- add ecdsa-384 support
- [javascript] Bump eslint from 8.26.0 to 8.29.0 #234
- [javascript] Bump eslint-plugin-deprecation from 1.3.2 to 1.3.3 #232
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.45.0 #231
- [javascript] Bump concurrently from 7.5.0 to 7.6.0 #230
- [javascript] Bump prettier from 2.7.1 to 2.8.0 #229
- fix: correct handling of XML entities in signature attributes #221
- Expose ValidateInResponseTo as it is required in options #220
- Remove pre-release comments from README #223
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.43.0 #216
- [javascript] Bump @typescript-eslint/parser from 5.41.0 to 5.43.0 #217
- Lock to TypeScript <4.9.0 due to a regression in 4.9.3 #219
- [javascript] Bump @types/node from 14.18.32 to 14.18.33 #201
- [javascript] Bump xml-crypto from 3.0.0 to 3.0.1 #205
- Update @xmldom/xmldom #213
- Fixes #208, updated readme by updating package names. #210
- Remove check now covered by dependency #215
- feat: expose getLogoutResponseUrlAsync publicly #194
- Update dependencies, including locked ones #198
- Update Dependencies #197
- Bump @xmldom/xmldom from 0.7.5 to 0.7.6 #196
- [javascript] Bump @xmldom/xmldom from 0.8.2 to 0.8.3 #188
- [security] Throw if multiple XML roots detected #195
- Update documentation to remove ADFS references; rename passport-saml #190
- Update types #199
- Update changelog build tools #189
- Require all assertions be signed; add option to disable #177
- Add option to require a document signature. #83
- [javascript] Bump node-fetch and release-it #187
- [javascript] Bump parse-url and release-it #176
- [javascript] Bump @typescript-eslint/parser from 5.36.2 to 5.40.0 #186
- [javascript] Bump prettier-plugin-packagejson from 2.2.18 to 2.3.0 #185
- [javascript] Bump @types/passport from 1.0.9 to 1.0.11 #182
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.38.1 #183
- [javascript] Bump typescript from 4.8.3 to 4.8.4 #181
- [github_actions] Bump codecov/codecov-action from 3.1.0 to 3.1.1 #180
- [javascript] Bump vm2 from 3.9.10 to 3.9.11 #179
- [security] Fix CVE-2022-39300 [GHSA-5p8w-2mvw-38pv](https://github.com/node-saml/passport-saml/security/advisories/ GHSA-5p8w-2mvw-38pv)
- fix generate unique metadata ID #158
- Include AuthnRequestsSigned attribute in all metadata #143
- Add support for metadata ContactPerson and Organization #140
- [javascript] Bump @types/node from 14.18.16 to 14.18.22 #124
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7 #123
- [javascript] Bump release-it from 15.1.1 to 15.1.2 #122
- [javascript] Bump ts-node from 10.8.2 to 10.9.1 #126
- [javascript] Bump release-it from 15.0.0 to 15.1.1 #117
- [javascript] Bump xml-crypto from 2.1.3 to 2.1.4 #118
- [javascript] Bump ts-node from 10.7.0 to 10.8.2 #119
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6 #120
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.3 to 5.30.5 #114
- [javascript] Bump parse-url from 6.0.0 to 6.0.2 #115
- [javascript] Bump @typescript-eslint/parser from 5.22.0 to 5.30.5 #113
- [javascript] Bump @types/passport from 1.0.7 to 1.0.9 #112
- [javascript] Bump eslint from 8.14.0 to 8.19.0 #111
- [javascript] Bump eslint-plugin-prettier from 4.0.0 to 4.2.1 #104
- [javascript] Bump prettier from 2.6.2 to 2.7.1 #107
- [javascript] Bump @types/sinon from 10.0.11 to 10.0.12 #106
- [javascript] Bump typescript from 4.6.4 to 4.7.4 #105
- [javascript] Bump sinon from 13.0.2 to 14.0.0 #102
- [javascript] Bump concurrently from 7.1.0 to 7.2.2 #100
- [javascript] Bump prettier-plugin-packagejson from 2.2.17 to 2.2.18 #103
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.22.0 to 5.30.3 #99
- [github_actions] Bump actions/checkout from 2 to 3 #97
- Update CodeQL to v2 #95
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.36.2 #171
- [javascript] Bump @types/chai from 4.3.1 to 4.3.3 #172
- [javascript] Bump @typescript-eslint/parser from 5.30.7 to 5.36.2 #170
- [javascript] Bump eslint from 8.19.0 to 8.23.0 #163
- [javascript] Bump typescript from 4.7.4 to 4.8.3 #169
- [javascript] Bump concurrently from 7.2.2 to 7.3.0 #136
- [javascript] Bump @types/sinon from 10.0.12 to 10.0.13 #134
- deps: move express to devDependencies because it is only used in a test. #161
- Update changelog #162
- [javascript] Bump @typescript-eslint/parser from 5.30.5 to 5.30.7 #125
- Add dependabot config file #96
- Have dependabot update package.json too #109
- Reduce frequency of dependabot updates #152
- Consolidate all SAML class code to single file #147
- Refactor generate functions to a separate file #129
- Improve tests #141
- Refactor process routines out of saml.ts #130
- Refactor code for better functional grouping #128
- Coerce booleans when constructing options object #85
- Make Audience a required setting #25
- Make
issuer
required; remove OneLogin default #61 - Allow to validate InReponseTo only if provided, to support IDP-initiated login #40
- Update packages; bump minimum node to 14 #45
- Support multiple Assertion SubjectConfirmation #43
- Extend available options for NameIDPolicy attributes #67
- Migrate from "should" to "chai" #41
- Bump npm from 8.6.0 to 8.11.0 #88
- Update dependencies #81
- Update dependencies #75
- Move dependency types next to dependencies #73
- Remove unused
qs
types #72 - Remove unused request dependency #71
- Support Node 18 #68
- [security] Upgrade xml-encryption to 2.0.0 (fixes audit issue) #44
- [security] Address polynomial regular expression used on uncontrolled data #79
- Fix issues with cache provider potentially returning expired keys #59
- Correctly reset Sinon fake timers #60
- Correct carriage-return entity handling #38
- Make Issuer Required in the Types Too (like it is at runtime) #90
- Bypass for InResponseTo #87
- Fix broken request tests #86
- Move to NPM organization #91
- Factor out metadata routines #78
- Clear up ambiguous branch #80
- Tighten
any
type #77 - Add code coverage #74
- Clean up exception messages and related tests #69
- Saml options typing #66
- Stop using import assignments #65
- Stop using import assignments #63
- Remove unused vars #64
- fix a linting warning by adding a return type #46
- add an assertion to remove a linting warning #47
- remove useless not null assertions #48
- remove a not null assertion by checking certificate's validity #49
- remove useless not null assertions on errors #50
- transform a test that does not use some of its variables #51
- removes an unused variable in a test #52
- remove useless any type declaration #53
- Remove useless not null assertions #54
- remove warnings related to loggedOut in tests #55
- fix a linting warning by adding a return type #56
- Enable
assertRequired
to type narrow #62 - Simplify configs for compilation and release #92
- [Split saml.ts #1] Move getAdditionalParams out of saml.ts #32
- Set a unique ID value in generated metadata #30
- Feature: add facility in config to add
<Extensions>
element in SAML request #11 - Add option to sign generated metadata #24
- Add support for a failed logout response #10
- Set AuthnRequestsSigned in SP metadata if configured for signing. #20
- Update xmldom #17
- #13 GCM EncryptionMethod #15
- Move non SAML code out of saml.ts #18
- Support importing to
passport-saml
project #9 - Add assertion attributes to child object on profile (passport-saml#543) #5
- Update README.md #1
- Node saml separated from passport-saml #574
For Changes prior to v3.0.0 see passport-saml