- Fix spelling and normalize naming #278
- Export types required for SamlOptions #224
- Have the default callback URL protocol be https #214
- Add public key support #225
- feat: support additionalParams on HTTP-POST binding #263
- Improve audience mismatch error message #257
- [javascript] Bump prettier from 2.8.8 to 3.0.0 #300
- [javascript] Bump prettier-plugin-packagejson from 2.4.3 to 2.4.5 #307
- [javascript] Bump eslint from 8.42.0 to 8.45.0 #306
- [javascript] Bump release-it from 15.11.0 to 16.1.3 #305
- [javascript] Bump @cjbarth/github-release-notes from 4.0.0 to 4.1.0 #304
- [javascript] Bump @types/node from 14.18.50 to 14.18.53 #303
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.59.9 to 5.62.0 #302
- [javascript] Bump @xmldom/xmldom from 0.8.8 to 0.8.10 #301
- [javascript] Bump @typescript-eslint/parser from 5.59.9 to 5.62.0 #299
- [javascript] Bump word-wrap from 1.2.3 to 1.2.4 #298
- [javascript] Bump sinon from 14.0.2 to 15.2.0 #294
- [javascript] Bump typescript from 4.8.4 to 5.1.6 #293
- [javascript] Bump @typescript-eslint/parser from 5.59.9 to 5.60.1 #292
- [javascript] Bump concurrently from 7.6.0 to 8.2.0 #290
- Remove dependency on Passport types #296
- Remove
expressdependency #284 - Update minor dependencies #283
- [github_actions] Bump codecov/codecov-action from 3.1.1 to 3.1.4 #279
- [javascript] Bump @typescript-eslint/parser from 5.58.0 to 5.59.8 #281
- [javascript] Bump prettier from 2.8.7 to 2.8.8 #274
- [javascript] Bump json5 from 2.2.1 to 2.2.3 #244
- [javascript] Bump vm2 from 3.9.16 to 3.9.19 #277
- Update minor dependencies #269
- Roll-up changelog entries for beta releases #282
- Add tests for XML parsing with comments #285
- Separate linting out from testing #288
- Add test coverage #287
- Prefer Chai
expectto Nodeassert#286 - Remove types specific to Passport #226
- Acknowledge that XML can be parsed to
any#271
- feat: add public getAuthorizeMessage method #235
- [security] [javascript] Bump xml2js from 0.4.23 to 0.5.0 #268
- [javascript] Bump xml-encryption from 3.0.1 to 3.0.2 #236
- [javascript] Bump eslint from 8.26.0 to 8.29.0 #234
- [javascript] Bump eslint-plugin-deprecation from 1.3.2 to 1.3.3 #232
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.43.0 to 5.45.0 #231
- [javascript] Bump concurrently from 7.5.0 to 7.6.0 #230
- [javascript] Bump prettier from 2.7.1 to 2.8.0 #229
- fix: correct handling of XML entities in signature attributes #221
- Expose ValidateInResponseTo as it is required in options #220
- Remove pre-release comments from README #223
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.43.0 #216
- [javascript] Bump @typescript-eslint/parser from 5.41.0 to 5.43.0 #217
- Lock to TypeScript <4.9.0 due to a regression in 4.9.3 #219
- [javascript] Bump @types/node from 14.18.32 to 14.18.33 #201
- [javascript] Bump xml-crypto from 3.0.0 to 3.0.1 #205
- Update @xmldom/xmldom #213
- Fixes #208, updated readme by updating package names. #210
- Remove check now covered by dependency #215
- Require all assertions be signed; new option wantAssertionsSigned can be set to false to enabled the older, less secure behavior. #177
- Document signatures are now required by default. Setting wantAuthenResponseSigned=false disables this feature and restores the prior, less secure behavior #83
- Make
issuerrequired; remove OneLogin default #61 - Make Audience a required setting #25
- Allow to validate InResponseTo only if provided, to support IDP-initiated login #40
- Update packages; bump minimum node to 14 #45
- Add support for a failed logout response #10
- Set AuthnRequestsSigned in SP metadata if configured for signing. #20
- feat: expose getLogoutResponseUrlAsync publicly #194
- fix generate unique metadata ID #158
- Include AuthnRequestsSigned attribute in all metadata #143
- Add support for metadata ContactPerson and Organization #140
- Support multiple Assertion SubjectConfirmation #43
- Extend available options for NameIDPolicy attributes #67
- Migrate from "should" to "chai" #41
- Set a unique ID value in generated metadata #30
- Add option to sign generated metadata #24
- Feature: add facility in config to add
<Extensions>element in SAML request #11 - Add ability to publish multiple signing certs in metadata #23
- CacheProvider interface #29
- Support importing to
passport-samlproject #9 - Add assertion attributes to child object on profile (passport-saml#543) #5
- Update dependencies, including locked ones #198
- Update Dependencies #197
- Bump @xmldom/xmldom from 0.7.5 to 0.7.6 #196
- [javascript] Bump @xmldom/xmldom from 0.8.2 to 0.8.3 #188
- [javascript] Bump node-fetch and release-it #187
- [javascript] Bump parse-url and release-it #176
- [javascript] Bump @typescript-eslint/parser from 5.36.2 to 5.40.0 #186
- [javascript] Bump prettier-plugin-packagejson from 2.2.18 to 2.3.0 #185
- [javascript] Bump @types/passport from 1.0.9 to 1.0.11 #182
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.36.2 to 5.38.1 #183
- [javascript] Bump typescript from 4.8.3 to 4.8.4 #181
- [github_actions] Bump codecov/codecov-action from 3.1.0 to 3.1.1 #180
- [javascript] Bump vm2 from 3.9.10 to 3.9.11 #179
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.36.2 #171
- [javascript] Bump @types/chai from 4.3.1 to 4.3.3 #172
- [javascript] Bump @typescript-eslint/parser from 5.30.7 to 5.36.2 #170
- [javascript] Bump eslint from 8.19.0 to 8.23.0 #163
- [javascript] Bump typescript from 4.7.4 to 4.8.3 #169
- [javascript] Bump concurrently from 7.2.2 to 7.3.0 #136
- [javascript] Bump @types/sinon from 10.0.12 to 10.0.13 #134
- deps: move express to devDependencies because it is only used in a test. #161
- Update changelog #162
- [javascript] Bump @typescript-eslint/parser from 5.30.5 to 5.30.7 #125
- [javascript] Bump @types/node from 14.18.16 to 14.18.22 #124
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7 #123
- [javascript] Bump release-it from 15.1.1 to 15.1.2 #122
- [javascript] Bump ts-node from 10.8.2 to 10.9.1 #126
- [javascript] Bump release-it from 15.0.0 to 15.1.1 #117
- [javascript] Bump xml-crypto from 2.1.3 to 2.1.4 #118
- [javascript] Bump ts-node from 10.7.0 to 10.8.2 #119
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.5 to 5.30.6 #120
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.30.3 to 5.30.5 #114
- [javascript] Bump parse-url from 6.0.0 to 6.0.2 #115
- [javascript] Bump @typescript-eslint/parser from 5.22.0 to 5.30.5 #113
- [javascript] Bump @types/passport from 1.0.7 to 1.0.9 #112
- [javascript] Bump eslint from 8.14.0 to 8.19.0 #111
- [javascript] Bump eslint-plugin-prettier from 4.0.0 to 4.2.1 #104
- [javascript] Bump prettier from 2.6.2 to 2.7.1 #107
- [javascript] Bump @types/sinon from 10.0.11 to 10.0.12 #106
- [javascript] Bump typescript from 4.6.4 to 4.7.4 #105
- [javascript] Bump sinon from 13.0.2 to 14.0.0 #102
- [javascript] Bump concurrently from 7.1.0 to 7.2.2 #100
- [javascript] Bump prettier-plugin-packagejson from 2.2.17 to 2.2.18 #103
- [javascript] Bump @typescript-eslint/eslint-plugin from 5.22.0 to 5.30.3 #99
- [github_actions] Bump actions/checkout from 2 to 3 #97
- Update CodeQL to v2 #95
- Bump npm from 8.6.0 to 8.11.0 #88
- Update dependencies #81
- Update dependencies #75
- Move dependency types next to dependencies #73
- Remove unused
qstypes #72 - Remove unused request dependency #71
- Support Node 18 #68
- [security] Upgrade xml-encryption to 2.0.0 (fixes audit issue) #44
- Update xmldom #17
- [security] Throw if multiple XML roots detected #195
- Make Issuer Required in the Types Too (like it is at runtime) #90
- Bypass for InResponseTo #87
- Fix broken request tests #86
- [security] Address polynomial regular expression used on uncontrolled data #79
- Fix issues with cache provider potentially returning expired keys #59
- Correctly reset Sinon fake timers #60
- Correct carriage-return entity handling #38
- #13 GCM EncryptionMethod #15
- [security] Limit transforms for signed nodes #6
- Remove duplicate calls to the cache provider #4
- Update documentation to remove ADFS references; rename passport-saml #190
- Changelog #173
- Remove insecure clockSkew recommendation #151
- Update badges for scoped package #93
- Add codecov and DeepScan badges #76
- Correct several typos in documentation #39
- Update README.md #1
- Update types #199
- Update changelog build tools #189
- Clean up signature tests #178
- Remove some usage of
anytype #175 - Add prerelease script #174
- Reduce frequency of dependabot updates #152
- Consolidate all SAML class code to single file #147
- Improve tests #141
- Refactor process routines out of saml.ts #130
- Refactor generate functions to a separate file #129
- Coerce booleans when constructing options object #85
- Refactor code for better functional grouping #128
- Have dependabot update package.json too #109
- Add dependabot config file #96
- Simplify configs for compilation and release #92
- Move to NPM organization #91
- Factor out metadata routines #78
- Clear up ambiguous branch #80
- Tighten
anytype #77 - Add code coverage #74
- Clean up exception messages and related tests #69
- Saml options typing #66
- Stop using import assignments #65
- Remove unused vars #64
- Stop using import assignments #63
- Remove useless not null assertions #54
- Enable
assertRequiredto type narrow #62 - fix a linting warning by adding a return type #56
- remove warnings related to loggedOut in tests #55
- remove useless any type declaration #53
- removes an unused variable in a test #52
- remove useless not null assertions on errors #50
- transform a test that does not use some of its variables #51
- remove a not null assertion by checking certificate's validity #49
- add an assertion to remove a linting warning #47
- remove useless not null assertions #48
- fix a linting warning by adding a return type #46
- [Split saml.ts #1] Move getAdditionalParams out of saml.ts #32
- Move non SAML code out of saml.ts #18
- Fix workflow for Node 16.x #7
- Remove passport-saml code and tests #3
No changelog for this release.