now expectsBase64URLString
for allowed credential IDsSimilarly, the
isoBase64URL
helper can also be used during auth to massageUint8Array
credentialIDs into base64url strings:
Before
After
The
type
argument is no longer needed either.[server]
credentialID
returned from response verification methods is now aBase64URLString
It is no longer necessary to manually stringify
credentialID
out of response verification methods:Before
After
[server]
AuthenticatorDevice.credentialID
is now aBase64URLString
Calls to
verifyAuthenticationResponse()
will need to be updated to encode the credential ID to abase64url string:
Before
After
[server]
isoBase64URL.isBase64url()
is now calledisoBase64URL.isBase64URL()
Note the capitalization change from "url" to "URL" in the method name. Update calls to this method
accordingly.
[server]
generateRegistrationOptions()
will now generate random user IDs[browser]
user.id
is now treated like a base64url string instartRegistration()
[browser]
userHandle
is now treated like a base64url string instartAuthentication()
A random identifier will now be generated when a value is not provided for the now-optional
userID
argument when calling
generateRegistrationOptions()
. This identifier will be base64url-encodedstring of 32 random bytes. RPs that wish to take advantage of this can simply omit this
argument.
Additionally,
startRegistration()
will base64url-decodeuser.id
before calling WebAuthn. Duringauth
startAuthentication()
will base64url-encodeuserHandle
in the returned credential. Thisshould be a transparent change for RP's that simply feed @simplewebauthn/server options output
into the corresponding @simplewebauthn/browser methods.
However, RP's that wish to continue generating their own user identifiers will need to take
additional steps to ensure they get back user IDs in the expected format after authentication.
Before (SimpleWebAuthn v9)
After (SimpleWebAuthn v10)
[server]
isoBase64URL.toString()
andisoBase64URL.fromString()
have been renamedThe method names have been updated to reflect the use of UTF-8 string encoding:
Before:
After:
[server]
rpID
is now a required argument when callinggenerateAuthenticationOptions()
Update calls to this method to specify the same
rpID
as passed intogenerateRegistrationOptions()
:Before
After
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.