Skip to content

Bump @simplewebauthn/browser from 9.0.1 to 13.2.2#44

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/simplewebauthn/browser-13.2.2
Closed

Bump @simplewebauthn/browser from 9.0.1 to 13.2.2#44
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/simplewebauthn/browser-13.2.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 6, 2025
edited
Loading

Bumps @simplewebauthn/browser from 9.0.1 to 13.2.2.

Release notes

Sourced from @​simplewebauthn/browser's releases.

v13.2.2

Changes

v13.2.1

Changes:

  • [server] generateRegistrationOptions() will now correctly encoded the userID argument to base64url when it is an instance of Node's Buffer (#724)

v13.2.0

  • [server] The return value from verifyRegistrationResponse() has been defined more strictly to communicate that registrationInfo will only ever be present if verified is true (#715)
  • [server] verifyRegistrationResponse() can now verify attestations containing SHA256 hashes by using EC public keys with the P-384 curve (#721)
  • [server] The Android SafetyNet "CTS profile match" system integrity check can now be disabled by setting attestationSafetyNetEnforceCTSCheck: false when calling verifyRegistrationResponse(). This check remains enforced by default (#722)
  • [browser] [server] These libraries now have better support in Deno 2.2+ projects which use generic typing for Uint8Array via TypeScript 5.7. SimpleWebAuthn values of type Uint8Array_ are equivalent to Uint8Array in Deno 2.1 and earlier, and Uint8Array<ArrayBuffer> in Deno 2.2 and later. (#717)

v13.1.2

Changes

  • [browser] [server] Exported the ResidentKeyRequirement type to help with type inference (#704)

v13.1.1

Changes:

  • [server] "android-key" attestation statement verification has been modernized (#675)
  • [server] More TPM manufacturers are recognized while verifying "tpm" attestation statements (#673)

v13.1.0

Changes:

  • [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
  • [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

  • [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
  • [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
  • [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
  • [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired.

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

... (truncated)

Changelog

Sourced from @​simplewebauthn/browser's changelog.

v13.2.2

Changes

v13.2.1

Changes:

  • [server] generateRegistrationOptions() will now correctly encoded the userID argument to base64url when it is an instance of Node's Buffer (#724)

v13.2.0

Changes

  • [server] The return value from verifyRegistrationResponse() has been defined more strictly to communicate that registrationInfo will only ever be present if verified is true (#715)
  • [server] verifyRegistrationResponse() can now verify attestations containing SHA256 hashes by using EC public keys with the P-384 curve (#721)
  • [server] The Android SafetyNet "CTS profile match" system integrity check can now be disabled by setting attestationSafetyNetEnforceCTSCheck: false when calling verifyRegistrationResponse(). This check remains enforced by default (#722)
  • [browser] [server] These libraries now have better support in Deno 2.2+ projects which use generic typing for Uint8Array via TypeScript 5.7. SimpleWebAuthn values of type Uint8Array_ are equivalent to Uint8Array in Deno 2.1 and earlier, and Uint8Array<ArrayBuffer> in Deno 2.2 and later. (#717)

v13.1.2

Changes

  • [browser] [server] Exported the ResidentKeyRequirement type to help with type inference (#704)

v13.1.1

... (truncated)

Commits
  • a7b1c79 Update version to 13.2.2
  • 84c61db Publish v13.2.0
  • f5f3de7 Refactor Uint8Array to Uint8Array_
  • e552884 Codegen another use of Uint8Array_
  • e2a3a85 Define Uint8Array_ for Deno backwards compat
  • 467f8f1 Publish v13.1.2
  • fdbb880 Codegen updated types
  • cfd2400 Publish v13.1.0
  • 62025dc Test ability to continue from bad call pattern
  • 4cbeceb Detect improper call pattern and warn
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​simplewebauthn/browser since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump @simplewebauthn/browser from 9.0.1 to 13.2.2
493d512 
Bumps [@simplewebauthn/browser](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/browser) from 9.0.1 to 13.2.2.
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.2.2/packages/browser)

---
updated-dependencies:
- dependency-name: "@simplewebauthn/browser"
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 6, 2025
@dependabot dependabot bot mentioned this pull request Oct 6, 2025
Closed
@initstring
Copy link
Owner

initstring commented Dec 4, 2025

NextAuth 5 doesn't yet support these new libraries. Need to hold off until beta progresses further.

@initstring initstring closed this Dec 4, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 4, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/simplewebauthn/browser-13.2.2 branch December 4, 2025 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@initstring