Clever · mcab · Oct 15, 2022 · Oct 15, 2022 · Oct 15, 2022 · Oct 15, 2022
diff --git a/.npmignore b/.npmignore
@@ -3,3 +3,6 @@ coverage
 node_modules
 lib
 *.html
+.circleci/
+.github/
+.nvmrc
diff --git a/lib/saml2.coffee b/lib/saml2.coffee
@@ -7,7 +7,7 @@ url           = require 'url'
 util          = require 'util'
 xmlbuilder    = require 'xmlbuilder2'
 xmlcrypto     = require 'xml-crypto'
-xmldom        = require 'xmldom'
+xmldom        = require '@xmldom/xmldom'
 xmlenc        = require 'xml-encryption'
 zlib          = require 'zlib'
 SignedXml     = require('xml-crypto').SignedXml
@@ -239,10 +239,7 @@ decrypt_assertion = (dom, private_keys, cb) ->
 # This checks the signature of a saml document and returns either array containing the signed data if valid, or null
 # if the signature is invalid. Comparing the result against null is NOT sufficient for signature checks as it doesn't
 # verify the signature is signing the important content, nor is it preventing the parsing of unsigned content.
-check_saml_signature = (_xml, certificate) ->
-  # xml-crypto requires that whitespace is normalized as such:
-  # https://github.com/yaronn/xml-crypto/commit/17f75c538674c0afe29e766b058004ad23bd5136#diff-5dfe38baf287dcf756a17c2dd63483781b53bf4b669e10efdd01e74bcd8e780aL69
-  xml = _xml.replace(/\r\n?/g, '\n')
+check_saml_signature = (xml, certificate) ->
   doc = (new xmldom.DOMParser()).parseFromString(xml)
 
   # xpath failed to capture <ds:Signature> nodes of direct descendents of the root.

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "saml2-js",
-  "version": "3.1.0",
+  "version": "4.0.0",
   "description": "SAML 2.0 node helpers",
   "author": "Clever",
   "license": "Apache-2.0",
@@ -10,8 +10,8 @@
   },
   "scripts": {
     "build": "coffee --bare -c -o lib-js lib",
-    "test": "NODE_ENV=test mocha --require coffee-script/register test/*.coffee",
-    "test-cov": "NODE_ENV=test nyc --extension .coffee -r html -r text mocha --require coffee-script/register test/*.coffee",
+    "test": "NODE_ENV=test mocha --require coffeescript/register test/*.coffee",
+    "test-cov": "NODE_ENV=test nyc --extension .coffee -r html -r text mocha --require coffeescript/register test/*.coffee",
     "prepare": "npm run build"
   },
   "repository": {
@@ -26,18 +26,18 @@
     "url": "https://github.com/Clever/saml2/issues"
   },
   "devDependencies": {
-    "coffee-script": "^1.12.0",
-    "mocha": "^8.2.0",
+    "coffeescript": "^1.12.7",
+    "mocha": "^8.4.0",
     "nyc": "^15.0.0"
   },
   "dependencies": {
+    "@xmldom/xmldom": "^0.8.3",
     "async": "^3.2.0",
     "debug": "^4.3.0",
     "underscore": "^1.8.0",
-    "xml-crypto": "^2.0.0",
-    "xml-encryption": "^1.2.1",
+    "xml-crypto": "^3.0.0",
+    "xml-encryption": "^2.0.0",
     "xml2js": "^0.4.0",
-    "xmlbuilder2": "^2.4.0",
-    "xmldom": "^0.4.0"
+    "xmlbuilder2": "^2.4.0"
   }
 }
diff --git a/test/saml2.coffee b/test/saml2.coffee
@@ -7,7 +7,7 @@ fs            = require 'fs'
 saml2         = require "#{__dirname}/../lib/saml2"
 url           = require 'url'
 util          = require 'util'
-xmldom        = require 'xmldom'
+xmldom        = require '@xmldom/xmldom'
 xmlcrypto     = require 'xml-crypto'
 
 describe 'saml2', ->