3.0.0 Breaking changes not specified either in Changelog or release notes

[christian-hawk]

On release notes:

This release has some breaking changes and some significant refactors. Please read the CHANGELOG.md carefully to note what few things may need to change in your code before taking this version.

On CHANGELOG.md:

There is currently no information about v3.0.0 or about any Breaking Change in CHANGELOG.

[cjbarth]

I'd say this is a bug. I just want over to see what could be the problem and found it is a bug in our changelog generating tool: github-tools/github-release-notes#116.

[christian-hawk]

I'd say this is a bug. I just want over to see what could be the problem and found it is a bug in our changelog generating tool: github-tools/github-release-notes#116.

I see @cjbarth It looks like an old one.
Meanwhile is it possible to get a small explanation of what are the breaking changes from 2.x to 3.x?

Lemme know if I can help somehow.

Thanks

[serhalp]

It seems that the 3.0.0 release notes are just incorrectly called "2.2.0". So the release notes are the ones in your screenshot.

[christian-hawk]

Thanks @serhalp . It seems or are you sure about it?

So as breaking change we have

1. Not supporting anymore deprecated privateCert. Ok so if we use privateCert, code will break. Pretty clear.
2. Node-saml separation. About this, is not clear. When would code break? I never found myself using node-saml explicitly when coding.

Thanks

[cjbarth]

I've created a PR to fix the changelog: #605

[cjbarth]

@christian-hawk The node-saml separation work shouldn't have caused any breaking changes, but it was a major refactor and a lot of code moved, so there is a strong potential for breakage if you depended on anything but the strict passport-saml API.

[christian-hawk]

@christian-hawk The node-saml separation work shouldn't have caused any breaking changes, but it was a major refactor and a lot of code moved, so there is a strong potential for breakage if you depended on anything but the strict passport-saml API.

@cjbarth thanks for that. Maybe is not a breaking change, then? Anyway would be nice to have the information you just provided in CHANGELOG.md

[christian-hawk]

@cjbarth maybe also add to breaking change changelog information that cert is required:

 1) Test SP Meta Helper
   generate meta test
     should generate metafile for provider in idp-metadata folder:
 TypeError: cert is required
  at Object.assertRequired (node_modules/passport-saml/lib/node-saml/utility.js:7:15)
  at SAML.initialize (node_modules/passport-saml/lib/node-saml/saml.js:110:29)
  at new SAML (node_modules/passport-saml/lib/node-saml/saml.js:79:29)
  at new AbstractStrategy (node_modules/passport-saml/lib/passport-saml/strategy.js:26:26)
  at new Strategy (node_modules/passport-saml/lib/passport-saml/strategy.js:154:1)
  at Context.<anonymous> (test/sp-meta.test.js:38:37)
  at processImmediate (internal/timers.js:461:21)

[cjbarth]

@christian-hawk Please look at the PR referenced above for the corrected changelog.

[christian-hawk]

thanks @cjbarth

[evercast-mahesh2021]

Hi @christian-hawk. After upgrading the dockerfile from node 14-alpine to 23.11.0-alpine, one of the service fails with TypeError: cert is required while uses passport-saml "passport-saml": "^3.2.2". Any quick solution for this? We don't want to update the dependencies but okay to provide the self-signed cert. Thanks in advance.

/opt/app/node_modules/passport-saml/lib/node-saml/utility.js:7
        throw new TypeError(error !== null && error !== void 0 ? error : "value does not exist");
              ^

TypeError: cert is required
    at assertRequired (/opt/app/node_modules/passport-saml/lib/node-saml/utility.js:7:15)

[cjbarth]

That is a removed property. It was renamed to be more descriptive. @evercast-mahesh2021 , see node-saml/node-saml#343.

[evercast-mahesh2021]

That is a removed property. It was renamed to be more descriptive. @evercast-mahesh2021 , see node-saml/node-saml#343.

Thanks @cjbarth, i am not using the latest passport-saml but older versions for couple of different services. The goal is just update the base image in dockerfile and leave the dependencies as is. TypeError: cert is required, i think i was able to fix by providing a self signed cert, and the dependencies are:

    "passport": "^0.5.3",
    "passport-apple": "^2.0.1",
    "passport-auth0": "^1.4.3",
    "passport-azure-ad": "^4.3.3",
    "passport-google-oauth20": "^2.0.0",
    "passport-microsoft": "^0.1.0",
    "passport-saml": "^3.2.2",
    "passport-saml-metadata": "^2.5.0",

But if i am trying to apply the same for other, failing with below error. I believe it is something with my code itself.

/opt/app/dist/helpers/StrategyManager.js:267
    throw new Error("".concat(strategy, " is not valid"));
          ^

Error:  is not valid
    at Function._getStrategy (/opt/app/dist/helpers/StrategyManager.js:267:11)

Dependencies i am using:

    "passport": "^0.6.0",
    "passport-apple": "^2.0.1",
    "passport-azure-ad": "^4.3.1",
    "passport-google-oauth20": "^2.0.0",
    "passport-microsoft": "^0.1.0",
    "passport-saml": "^3.1.1",
    "passport-saml-metadata": "^2.5.0",

[markstos]

@evercast-mahesh2021 Older versions are not supported. The version you are using has multiple known exploits published for it If upgrading passport-saml to resolve your exposure to vulnerabilities is not an option, consider downgrading your Docker container.