build(deps): bump passport-saml from 2.2.0 to 3.0.0

[dependabot]

Bumps passport-saml from 2.2.0 to 3.0.0.

Release notes

Sourced from passport-saml's releases.

v3.0.0

Important Release Notes

This release has some breaking changes and some significant refactors. Please read the CHANGELOG.md carefully to note what few things may need to change in your code before taking this version. There are deprecation notices in the latest 2.x releases, so it is strongly advised that you upgrade to those versions and clear up the warnings before taking this release.

Also, this release contains significant work to separate the SAML parts out from the Passport parts in preparation for a complete split of these two parts. If you are using the SAML part apart from the Passport part, this release will be much easier for you to use.

Changes

• Remove deprecated field privateCert from README, tests (#591) (4eff276)
• Add support for more tags in the changelog (#592) (6a7e476)
• Create codeql-analysis.yml (52ede4c)
• Improve changelog format (#587) (2d2cc0a)
• Update all dependencies to latest (d34b22f)
• Add Node 16 support; drop Node 10 (b0caa65)
• Update all packages to latest semver-minor (#588) (13c7216)
• Enforce more secure XML encryption (#584) (8d35454)
• Add optional setting to set a ceiling on how old a SAML response is allowed to be (#577) (54a1e04)
• Move XML functions to utility module (#571) (9ad5662)
• Improve the typing of the Strategy class hierarchy. (#554) (4a83196)
• Resolve XML-encoded carriage returns during signature validation (#576) (5618b65)
• Make sure CI builds test latest versions of dependencies (#570) (0798e4d)
• Start separation of node-saml from passport-saml strategy (#574) (c668737)
• internal: configure Github Issue chooser (6df9bdd)
• Run prettier (69c87b7)
• Create of Code of Conduct (61cf7c5)
• Fix incorrect import of compiled files in tests (#572) (2332a85)
• Remove support for deprecated privateCert (#569) (5326b21)
• Add WantAssertionsSigned (#536) (5634945)
• Fix lint npm script to match all files including in src/ (#555) (3a486db)
• Require cert for every strategy (#548) (224f25f)
• Update xml-encryption to v1.2.3 (#567) (d89bdfd)
• Revert "Update xml-encryption to v1.2.3 (#560)" (#564) (13416dc)
• Update xml-encryption to v1.2.3 (#560) (a270d34)
• Update xml-crypto to v2.1.1 (#558) (5031927)
• bump xmldom to 0.5.x since all lower versions have security issue (#551) (4d2b909)
• remove old callback functions, tests use async/await (#545) (8a1a377)
• Tests use typescript (#534) (f1a436f)
• Allow for authnRequestBinding in SAML options (#529) (ed4be0c)
• async / await in cache interface (#532) (54704de)
• Merge pull request #531 from node-saml/multisaml-strategy-readme (54809d1)
• update tests to use multisamlstrategy.js from the correct place (6182dde)
• remove multisaml strategy in the old location (46c6df1)
• Update readme on using multiSamlStrategy (e4b3da7)
• Allow manual trigger of build action (ef175f3)
• Fix code formatting (e511c49)
• Have build action run on PR (add499c)
• Format code and enforce code style on PR (#527) (aefee33)
• async/await for saml.ts (#496) (c6c4510)

Changelog

Sourced from passport-saml's changelog.

Changelog

Commits

• 683f767 Release 3.0.0
• 4eff276 Remove deprecated field privateCert from README, tests (#591)
• 6a7e476 Add support for more tags in the changelog (#592)
• 52ede4c Create codeql-analysis.yml
• 2d2cc0a Improve changelog format (#587)
• d34b22f Update all dependencies to latest
• b0caa65 Add Node 16 support; drop Node 10
• 13c7216 Update all packages to latest semver-minor (#588)
• 8d35454 Enforce more secure XML encryption (#584)
• 54a1e04 Add optional setting to set a ceiling on how old a SAML response is allowed t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[christian-hawk]

Can one of the admins verify this patch?

[codecov]

Codecov Report

Merging #281 (8b9006b) into master (255e068) will decrease coverage by 2.72%.
The diff coverage is n/a.

❗ Current head 8b9006b differs from pull request most recent head 7e76784. Consider uploading reports for the commit 7e76784 to get more accurate results

@@            Coverage Diff             @@
##           master     #281      +/-   ##
==========================================
- Coverage   74.59%   71.87%   -2.73%     
==========================================
  Files          35       33       -2     
  Lines         748      711      -37     
==========================================
- Hits          558      511      -47     
- Misses        190      200      +10     

Impacted Files	Coverage Δ
server/routes.js	43.58% <0.00%> (-15.39%)	⬇️
server/sp-meta.js	96.42% <0.00%> (-3.58%)	⬇️
server/providers.js	73.22% <0.00%> (-0.46%)	⬇️
config/test.js	100.00% <0.00%> (ø)
server/extra-passport-params.js	100.00% <0.00%> (ø)
server/utils/openid-client-helper.js
server/mappings/openid-client.js
server/utils/file-utils.js
server/mappings/openidconnect-default.js	0.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 255e068...7e76784. Read the comment docs.

[christian-hawk]

There are breaking changes as tests show:

  1) Test SP Meta Helper
228
       generate meta test
229
         should generate metafile for provider in idp-metadata folder:
230
     TypeError: cert is required

Creating a new issue to properly upgrade when needed.

[dependabot]

Superseded by #292.