Skip to content

build(deps): bump @simplewebauthn/browser from 12.0.0 to 13.1.0 #52141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
susnux merged 3 commits into from
Apr 18, 2025
Merged

build(deps): bump @simplewebauthn/browser from 12.0.0 to 13.1.0 #52141

susnux merged 3 commits into from
Apr 18, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 12, 2025
edited
Loading

Bumps @simplewebauthn/browser from 12.0.0 to 13.1.0.

Release notes

Sourced from @​simplewebauthn/browser's releases.

v13.1.0

Changes:

  • [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
  • [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

  • [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
  • [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
  • [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
  • [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired.

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/types'; // <--

After:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/server'; // <--

[server] attestationType no longer accepts 'indirect'

The benefits of indirect attestation are too minimal to be useful for Relying Parties. In practice it is almost never used over ignoring the concept completely with 'none' or needing to be intentional and setting 'direct'.

... (truncated)

Changelog

Sourced from @​simplewebauthn/browser's changelog.

v13.1.0

Changes:

  • [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
  • [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

  • [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
  • [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
  • [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
  • [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
</tr></table>

... (truncated)

Commits
  • cfd2400 Publish v13.1.0
  • 62025dc Test ability to continue from bad call pattern
  • 4cbeceb Detect improper call pattern and warn
  • 5dc6bfc Remove unused import in NPM build scripts
  • 6b27e92 Publish v13.0.0
  • 1876a0e Revert alpha versioning for PR
  • 321c3af Test out changes as alpha1
  • 5030c67 Remove types from READMEs
  • 652472e Ignore internals from docs output
  • 4217841 Simplify browser and server exports
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team April 12, 2025 01:19
@susnux
Copy link
Contributor

susnux commented Apr 18, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/simplewebauthn/browser-13.1.0 branch from 2d40b94 to a4dfa2c Compare April 18, 2025 21:32
@susnux susnux requested a review from a team as a code owner April 18, 2025 21:44
@susnux susnux requested review from artonge, sorbaugh and susnux and removed request for a team April 18, 2025 21:44
@susnux
Copy link
Contributor

susnux commented Apr 18, 2025

/compile

dependabot bot and others added 3 commits April 18, 2025 23:55
@dependabot @susnux
build(deps): bump @simplewebauthn/browser from 12.0.0 to 13.1.0
871ea1c 
Bumps [@simplewebauthn/browser](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/browser) from 12.0.0 to 13.1.0.
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.1.0/packages/browser)

---
updated-dependencies:
- dependency-name: "@simplewebauthn/browser"
  dependency-version: 13.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@susnux
chore: migrate types to @simplewebauthn/browser (changes package la…
77b6632 
…yout)

Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux
chore: compile assets
454dab3 
Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux susnux force-pushed the dependabot/npm_and_yarn/simplewebauthn/browser-13.1.0 branch from 5f0121c to 454dab3 Compare April 18, 2025 22:01
@susnux susnux merged commit a4cb653 into master Apr 18, 2025
121 checks passed
@susnux susnux deleted the dependabot/npm_and_yarn/simplewebauthn/browser-13.1.0 branch April 18, 2025 22:38
@nextcloud-bot nextcloud-bot mentioned this pull request Aug 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-frontend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-frontend

Assignees

No one assigned

Labels

3. to review Waiting for reviews feature: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@susnux