@forgerock/token-vault@4.2.2

Patch Changes

• Updated dependencies [d14d301]:
  • @forgerock/javascript-sdk@4.9.1

@forgerock/ping-protect@4.7.1

Patch Changes

• Updated dependencies [d14d301]:
  • @forgerock/javascript-sdk@4.9.1

@forgerock/javascript-sdk@4.9.1

Patch Changes

• #587 d14d301 Thanks @ForgeRockEmma! - fix: move getAuthenticationCredential back inside try/catch so that WebAuthn cancellation errors (e.g. NotAllowedError) are written to the HiddenValueCallback before re-throwing

@forgerock/token-vault@4.2.1

Patch Changes

• #580 d319384 Thanks @ryanbas21! - fix(security): replace substring URL matching with strict equality in evaluateUrlForInterception to prevent URL allow-list bypass via query parameter injection

• Updated dependencies [03135cf, 1fb1e57, 1253482]:

  • @forgerock/javascript-sdk@4.9.0

Security: - Proxy config declaring URLs is now required and will be used to generate an allow list of origins to check again prior to fowarding a request.

@forgerock/ping-protect@4.7.0

Minor Changes

• #581 1253482 Thanks @SteinGabriel! - fix(protect): update Protect callback with new Signals SDK config

Patch Changes

• #575 8ccfef4 Thanks @ryanbas21! - fixes the type of the options param in PIProtect.start so it better aligns with output from PingOneProtectInitializeCallback.getConfig() as defined in javascript-sdk (importantly it no longer expects _type and _action fields)

• Updated dependencies [03135cf, 1fb1e57, 1253482]:

  • @forgerock/javascript-sdk@4.9.0

@forgerock/javascript-sdk@4.9.0

Minor Changes

• #571 03135cf Thanks @cameronwhitworthforgerock! - Added support for Conditional UI elements with WebAuthN

• #581 1253482 Thanks @SteinGabriel! - fix(protect): update Protect callback with new Signals SDK config

Patch Changes

• #577 1fb1e57 Thanks @thomas-schofield-fr! - WebAuthn improvements

  • Fix parsing of WebAuthn scripts when asScript is true
  • Improve handling when conditional mediation is not supported
  • Enable re-invocation of WebAuthn requests
  • Enable modification of options passed to navigator.credentials.get()

@forgerock/ping-protect@4.6.2

Patch Changes

• 90099e5 Thanks @cerebrl! - This aligns ping-protect and protect initialize callbacks to the new Journey Nodes

• Updated dependencies [0795917, f35d9b2, 90099e5, 0ddd28f]:

  • @forgerock/javascript-sdk@4.8.3

@forgerock/javascript-sdk@4.8.3

Patch Changes

• #565 0795917 Thanks @ryanbas21! - remove shared array buffer type from webauthn ParsedCredentials.

• f35d9b2 Thanks @ryanbas21! - fixes a bad export syntax in package.json

• 90099e5 Thanks @cerebrl! - This aligns ping-protect and protect initialize callbacks to the new Journey Nodes

• #564 0ddd28f Thanks @ancheetah! - Add support for KBA allowUserDefinedQuestions flag

@forgerock/ping-protect@4.6.1

What's Changed

• fix: ping-protect-versioning by @ryanbas21 in #546
• Release PR by @github-actions in #547

Full Changelog: https://github.com/ForgeRock/forgerock-javascript-sdk/compare/@forgerock/javascript-sdk@4.8.1...@forgerock/ping-protect@4.6.1

@forgerock/javascript-sdk@4.8.2

@forgerock/javascript-sdk@4.8.1 Latest

Patch Changes
#544 58360de Thanks @ryanbas21! - Fix condition for determining session endpoint request for terminating session in AIC/AM

[Fixing bad release of 4.8.1]