Skip to content

chore(deps): bump @simplewebauthn/server from 13.3.1 to 13.3.2#1504

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/simplewebauthn/server-13.3.2
Open

chore(deps): bump @simplewebauthn/server from 13.3.1 to 13.3.2#1504
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/simplewebauthn/server-13.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps @simplewebauthn/server from 13.3.1 to 13.3.2.

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.3.2

This update fixes a CVSS v4 Low (2.0) security vulnerability identified in @​simplewebauthn/server. See the security advisory linked below for more information.

Changes:

  • [server] Fixed an issue with verifyRegistrationResponse() allowing a maliciously-crafted attestation statement's x5c to contain a self-signed "root certificate" instead of chaining back to an RP-specified trust anchor (GHSA-6hxq-p678-4hr2)
Commits
  • 84656ff Update version to 13.3.2
  • dd0d73c Fail cert path validation closed instead
  • 213e9ba Add test for failure to chain to trust anchor
  • 989507a Add tests for notAfter enforcement
  • b55f4b9 Move explanation into test
  • 7bed04c Update comments around cert chain validity
  • 6ee9644 Add new tests
  • c23890a Update existing test to use helpers
  • 8d02ed4 Add X.509 cert helpers for tests
  • 8a53d70 Use X509ChainBuilder for chain validation
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server) from 13.3.1 to 13.3.2.
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases)
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.2/packages/server)

---
updated-dependencies:
- dependency-name: "@simplewebauthn/server"
  dependency-version: 13.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 24, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 24, 2026

Copy link
Copy Markdown

Deploying nexterm with  Cloudflare Pages  Cloudflare Pages

Latest commit: 7a9a461
Status: ✅  Deploy successful!
Preview URL: https://28154266.nexterm.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-simp-6fxh.nexterm.pages.dev

View logs

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants