From 76dea8eec8f3534674ac0fc89e0b47c41d262055 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 01:06:50 +0000 Subject: [PATCH 1/2] Build(deps): Bump xml-encryption from 3.1.0 to 4.0.0 Bumps [xml-encryption](https://github.com/auth0/node-xml-encryption) from 3.1.0 to 4.0.0. - [Release notes](https://github.com/auth0/node-xml-encryption/releases) - [Changelog](https://github.com/auth0/node-xml-encryption/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-xml-encryption/compare/v3.1.0...v4.0.0) --- updated-dependencies: - dependency-name: xml-encryption dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 31 ++++++++++++++++++++++++++++++- packages/saml-mock/package.json | 2 +- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 56b633e..542a609 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18602,12 +18602,41 @@ "lodash": "^4.18.1", "moment": "^2.30.1", "xml-crypto": "^6.1.2", - "xml-encryption": "^3.1.0" + "xml-encryption": "^4.0.0" }, "devDependencies": { "@node-saml/passport-saml": "^5.1.0" } }, + "packages/saml-mock/node_modules/xml-encryption": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-4.0.0.tgz", + "integrity": "sha512-UvSSRKoDfmyH/ECiKPbhHXMKhcXKOYLva7ifmzitN4BNXLAfdgez+nQANJ3jllmY42D5bdeVvIK0Y7hzcAAlyQ==", + "license": "MIT", + "dependencies": { + "@xmldom/xmldom": "^0.8.5", + "escape-html": "^1.0.3", + "xpath": "0.0.32" + } + }, + "packages/saml-mock/node_modules/xml-encryption/node_modules/@xmldom/xmldom": { + "version": "0.8.12", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.12.tgz", + "integrity": "sha512-9k/gHF6n/pAi/9tqr3m3aqkuiNosYTurLLUtc7xQ9sxB/wm7WPygCv8GYa6mS0fLJEHhqMC1ATYhz++U/lRHqg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "packages/saml-mock/node_modules/xpath": { + "version": "0.0.32", + "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", + "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", + "license": "MIT", + "engines": { + "node": ">=0.6.0" + } + }, "packages/testing": { "name": "@digabi/testing", "version": "0.0.6", diff --git a/packages/saml-mock/package.json b/packages/saml-mock/package.json index b0664d1..94d9a7a 100644 --- a/packages/saml-mock/package.json +++ b/packages/saml-mock/package.json @@ -27,7 +27,7 @@ "lodash": "^4.18.1", "moment": "^2.30.1", "xml-crypto": "^6.1.2", - "xml-encryption": "^3.1.0" + "xml-encryption": "^4.0.0" }, "devDependencies": { "@node-saml/passport-saml": "^5.1.0" From 5dc1217984c32aed90bbaf1ea1761aae280e575d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petri=20=C3=84mm=C3=A4l=C3=A4?= Date: Fri, 10 Apr 2026 14:49:31 +0300 Subject: [PATCH 2/2] Change encryption algorithm to something more secure This is a mock implementation. Encryption is not known to be used anywhere. --- packages/saml-mock/src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/saml-mock/src/index.ts b/packages/saml-mock/src/index.ts index a56e50e..6cacaa3 100644 --- a/packages/saml-mock/src/index.ts +++ b/packages/saml-mock/src/index.ts @@ -189,7 +189,7 @@ function encryptXml(xml: string, localName: string, encryptedLocalName: string): { rsa_pub: publicKey, pem: certificate, - encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc', + encryptionAlgorithm: 'http://www.w3.org/2009/xmlenc11#aes256-gcm', keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' }, (err, encryptedData) => {