Skip to content

chore(deps): bump @simplewebauthn/browser from 11.0.0 to 13.3.0 in /frontend#131

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/simplewebauthn/browser-13.3.0
Open

chore(deps): bump @simplewebauthn/browser from 11.0.0 to 13.3.0 in /frontend#131
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/simplewebauthn/browser-13.3.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps @simplewebauthn/browser from 11.0.0 to 13.3.0.

Release notes

Sourced from @​simplewebauthn/browser's releases.

v13.3.0

  • [browser] startRegistration() and startAuthentication() will recognize punycode domains as valid domains when trying to identify why an error occurred (#750)
  • [server] A new verifyMDSBlob() helper method has been added to verify and extract metadata statements from FIDO MDS blobs. See the docs here for more info (#752)

v13.2.3

Changes

  • [server] Dependencies have been updated to fix a "Cannot get schema" error that may occur when verifying responses after upgrading to v13.2.0+ (#747)

v13.2.2

Changes

v13.2.1

Changes:

  • [server] generateRegistrationOptions() will now correctly encoded the userID argument to base64url when it is an instance of Node's Buffer (#724)

v13.2.0

  • [server] The return value from verifyRegistrationResponse() has been defined more strictly to communicate that registrationInfo will only ever be present if verified is true (#715)
  • [server] verifyRegistrationResponse() can now verify attestations containing SHA256 hashes by using EC public keys with the P-384 curve (#721)
  • [server] The Android SafetyNet "CTS profile match" system integrity check can now be disabled by setting attestationSafetyNetEnforceCTSCheck: false when calling verifyRegistrationResponse(). This check remains enforced by default (#722)
  • [browser] [server] These libraries now have better support in Deno 2.2+ projects which use generic typing for Uint8Array via TypeScript 5.7. SimpleWebAuthn values of type Uint8Array_ are equivalent to Uint8Array in Deno 2.1 and earlier, and Uint8Array<ArrayBuffer> in Deno 2.2 and later. (#717)

v13.1.2

Changes

  • [browser] [server] Exported the ResidentKeyRequirement type to help with type inference (#704)

v13.1.1

Changes:

  • [server] "android-key" attestation statement verification has been modernized (#675)
  • [server] More TPM manufacturers are recognized while verifying "tpm" attestation statements (#673)

v13.1.0

Changes:

  • [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
  • [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

  • [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
  • [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
  • [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)

... (truncated)

Changelog

Sourced from @​simplewebauthn/browser's changelog.

v13.3.0

Changes:

  • [browser] startRegistration() and startAuthentication() will recognize punycode domains when trying to identify why an error occurred (#750)
  • [server] A new verifyMDSBlob() helper method has been added to verify and extract metadata statements from FIDO MDS blobs. See the docs here for more info (#752)

v13.2.3

Changes

  • [server] Dependencies have been updated to fix a "Cannot get schema" error that may occur when verifying responses after upgrading to v13.2.0+ (#747)

v13.2.2

Changes

v13.2.1

Changes:

  • [server] generateRegistrationOptions() will now correctly encoded the userID argument to base64url when it is an instance of Node's Buffer (#724)

v13.2.0

Changes

  • [server] The return value from verifyRegistrationResponse() has been defined more strictly to communicate that registrationInfo will only ever be present if verified is true (#715)
  • [server] verifyRegistrationResponse() can now verify attestations containing SHA256 hashes by using EC public keys with the P-384 curve

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​simplewebauthn/browser since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump @simplewebauthn/browser in /frontend
6ccfa5c 
Bumps [@simplewebauthn/browser](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/browser) from 11.0.0 to 13.3.0.
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.0/packages/browser)

---
updated-dependencies:
- dependency-name: "@simplewebauthn/browser"
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants