Skip to content

Bump xml-crypto and soap#25

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-4ed7c07b50
Closed

Bump xml-crypto and soap#25
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-4ed7c07b50

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 14, 2025
edited
Loading

Bumps xml-crypto to 6.0.1 and updates ancestor dependency soap. These dependencies need to be updated together.

Updates xml-crypto from 1.5.6 to 6.0.1

Release notes

Sourced from xml-crypto's releases.

v6.0.1

  • Merge commit from fork (8ac6118)

This addresses two critical CVE:

v6.0.0

  • Bump github/codeql-action from 2 to 3 (#434) (627d83f)
  • Set getCertFromKeyInfo to noop (#445) (2120172)
  • Chore: Update README.md (#432) (f8cbbb7)

v5.1.1

  • fix: template literal (#443) (1ceedc8)

v5.1.0

  • Bump @​typescript-eslint/parser from 6.13.0 to 6.18.1 (#442) (ecbedd9)
  • Bump @​typescript-eslint/eslint-plugin from 6.13.0 to 6.18.1 (#441) (9eb9002)
  • Bump follow-redirects from 1.15.3 to 1.15.4 (#440) (6f363ab)
  • Bump eslint from 8.54.0 to 8.56.0 (#436) (bf163dd)
  • Bump @​types/node from 16.18.65 to 16.18.69 (#435) (4f98697)
  • Bump release-it from 16.2.1 to 16.3.0 (#428) (4d3711a)
  • Enhance derToPem to support XML pretty-print (#439) (6e95c60)

v5.0.0

  • Bump @​typescript-eslint/eslint-plugin from 5.62.0 to 6.13.0 (#422) (66d887b)
  • Bump @​prettier/plugin-xml from 3.2.1 to 3.2.2 (#423) (7410d2e)
  • Bump @​types/mocha from 10.0.2 to 10.0.6 (#421) (36bcf0e)
  • Bump @​types/chai from 4.3.6 to 4.3.11 (#419) (ef513da)
  • Bump prettier from 3.0.3 to 3.1.0 (#418) (09176a5)
  • Bump typescript from 5.2.2 to 5.3.2 (#415) (f3da589)
  • Bump eslint from 8.51.0 to 8.54.0 (#414) (b7c90f5)
  • Bump actions/setup-node from 3 to 4 (#413) (9602607)
  • Bump @​babel/traverse from 7.22.4 to 7.23.2 (#407) (552a6d6)
  • Bump actions/checkout from 3 to 4 (#392) (7ad9a5f)
  • Bump eslint-plugin-deprecation from 1.4.1 to 2.0.0 (#390) (0f11269)
  • Bump typescript from 5.1.6 to 5.2.2 (#383) (8cf4966)
  • Bump eslint-config-prettier from 8.8.0 to 9.0.0 (#381) (9584e48)
  • Mark getKeyInfo() private as it has no public consumers (#412) (1099f59)
  • Remove the default for getKeyInfoContent forcing a consumer to choose (#411) (468d674)
  • Remove default for transformation algorithm (#410) (741240f)
  • Remove default for signature algorithm (#408) (b0541b3)
  • Remove default for digest algorithm (#406) (b6cc9c0)
  • Remove default canonicalization algorithm (#405) (5629be4)
  • Update dependencies; move to @​xmldom-scoped is-dom-node package (#402) (e044d7a)
  • Clarify use of in signature validation (#401) (6f95f2e)
  • Ensure the X509Certificate tag is properly prefixed (#377) (073d4a6)
  • Add support for directly querying a node to see if it has passed validation (#389) (2aa2d13)
  • Improve code clarity; remove unused functions (#397) (f0237e9)

... (truncated)

Changelog

Sourced from xml-crypto's changelog.

6.0.1 (2025-03-14)

v6.0.0 (2024-01-26)

💣 Major Changes

  • [breaking-change] Set getCertFromKeyInfo to noop #445

🔗 Dependencies

  • [dependencies] [github_actions] Bump github/codeql-action from 2 to 3 #434

📚 Documentation

  • [documentation] Chore: Update README.md #432

v5.1.1 (2024-01-17)

🐛 Bug Fixes

  • [bug] fix: template literal #443

v5.1.0 (2024-01-07)

🚀 Minor Changes

  • [enhancement] Enhance derToPem to support XML pretty-print #439

🔗 Dependencies

  • [dependencies] [javascript] Bump @​typescript-eslint/parser from 6.13.0 to 6.18.1 #442
  • [dependencies] [javascript] Bump @​typescript-eslint/eslint-plugin from 6.13.0 to 6.18.1 #441
  • [dependencies] [javascript] Bump follow-redirects from 1.15.3 to 1.15.4 #440
  • [dependencies] [javascript] Bump eslint from 8.54.0 to 8.56.0 #436
  • [dependencies] [javascript] Bump @​types/node from 16.18.65 to 16.18.69 #435
  • [dependencies] [javascript] Bump release-it from 16.2.1 to 16.3.0 #428

v5.0.0 (2023-11-27)

💣 Major Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by cjbarth, a new releaser for xml-crypto since your current version.


Updates soap from 0.31.0 to 1.1.9

Release notes

Sourced from soap's releases.

Version 1.1.9

  • [ENHANCEMENT] Use wsdl xmlns prefix mappings, so several wsdl files can be imported with different namespace prefixes (#1279)

Version 1.1.8

  • [ENHANCEMENT] Add option for digest algorithm, default value is sha256, update documentation (#1273)
  • [MAINTENANCE] Fix minimal Node.js version in package.json (#1268)
  • [MAINTENANCE] Update security.md (#1270)

Version 1.1.7

  • [MAINTENANCE] Update dependencies, bump axios to 1.7.9 (#1264)

Version 1.1.6

  • [ENHANCEMENT] Add custom cache option (#1261)
  • [Fix] Fix usage of ref maxoccurs and minoccurs attributes (#1260)

Version 1.1.5

  • [ENHANCEMENT] Add missing KeyInfo tag around SecurityTokenReference (#1255)
  • [ENHANCEMENT] Catch errors when overrideImportLocation fails (#1257)

Version 1.1.4

  • [ENHANCEMENT] Add feature to set signatureAlgorithm (#1254)
  • [MAINTENANCE] Update dependencies, remove unused dependencies (#1256)

Version 1.1.3

  • [ENHANCEMENT] Allow ComplexContentElement to have a restriction as a child element and parse attributes for RestrictionElement (#1252)
  • [MAINTENANCE] Bump axios to 1.7.7 and debug to 4.3.6 (#1253)

Version 1.1.2

  • [ENHANCEMENT] Update Axios to 1.7.4 (#1248)
  • [MAINTENANCE] Remove unused coveralls, replace request with Axios in tests (#1250)
  • [MAINTENANCE] Speed up tests execution (#1249)
  • [Fix] Add missing attributes (#1251)

Version 1.1.1

  • [ENHANCEMENT] ASupport binary data in MTOM (#1245)
  • [ENHANCEMENT] Pass the error object to log (#1246)
  • [Fix] Fix including xsd from another xsd while using inline xmlns (#1202)

Version 1.1.0

  • [ENHANCEMENT] Upgrade dependencies and refactor code to work with the xml-crypto 6.0.0, use built-in randomUUID instead of uuid (#1242)
  • [ENHANCEMENT] Add express request object as parameter to the log method. (#1210)
  • [ENHANCEMENT] Make error messages useful when using SOAP 1.2 (#1228)
  • [ENHANCEMENT] Update Readme.md add example for xml string parameter (#1244)

Version 1.0.4

  • [ENHANCEMENT] Speed up WSDL parsing (#1218)
  • [ENHANCEMENT] Add envelopeSoapUrl option to change the URL in xmlns:soap attribute (#1239)
  • [ENHANCEMENT] Handle missing message definitions when creating SOAP client (#1241)

Version 1.0.3

... (truncated)

Changelog

Sourced from soap's changelog.

1.1.9 / 2025-03-04

  • [ENHANCEMENT] Use wsdl xmlns prefix mappings, so several wsdl files can be imported with different namespace prefixes (#1279)

1.1.8 / 2024-12-11

  • [ENHANCEMENT] Add option for digest algorithm, default value is sha256, update documentation (#1273)
  • [MAINTENANCE] Fix minimal Node.js version in package.json (#1268)
  • [MAINTENANCE] Update security.md (#1270)

1.1.7 / 2024-12-11

  • [MAINTENANCE] Update dependencies, bump axios to 1.7.9 (#1264)

1.1.6 / 2024-11-04

  • [ENHANCEMENT] Add custom cache option (#1261)
  • [Fix] Fix usage of ref maxoccurs and minoccurs attributes (#1260)

1.1.5 / 2024-09-29

  • [ENHANCEMENT] Add missing KeyInfo tag around SecurityTokenReference (#1255)
  • [ENHANCEMENT] Catch errors when overrideImportLocation fails (#1257)

1.1.4 / 2024-09-17

  • [ENHANCEMENT] Add feature to set signatureAlgorithm (#1254)
  • [MAINTENANCE] Update dependencies, remove unused dependencies (#1256)

1.1.3 / 2024-09-03

  • [ENHANCEMENT] Allow ComplexContentElement to have a restriction as a child element and parse attributes for RestrictionElement (#1252)
  • [MAINTENANCE] Bump axios to 1.7.7 and debug to 4.3.6 (#1253)

1.1.2 / 2024-08-21

  • [MAINTENANCE] Update Axios to 1.7.4 (#1248)
  • [MAINTENANCE] Remove unused coveralls, replace request with Axios in tests (#1250)
  • [MAINTENANCE] Speed up tests execution (#1249)
  • [Fix] Add missing attributes (#1251)

1.1.1 / 2024-08-04

  • [ENHANCEMENT] Support binary data in MTOM (#1245)
  • [ENHANCEMENT] Pass the error object to log (#1246)
  • [Fix] Fix including xsd from another xsd while using inline xmlns (#1202)

1.1.0 / 2024-07-16

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vasily.martynov, a new releaser for soap since your current version.


You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump xml-crypto and soap
2ab5619 
Bumps [xml-crypto](https://github.com/node-saml/xml-crypto) to 6.0.1 and updates ancestor dependency [soap](https://github.com/vpulim/node-soap). These dependencies need to be updated together.


Updates `xml-crypto` from 1.5.6 to 6.0.1
- [Release notes](https://github.com/node-saml/xml-crypto/releases)
- [Changelog](https://github.com/node-saml/xml-crypto/blob/v6.0.1/CHANGELOG.md)
- [Commits](node-saml/xml-crypto@v1.5.6...v6.0.1)

Updates `soap` from 0.31.0 to 1.1.9
- [Release notes](https://github.com/vpulim/node-soap/releases)
- [Changelog](https://github.com/vpulim/node-soap/blob/master/History.md)
- [Commits](vpulim/node-soap@v0.31.0...v1.1.9)

---
updated-dependencies:
- dependency-name: xml-crypto
  dependency-type: indirect
- dependency-name: soap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2025
aramshiva
aramshiva requested changes Aug 27, 2025
View reviewed changes
Copy link
Member

@aramshiva aramshiva left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Breaking Changes inxml-crypto Need to verify if it breaks this package

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 18, 2025

Superseded by #26.

@dependabot dependabot bot closed this Sep 18, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-4ed7c07b50 branch September 18, 2025 06:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aramshiva aramshiva aramshiva requested changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aramshiva