fix(passkey): bump @simplewebauthn/server and @simplewebauthn/browser to v10.0.0
#10996
Conversation
masterjanic
requested review from
ThangHuuVu,
ubbe-xyz,
ndom91 and
balazsorban44
as code owners
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
|
@masterjanic is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
|
Ooo nice, thanks! I was just looking into upgrading to 10.x the other day! I'll take a closer look at this later today 🙏 |
|
We're there no other relevant breaking changes other than the base64/uint8array changes? There were a good bit of changes in v10, I just expected us to be affected by more haha |
ndom91
changed the title
@simplewebauthn/server and @simplewebauthn/browser to v10.0.0
|
Got it, I probably missed them. I can also see that some examples have the version listed in the |
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@auth/unstorage-adapter@2.1.0, npm/@types/react-dom@18.3.0, npm/@types/react@18.3.3, npm/autoprefixer@10.4.19, npm/class-variance-authority@0.7.0, npm/lucide-react@0.274.0, npm/next-auth@5.0.0-beta.18, npm/next@14.2.3, npm/react-dom@18.3.1, npm/react@18.3.1, npm/tailwind-merge@1.14.0, npm/tailwindcss-animate@1.0.7, npm/unstorage@1.10.2 |
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
@masterjanic what do you mean by this exactly?
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #10996 +/- ##
===========================================
+ Coverage 40.91% 53.03% +12.12%
===========================================
Files 176 108 -68
Lines 27924 3373 -24551
Branches 1243 344 -899
===========================================
- Hits 11424 1789 -9635
+ Misses 16500 1584 -14916 ☔ View full report in Codecov by Sentry. |
|
@masterjanic looks like some of the tests in |
|
Any update on this? |
☕️ Reasoning
The latest version of SimpleWebAuthn (v10.0.0) was released on April 13th and fixes an issue where the browser webauthn autofill handler was not correctly working due to PublicKeyCredential missing. This version also includes changes to how the credentialID and userID is handled. Further we don't need to encode them to an Uint8Array anymore, because the library now expects base64url strings.
This pull request bumps the version and implements the necessary changes for using the latest version.
🧢 Checklist
I couldn't get the tests running on my machine yet, but I will try to test the changes. Database adapters should not be affected since credentialID and userID is stored as a text field already.
🎫 Affected issues
There are no affected issues but we might prevent further issues by already implementing the latest version of SimpleWebAuthn.
📌 Resources