Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency @simplewebauthn/types to v12 #6888

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency @simplewebauthn/types to v12 #6888

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 16, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@simplewebauthn/types (source) ^10.0.0 -> ^12.0.0 age adoption passing confidence

Release Notes

MasterKale/SimpleWebAuthn (@​simplewebauthn/types)

v12.0.0

Compare Source

All SimpleWebAuthn packages are now available for installation from the
JavaScript Registry (JSR)! JSR is an "open-source package registry
for modern JavaScript and TypeScript" - you can read more about this new package registry and its
ESM-centric capabilities here.

All packages in v12.0.0 are functionally identical to v11.0.0! And JSR package hosting is in
addition to existing package hosting on NPM. Nothing changes about package installation via
npm install. Read on for more information.

Packages
Changes
  • [browser] [server] [types] All packages can now be installed from JSR wherever JSR
    imports are supported (#​634)
  • [browser] Deno projects using frameworks like Fresh can now import and use
    @​simplewebauthn/browser (#​634)

To install from JSR, use npx jsr add @​simplewebauthn/... or deno add jsr:@​simplewebauthn/...
depending on which package manager is available.

Projects using npm for package management:
npx jsr add @​simplewebauthn/browser
npx jsr add @​simplewebauthn/server
npx jsr add @​simplewebauthn/types
Projects using deno for package management:
deno add jsr:@​simplewebauthn/browser
deno add jsr:@​simplewebauthn/server
deno add jsr:@​simplewebauthn/types
Projects using HTTPS modules via deno.land/x:

v12.0.0 officially deprecates importing SimpleWebAuthn from deno.land/x. See Breaking Changes
below for refactor guidance.

Breaking Changes

Importing SimpleWebAuthn packages from "https://deno.land/x/simplewebauthn/..." URLs is no longer
supported. Please use Deno's native support for JSR imports instead, available in projects running
Deno v1.42 and higher.

Before:

import { generateAuthenticationOptions } from 'https://deno.land/x/simplewebauthn/deno/server.ts';

After:

import { generateAuthenticationOptions } from 'jsr:@​simplewebauthn/server';

Alternatively, use deno add to install these packages from
JSR:



v11.0.0


Compare Source


Say hello to support for automatic passkey registration, support for valid conditional UI <input>

elements stashed away in web components, and to the new WebAuthnCredential type that modernizes

some logic within.


There are some breaking changes in this release! Please see Breaking Changes below for refactor

guidance.


Packages



Changes


    

  • [browser] [server] A new useAutoRegister argument has been added to startRegistration() to
    
support attempts to automatically register passkeys for users who just completed non-passkey auth.
    
verifyRegistrationResponse() has gained a new requireUserPresence option that can be set to
    
false when verifying responses from startRegistration({ useAutoRegister: true, ... })
    
(#​623)
    • 

  • [browser] A new verifyBrowserAutofillInput argument has been added to
    
startAuthentication() to disable throwing an error when a correctly configured <input> element
    
cannot be found (but perhaps a valid one is present in a web component shadow's DOM)
    
(#​621)
    • 

  • [server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential and
    
has had its properties renamed. The return value out of verifyRegistrationResponse() and
    
corresponding inputs into verifyAuthenticationResponse() have been updated accordingly. See
    
Breaking Changes below for refactor guidance
    
(#​625)
    • 

  • [server] verifyRegistrationResponse() now verifies that the authenticator data AAGUID
    
matches the leaf cert's id-fido-gen-ce-aaguid extension AAGUID when it is present
    
(#​609)
    • 

  • [server] TPM attestation verification recognizes the corrected TPM manufacturer identifier for
    
IBM (#​610)
    • 

  • [server] Types for the defunct authenticator extensions uvm and dpk have been removed
    
(#​611)
    • 



Breaking Changes


[browser] Positional arguments in startRegistration() and startAuthentication() have been replaced by a single object


Property names in the object match the names of the previously-positional arguments. To update

existing implementations, wrap existing options in an object with corresponding properties:


Before:


startRegistration(options);
startAuthentication(options, true);


After:


startRegistration({ optionsJSON: options });
startAuthentication({ optionsJSON: options, useBrowserAutofill: true });


[server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential


AuthenticatorDevice.credentialID and AuthenticatorDevice.credentialPublicKey have been shortened

to WebAuthnCredential.id and WebAuthnCredential.publicKey respectively.


verifyRegistrationResponse() has been updated accordingly to return a new credential value of

type WebAuthnCredential. Update code that stores credentialID, credentialPublicKey, and

counter out of verifyRegistrationResponse() to store credential.id, credential.publicKey,

and credential.counter instead:


Before:


const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credentialID,
  registrationInfo.credentialPublicKey,
  registrationInfo.counter,
  body.response.transports,
);


After:


const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credential.id,
  registrationInfo.credential.publicKey,
  registrationInfo.credential.counter,
  registrationInfo.credential.transports,
);


Update calls to verifyAuthenticationResponse() to match the new credential argument that

replaces the authenticator argument:


Before:


import { AuthenticatorDevice } from '@&#8203;simplewebauthn/types';

const authenticator: AuthenticatorDevice = {
  credentialID: ...,
  credentialPublicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  authenticator,
});


After:


import { WebAuthnCredential } from '@&#8203;simplewebauthn/types';

const credential: WebAuthnCredential = {
  id: ...,
  publicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  credential,
});






Configuration


📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).


🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.


Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.


🔕 Ignore: Close this PR and you won't be reminded about this update again.




    

  •  If you want to rebase/retry this PR, check this box
    • 





This PR was generated by Mend Renovate. View the repository job log.


    

  
  



      


          

          
  

    
  
    
    

  

  




          

        
      




  





        

                  



      

  
        





      

  
      



  

  @github-actions

    
      GitHub Actions
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
COMPARE TO master


Total Size Diff 📉 -772 Bytes



Diff by File





Name
Diff






packages/experience-legacy/package.json
0 Bytes




packages/experience/package.json
0 Bytes




pnpm-lock.yaml
📉 -772 Bytes







      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            











  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
    




      

  

    
    

    
  

    Reviewers
  


    

    No reviews






    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    chore

  Hmm...
  

    size/xs










      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




      

    

  
      

  

    

      0 participants