Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v3: Bump xml2js from 0.4.23 to 0.5.0 #857

Merged
merged 1 commit into from Apr 21, 2023
Merged

v3: Bump xml2js from 0.4.23 to 0.5.0 #857

merged 1 commit into from Apr 21, 2023

Conversation

seromenho
Copy link

Description

This node-saml/node-saml#268 for v3

Checklist:

  • Issue Addressed: [ ]
  • Link to SAML spec: [ ]
  • Tests included? [ ]
  • Documentation updated? [ ]

@seromenho seromenho changed the title Bump xml2js from 0.4.23 to 0.5.0 v3: Bump xml2js from 0.4.23 to 0.5.0 Apr 19, 2023
@seromenho
Copy link
Author

@cjbarth Hi, can we still add security fixes to previous versions? If so this is the xml2js fix for v3. What do you think?
Thanks

@cjbarth
Copy link
Collaborator

cjbarth commented Apr 21, 2023

I'll land it, but that package is marked as Deprecated, so I'm not inclined to make a release. At some point everyone is going to have to update to get continuing security fixes.

@cjbarth cjbarth added dependencies Pull requests that update a dependency file security labels Apr 21, 2023
@cjbarth cjbarth merged commit f8df14e into node-saml:3.x Apr 21, 2023
1 check passed
@seromenho
Copy link
Author

@cjbarth It makes sense. I've seen you have merged.
Why you are not inclined to make a release? Is it because the package is already marked as deprecated? Let me know if I can help somehow create the release.

@cjbarth
Copy link
Collaborator

cjbarth commented Apr 21, 2023

Yes, that is correct. At what point should we stop supporting a deprecated package? You can always point your package.json to a GitHub branch (or commit) if you need more time to migrate.

npm install "https://github.com/node-saml/passport-saml.git#3.x" --save

@srd90 srd90 mentioned this pull request Nov 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@seromenho @cjbarth