chore(deps): update dependency @simplewebauthn/browser to v13 #6871
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^10.0.0
->^13.0.0
Release Notes
MasterKale/SimpleWebAuthn (@simplewebauthn/browser)
v13.0.0
Compare Source
Hot on the heels of the last major release, v13 introduces support for registration hints! Refined
types and improved attestation trust anchor verification are also included. Last but not least, we
say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read
on for more information, including refactor advice for dealing with the retirement of
@simplewebauthn/types.
Changes:
preferredAuthenticatorType
argument can be set when callinggenerateRegistrationOptions()
to generate options that encourage the browser to direct the userto register one of three types of authenticators:
'securityKey'
,'localDevice'
, or'remoteDevice'
(a.k.a. opinionatedWebAuthn hints
support) (#653)
startRegistration()
will recognizehints
if specified inoptionsJSON
(#652)
(#650)
within the browser and server packages. See Breaking Changes below for more info
(#655)
Breaking Changes
@typescript/types is being retired. Its types will now be included directly in
@simplewebauthn/browser and @simplewebauthn/server.
To refactor existing imports from /types, simply import them from /browser or /server
instead:
Before:
After:
v12.0.0
Compare Source
All SimpleWebAuthn packages are now available for installation from the
JavaScript Registry (JSR)! JSR is an "open-source package registry
for modern JavaScript and TypeScript" - you can read more about this new package registry and its
ESM-centric capabilities here.
All packages in v12.0.0 are functionally identical to v11.0.0! And JSR package hosting is in
addition to existing package hosting on NPM. Nothing changes about package installation via
npm install
. Read on for more information.Packages
Changes
imports are supported (#634)
@simplewebauthn/browser (#634)
To install from JSR, use
npx jsr add @​simplewebauthn/...
ordeno add jsr:@​simplewebauthn/...
depending on which package manager is available.
Projects using
npm
for package management:Projects using
deno
for package management:Projects using HTTPS modules via deno.land/x:
v12.0.0 officially deprecates importing SimpleWebAuthn from deno.land/x. See Breaking Changes
below for refactor guidance.
Breaking Changes
Importing SimpleWebAuthn packages from
"https://deno.land/x/simplewebauthn/..."
URLs is no longersupported. Please use Deno's native support for JSR imports instead, available in projects running
Deno v1.42 and higher.
Before:
After:
Alternatively, use
deno add
to install these packages fromJSR:
v11.0.0
Compare Source
Say hello to support for automatic passkey registration, support for valid conditional UI
<input>
elements stashed away in web components, and to the new
WebAuthnCredential
type that modernizessome logic within.
There are some breaking changes in this release! Please see Breaking Changes below for refactor
guidance.
Packages
Changes
useAutoRegister
argument has been added tostartRegistration()
tosupport attempts to automatically register passkeys for users who just completed non-passkey auth.
verifyRegistrationResponse()
has gained a newrequireUserPresence
option that can be set tofalse
when verifying responses fromstartRegistration({ useAutoRegister: true, ... })
(#623)
verifyBrowserAutofillInput
argument has been added tostartAuthentication()
to disable throwing an error when a correctly configured<input>
elementcannot be found (but perhaps a valid one is present in a web component shadow's DOM)
(#621)
AuthenticatorDevice
type has been renamed toWebAuthnCredential
andhas had its properties renamed. The return value out of
verifyRegistrationResponse()
andcorresponding inputs into
verifyAuthenticationResponse()
have been updated accordingly. SeeBreaking Changes below for refactor guidance
(#625)
verifyRegistrationResponse()
now verifies that the authenticator data AAGUIDmatches the leaf cert's
id-fido-gen-ce-aaguid
extension AAGUID when it is present(#609)
IBM (#610)
uvm
anddpk
have been removed(#611)
Breaking Changes
[browser] Positional arguments in
startRegistration()
andstartAuthentication()
have been replaced by a single objectProperty names in the object match the names of the previously-positional arguments. To update
existing implementations, wrap existing options in an object with corresponding properties:
Before:
After:
[server] [types] The
AuthenticatorDevice
type has been renamed toWebAuthnCredential
AuthenticatorDevice.credentialID
andAuthenticatorDevice.credentialPublicKey
have been shortenedto
WebAuthnCredential.id
andWebAuthnCredential.publicKey
respectively.verifyRegistrationResponse()
has been updated accordingly to return a newcredential
value oftype
WebAuthnCredential
. Update code that storescredentialID
,credentialPublicKey
, andcounter
out ofverifyRegistrationResponse()
to storecredential.id
,credential.publicKey
,and
credential.counter
instead:Before:
After:
Update calls to
verifyAuthenticationResponse()
to match the newcredential
argument thatreplaces the
authenticator
argument:Before:
After:
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.