fix!: remove vulnerable node-saml dependency (#126)

david-renaud-okta · web-flow · commit bab5bd0468d1 · 2022-02-09T11:01:31.000-05:00
BREAKING CHANGE: Requires NodeJS >= 12 See https://github.com/auth0/node-saml/releases/tag/v2.0.0
diff --git a/README.md b/README.md
@@ -6,6 +6,10 @@ SAML Protocol middleware to create SAMLP identity providers for node.js.
 
     npm install samlp
 
+### Supported Node Versions
+
+node >= 12
+
 ## Introduction
 
 This middleware is meant to generate a valid SAML Protocol identity provider endpoint that speaks saml.
diff --git a/package.json b/package.json
@@ -1,6 +1,9 @@
 {
   "name": "samlp",
   "version": "6.0.2",
+  "engines": {
+    "node": ">=12"
+  },
   "description": "SAML Protocol server middleware",
   "main": "lib/index.js",
   "scripts": {
@@ -25,7 +28,7 @@
     "ejs": "2.5.5",
     "flowstate": "^0.4.0",
     "querystring": "^0.2.0",
-    "saml": "^1.0.0",
+    "saml": "^2.0.1",
     "xml-crypto": "^2.0.0",
     "@auth0/xmldom": "0.1.21",
     "xpath": "0.0.5",
