Bump the simplewebauthn group across 1 directory with 3 updates

[dependabot]

Bumps the simplewebauthn group with 3 updates in the /src directory: @simplewebauthn/server, @simplewebauthn/types and @simplewebauthn/browser.

Updates @simplewebauthn/server from 10.0.1 to 13.1.0

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.1.0

Changes:

• [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
• [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

• [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
• [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
• [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
• [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired.

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/types'; // <--

After:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/server'; // <--

---

[server] attestationType no longer accepts 'indirect'

The benefits of indirect attestation are too minimal to be useful for Relying Parties. In practice it is almost never used over ignoring the concept completely with 'none' or needing to be intentional and setting 'direct'.

... (truncated)

Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.1.0

Changes:

• [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
• [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

• [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
• [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
• [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
• [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
</tr></table> 

... (truncated)

Commits

• cfd2400 Publish v13.1.0
• b30c6dd Refactor old use of cross-fetch
• 413e6e4 Remove cross-fetch dependency
• 5dc6bfc Remove unused import in NPM build scripts
• 6b27e92 Publish v13.0.0
• 1876a0e Revert alpha versioning for PR
• 321c3af Test out changes as alpha1
• 5030c67 Remove types from READMEs
• 652472e Ignore internals from docs output
• acdd00b Tweak server service exports
• Additional commits viewable in compare view

Updates @simplewebauthn/types from 10.0.0 to 12.0.0

Release notes

Sourced from @​simplewebauthn/types's releases.

v12.0.0 - The one that claims a JSR scope

All SimpleWebAuthn packages are now available for installation from the JavaScript Registry (JSR)! JSR is an "open-source package registry for modern JavaScript and TypeScript" - you can read more about this new package registry and its ESM-centric capabilities here.

All packages in v12.0.0 are functionally identical to v11.0.0! And JSR package hosting is in addition to existing package hosting on NPM. Nothing changes about package installation via npm install. Read on for more information.

Packages

• @​simplewebauthn/browser@​12.0.0
• @​simplewebauthn/server@​12.0.0
• @​simplewebauthn/types@​12.0.0

Changes

• [browser] [server] [types] All packages can now be installed from JSR wherever JSR imports are supported (#634)
• [browser] Deno projects using frameworks like Fresh can now import and use @​simplewebauthn/browser (#634)

To install from JSR, use npx jsr add @simplewebauthn/... or deno add jsr:@simplewebauthn/... depending on which package manager is available.

Projects using npm for package management:

npx jsr add @simplewebauthn/browser

npx jsr add @simplewebauthn/server

npx jsr add @simplewebauthn/types

Projects using deno for package management:

deno add jsr:@simplewebauthn/browser

deno add jsr:@simplewebauthn/server

deno add jsr:@simplewebauthn/types

Projects using HTTPS modules via deno.land/x:

v12.0.0 officially deprecates importing SimpleWebAuthn from deno.land/x. See Breaking Changes below for refactor guidance.

... (truncated)

Changelog

Sourced from @​simplewebauthn/types's changelog.

v12.0.0 - The one that claims a JSR scope

All SimpleWebAuthn packages are now available for installation from the JavaScript Registry (JSR)! JSR is an "open-source package registry for modern JavaScript and TypeScript" - you can read more about this new package registry and its ESM-centric capabilities here.

All packages in v12.0.0 are functionally identical to v11.0.0! And JSR package hosting is in addition to existing package hosting on NPM. Nothing changes about package installation via npm install. Read on for more information.

Packages

• @​simplewebauthn/browser@​12.0.0
• @​simplewebauthn/server@​12.0.0
• @​simplewebauthn/types@​12.0.0

Changes

• [browser] [server] [types] All packages can now be installed from JSR wherever JSR imports are supported (#634)
• [browser] Deno projects using frameworks like Fresh can now import and use @​simplewebauthn/browser (#634)

To install from JSR, use npx jsr add @simplewebauthn/... or deno add jsr:@simplewebauthn/... depending on which package manager is available.

Projects using npm for package management:

npx jsr add @simplewebauthn/browser

npx jsr add @simplewebauthn/server

npx jsr add @simplewebauthn/types

Projects using deno for package management:

deno add jsr:@simplewebauthn/browser

deno add jsr:@simplewebauthn/server

... (truncated)

Commits

• 5b3422b Publish v12.0.0
• d91d3c1 Get more specific with README registry URLs
• d39b6f7 Remove leading $ for cleaner copy-pastes
• 6868b63 Simplify installation guidance
• 02eac3b Deprecate deno.land/x hosting support
• bd5bc51 Update installation instructions
• f778661 Run deno fmt on packages
• cdc6e1e Update version to -alpha3
• f6bd98a Update deployment handbook for new process
• 0d39088 Use Deno's native JSON importing
• Additional commits viewable in compare view

Updates @simplewebauthn/browser from 10.0.0 to 13.1.0

Release notes

Sourced from @​simplewebauthn/browser's releases.

v13.1.0

Changes:

• [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
• [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

• [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
• [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
• [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
• [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired.

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/types'; // <--

After:

import type {
  AuthenticationResponseJSON,
  RegistrationResponseJSON,
  WebAuthnCredential,
} from '@simplewebauthn/server'; // <--

---

[server] attestationType no longer accepts 'indirect'

The benefits of indirect attestation are too minimal to be useful for Relying Parties. In practice it is almost never used over ignoring the concept completely with 'none' or needing to be intentional and setting 'direct'.

... (truncated)

Changelog

Sourced from @​simplewebauthn/browser's changelog.

v13.1.0

Changes:

• [server] The cross-fetch dependency has been removed from the project to silence in the console DeprecationWarning's about a "punycode" module (#661)
• [browser] startRegistration() and startAuthentication() will now warn about calls made using the pre-v11 call structure to encourage refactoring to use the current call structure, but still try to handle such calls the best they can (#664)

v13.0.0 - The one where they share a type

Hot on the heels of the last major release, v13 introduces support for registration hints! Refined types and improved attestation trust anchor verification are also included. Last but not least, we say goodbye to one of the project's packages for better docs and fewer dependencies to install. Read on for more information, including refactor advice for dealing with the retirement of @​simplewebauthn/types.

Changes:

• [server] A new preferredAuthenticatorType argument can be set when calling generateRegistrationOptions() to generate options that encourage the browser to direct the user to register one of three types of authenticators: 'securityKey', 'localDevice', or 'remoteDevice' (a.k.a. opinionated WebAuthn hints support) (#653)
• [browser] startRegistration() will recognize hints if specified in optionsJSON (#652)
• [server] Attestation verification now recognizes intermediate certificates as trust anchors (#650)
• [browser] [server] The types previously maintained in the types package are now included within the browser and server packages. See Breaking Changes below for more info (#655)

Breaking Changes

@​typescript/types is being retired

Its types will now be included directly in @​simplewebauthn/browser and @​simplewebauthn/server.

To refactor existing imports from /types, simply import them from /browser or /server instead:

Before:

import type {
</tr></table> 

... (truncated)

Commits

• cfd2400 Publish v13.1.0
• 62025dc Test ability to continue from bad call pattern
• 4cbeceb Detect improper call pattern and warn
• 5dc6bfc Remove unused import in NPM build scripts
• 6b27e92 Publish v13.0.0
• 1876a0e Revert alpha versioning for PR
• 321c3af Test out changes as alpha1
• 5030c67 Remove types from READMEs
• 652472e Ignore internals from docs output
• 4217841 Simplify browser and server exports
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions