Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump @simplewebauthn/browser from 10.0.0 to v11 #669

Merged
merged 1 commit into from
Oct 14, 2024
Merged

fix(deps): bump @simplewebauthn/browser from 10.0.0 to v11 #669

merged 1 commit into from
Oct 14, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 13, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@simplewebauthn/browser (source) ^10.0.0 -> ^11.0.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

MasterKale/SimpleWebAuthn (@​simplewebauthn/browser)

v11.0.0

Compare Source

Say hello to support for automatic passkey registration, support for valid conditional UI <input>
elements stashed away in web components, and to the new WebAuthnCredential type that modernizes
some logic within.

There are some breaking changes in this release! Please see Breaking Changes below for refactor
guidance.

Packages
Changes
  • [browser] [server] A new useAutoRegister argument has been added to startRegistration() to
    support attempts to automatically register passkeys for users who just completed non-passkey auth.
    verifyRegistrationResponse() has gained a new requireUserPresence option that can be set to
    false when verifying responses from startRegistration({ useAutoRegister: true, ... })
    (#​623)
  • [browser] A new verifyBrowserAutofillInput argument has been added to
    startAuthentication() to disable throwing an error when a correctly configured <input> element
    cannot be found (but perhaps a valid one is present in a web component shadow's DOM)
    (#​621)
  • [server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential and
    has had its properties renamed. The return value out of verifyRegistrationResponse() and
    corresponding inputs into verifyAuthenticationResponse() have been updated accordingly. See
    Breaking Changes below for refactor guidance
    (#​625)
  • [server] verifyRegistrationResponse() now verifies that the authenticator data AAGUID
    matches the leaf cert's id-fido-gen-ce-aaguid extension AAGUID when it is present
    (#​609)
  • [server] TPM attestation verification recognizes the corrected TPM manufacturer identifier for
    IBM (#​610)
  • [server] Types for the defunct authenticator extensions uvm and dpk have been removed
    (#​611)
Breaking Changes
[browser] Positional arguments in startRegistration() and startAuthentication() have been replaced by a single object

Property names in the object match the names of the previously-positional arguments. To update
existing implementations, wrap existing options in an object with corresponding properties:

Before:

startRegistration(options);
startAuthentication(options, true);

After:

startRegistration({ optionsJSON: options });
startAuthentication({ optionsJSON: options, useBrowserAutofill: true });
[server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential

AuthenticatorDevice.credentialID and AuthenticatorDevice.credentialPublicKey have been shortened
to WebAuthnCredential.id and WebAuthnCredential.publicKey respectively.

verifyRegistrationResponse() has been updated accordingly to return a new credential value of
type WebAuthnCredential. Update code that stores credentialID, credentialPublicKey, and
counter out of verifyRegistrationResponse() to store credential.id, credential.publicKey,
and credential.counter instead:

Before:

const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credentialID,
  registrationInfo.credentialPublicKey,
  registrationInfo.counter,
  body.response.transports,
);

After:

const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credential.id,
  registrationInfo.credential.publicKey,
  registrationInfo.credential.counter,
  registrationInfo.credential.transports,
);

Update calls to verifyAuthenticationResponse() to match the new credential argument that
replaces the authenticator argument:

Before:

import { AuthenticatorDevice } from '@&#8203;simplewebauthn/types';

const authenticator: AuthenticatorDevice = {
  credentialID: ...,
  credentialPublicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  authenticator,
});

After:

import { WebAuthnCredential } from '@&#8203;simplewebauthn/types';

const credential: WebAuthnCredential = {
  id: ...,
  publicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  credential,
});

Configuration

📅 Schedule: Branch creation - "before 5am on monday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added 3. to review Waiting for reviews dependencies Pull requests that update a dependency file labels Oct 13, 2024
@renovate renovate bot force-pushed the renovate/simplewebauthn-browser-11.x branch from 682634d to 99ebda1 Compare October 14, 2024 17:07
@renovate @st3iny
fix(deps): bump @simplewebauthn/browser from 10.0.0 to v11
9f796b8 
Adjust all usages of startRegistration and startAuthentication according
to the upgrade guide.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Richard Steinmetz <[email protected]>
@st3iny st3iny force-pushed the renovate/simplewebauthn-browser-11.x branch from 99ebda1 to 9f796b8 Compare October 14, 2024 17:21
st3iny
st3iny approved these changes Oct 14, 2024
View reviewed changes
Copy link
Member

@st3iny st3iny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I manually adjusted the breaking changes in their API.

@st3iny st3iny enabled auto-merge October 14, 2024 17:22
@st3iny st3iny added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Oct 14, 2024
@st3iny st3iny merged commit 81a3e61 into main Oct 14, 2024
34 checks passed
@st3iny st3iny deleted the renovate/simplewebauthn-browser-11.x branch October 14, 2024 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@st3iny st3iny st3iny approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@st3iny