Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade xml-encryption from 1.2.1 to 1.2.2 #3

Closed
wants to merge 125 commits into from
Closed

[Snyk] Upgrade xml-encryption from 1.2.1 to 1.2.2 #3

wants to merge 125 commits into from

Conversation

vid
Copy link

@vid vid commented Mar 5, 2021

Snyk has created this PR to upgrade xml-encryption from 1.2.1 to 1.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 24 days ago, on 2021-02-09.
Release notes
Package name: xml-encryption
  • 1.2.2 - 2021-02-09
    • Dev
      Remove test files to prevent false positive from SAST checks.
  • 1.2.1 - 2020-09-09
from xml-encryption GitHub release notes
Commit messages
Package name: xml-encryption

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

markstos and others added 30 commits February 12, 2020 14:55
@markstos
v1.3.2
e70b6db
@markstos
Merge branch 'master' of github.com:bergie/passport-saml
9f1a481
@markstos
v1.3.3
74fa630
@willemli
Fix typo
bf83d23
@stavros-wb
Fix multi saml strategy race conditions (node-saml#426)
ffbd2f6 
* Fix multi saml strategy race conditions

node-saml#425

* Add warning for MultiSaml in Readme
@markstos
Merge branch 'master' of github.com:bergie/passport-saml
aafdc36
@markstos
bump version.
66bf7d6
@markstos
add yarn-error.log to .gitignore
8fdd087
@markstos
doc: announce site move.
f64cc7a
@mans0954
Revert "doc: announce site move." (node-saml#446)
bb025e6 
This reverts commit f64cc7a.
@mans0954
Return object for XML-valued AttributeValues (node-saml#447)
aed4a3d 
* Return XML object for AttributeValue if not a string

* Test XML-valued AttributeValue returns object
@dependabot
Bump acorn from 7.1.0 to 7.4.0 (node-saml#448)
8a8d82b 
Bumps [acorn](https://github.com/acornjs/acorn) from 7.1.0 to 7.4.0.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](acornjs/acorn@7.1.0...7.4.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump lodash from 4.17.15 to 4.17.20 (node-saml#449)
5abba17 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.20.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.20)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@markstos
Update issue templates
85ffa05
@markstos
Update issue templates
bfcdb78 
Fix duplicate bug report templates.
@markstos
deps: bump xml-encryption to address node-forge sub-dep vuln.
1e6ec39
@markstos
docs: Update package.json / README to reflect site move.
af98f36
@markstos
deps: really bump xml-encryption for node-forge sub-dep upgrade to ad…
b696e58 
…dress vuln.
@markstos
bump version to 1.3.5
9115a02
@markstos
docs: remove badges broken by project rename.
e0480e1
@bryan-lockhart
add catch block to NameID decryption (node-saml#461)
43465d6
@mans0954
Add test for issue 459
7995eef
@walokra
Add GitHub Actions as Continuos Integration provider (node-saml#463)
df8eb78
@mans0954
Only make an attribute an object if it has child elements
384b28d
@mans0954
Merge pull request node-saml#464 from node-saml/csh-issue-459-attr-va…
cbd1bc3 
…lue-regression-some

Only make an attribute an object if it has child elements
@mans0954
Bump xml-crypto from 1.4.0 to 1.5.3
cbf7483
@mans0954
Include package-lock.json in repo
b4b7fcc
@mans0954
Merge pull request node-saml#465 from node-saml/csh-issue-456-xml-cry…
69c19b8 
…pto-upgrade

Upgrade xml-crypto dependancy
@rod-stuchi
try to use curl when wget is not available (node-saml#468)
026edf2
@mans0954
Merge pull request node-saml#434 from willemli/patch-1
cb39845 
Fix typo
gugu and others added 27 commits January 7, 2021 15:48
@gugu
use PRs as a source for changelog
0c2206c
@gugu
add more tags to PRs, remove tags without releases
9323c09
@cjbarth
Add code to use a ISO date. Set CHANGELOG generating script.
e3d9b86
@gugu
regenerate changelog using ISO date format
e801935
@gugu
correct commandline options for gren
30ee467
@cjbarth
Use correct function argument list
a74b1db
@cjbarth
Set config values for gren to be project-specific
d03bc6d
@cjbarth
Use Prettier on files modified
8eaf95c
@gugu
Merge pull request node-saml#518 from node-saml/changelog
dac23a1 
Generating changelog using gren
@markstos
chore: Follow our Github release name convention.
5a6ca44
@markstos
Release 2.0.4
932da9d
@dosullivan557
Ignore test folder when building npm package (node-saml#526)
6996cb8 
* Added in npmignore to ignore any pems, certs or keys

* 2.0.5

* Updated pr to not include in bundle and added DS_Store to .gitignore

Co-authored-by: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com>
@gugu
async/await for saml.ts (node-saml#496)
c6c4510 
* one method uses async/await

* async/await for saml.ts, deprecate callback functions
@cjbarth
Format code and enforce code style on PR (node-saml#527)
aefee33 
* Format code and enforce code style on PR

* Use line length of 100
@cjbarth
Have build action run on PR
add499c
@cjbarth
Fix code formatting
e511c49
@cjbarth
Allow manual trigger of build action
ef175f3
@gugu
Update readme on using multiSamlStrategy
e4b3da7 
passport-saml/multiSamlStrategy.js is something I'd like to remove:
1. it contains nothing, just import
2. it is outside of the source root and tsc/other tools don't include this file
3. old import depends on internal structure of the project
4. it uses module-level export

For now let's keep the file for compatibility, but let's update README so new people will not use the old way
@gugu
remove multisaml strategy in the old location
46c6df1
@gugu
update tests to use multisamlstrategy.js from the correct place
6182dde
@gugu
Merge pull request node-saml#531 from node-saml/multisaml-strategy-re…
54809d1 
…adme

Update readme on using multiSamlStrategy
@gugu
async / await in cache interface (node-saml#532)
54704de 
* async / await in cache interface
* eslint warnings fixed for cache, remove comments and checks for node < 0.9
@mhesler74 @cjbarth
Allow for authnRequestBinding in SAML options (node-saml#529)
ed4be0c 
Co-authored-by: Mike Hesler <mhesler@grapevine6.com>
Co-authored-by: Mike Hesler <mhesler@seismic.com>
Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>
@gugu @cjbarth
Tests use typescript (node-saml#534)
f1a436f 
Co-authored-by: Chris Barth <chrisjbarth@hotmail.com>
@gugu
remove old callback functions, tests use async/await (node-saml#545)
8a1a377
@harrdou
Merge remote-tracking branch 'upstream/master'
30432b2
@snyk-bot
fix: upgrade xml-encryption from 1.2.1 to 1.2.2
6b8b47c 
Snyk has created this PR to upgrade xml-encryption from 1.2.1 to 1.2.2.

See this package in npm:
https://www.npmjs.com/package/xml-encryption

See this project in Snyk:
https://app.snyk.io/org/vid/project/f0651df4-eab6-46fd-b04a-8e9bd42a4bee?utm_source=github&utm_medium=upgrade-pr
@vid vid closed this Apr 9, 2021
@vid vid deleted the snyk-upgrade-0d2ce6e16989a4dba6ef5769c7acd14a branch April 9, 2021 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone