From 164ca5324a1109e5a678559ef0b391bb924077b2 Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Mon, 22 Sep 2025 15:36:20 -0300 Subject: [PATCH 1/4] build(deps): bump `safety_net_attestation` from `0.4.0` to `0.5.0` --- webauthn.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webauthn.gemspec b/webauthn.gemspec index 8eb99a99..a7bdabe2 100644 --- a/webauthn.gemspec +++ b/webauthn.gemspec @@ -38,7 +38,7 @@ Gem::Specification.new do |spec| spec.add_dependency "cbor", "~> 0.5.9" spec.add_dependency "cose", "~> 1.1" spec.add_dependency "openssl", ">= 2.2" - spec.add_dependency "safety_net_attestation", "~> 0.4.0" + spec.add_dependency "safety_net_attestation", "~> 0.5.0" spec.add_dependency "tpm-key_attestation", "~> 0.14.0" spec.add_development_dependency "bundler", ">= 1.17", "< 3.0" From 4f5e11a7d674858a175cb0aa2c1702f2805f8fe2 Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Mon, 22 Sep 2025 15:39:23 -0300 Subject: [PATCH 2/4] docs(changelog): add release notes for `v3.4.2` --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8057cc6f..6db6734f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [v3.4.2] - 2025-09-22 + +### Added + +- Updated `safety_net_attestation` dependency from `~> 0.4.0` to `~> 0.5.0`. + ## [v3.4.1] - 2025-06-06 - Avoid requiring `base64` as it's not a direct dependency. [#459](https://github.com/cedarcode/webauthn-ruby/pull/459)[@santiagorodriguez96] @@ -421,6 +427,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70 - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser - Works with ruby 2.5 +[v3.4.2]: https://github.com/cedarcode/webauthn-ruby/compare/v3.4.1...v3.4.2/ [v3.4.1]: https://github.com/cedarcode/webauthn-ruby/compare/v3.4.0...v3.4.1/ [v3.4.0]: https://github.com/cedarcode/webauthn-ruby/compare/v3.3.0...v3.4.0/ [v3.3.0]: https://github.com/cedarcode/webauthn-ruby/compare/v3.2.2...v3.3.0/ From 470b4f656383097f2bdda12b3c85c6e10582e913 Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Mon, 22 Sep 2025 15:39:48 -0300 Subject: [PATCH 3/4] build(version): bump version to `3.4.2` --- lib/webauthn/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/webauthn/version.rb b/lib/webauthn/version.rb index 9dded603..279fa90e 100644 --- a/lib/webauthn/version.rb +++ b/lib/webauthn/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module WebAuthn - VERSION = "3.4.1" + VERSION = "3.4.2" end From f973a46011dad06e8e5776f2708089857b244116 Mon Sep 17 00:00:00 2001 From: Nicolas Temciuc Date: Mon, 22 Sep 2025 15:57:43 -0300 Subject: [PATCH 4/4] fix(test): use 2048 bits in RSA key when encoding with JWT - JWT 3 requires the RSA key to be 2048 bits, see: https://github.com/jwt/ruby-jwt/pull/661 --- spec/spec_helper.rb | 5 ++--- .../webauthn/attestation_statement/android_safetynet_spec.rb | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 433ec47c..673037f9 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -114,9 +114,8 @@ def finder_for(certificate_file, return_empty: false) RootCertificateFinder.new(certificate_file, return_empty) end -def create_rsa_key - key_bits = 1024 # NOTE: Use 2048 or more in real life! We use 1024 here just for making the test fast. - +# NOTE: Use 2048 or more in real life! We use 1024 here just for making the test fast. +def create_rsa_key(key_bits = 1024) OpenSSL::PKey::RSA.new(key_bits) end diff --git a/spec/webauthn/attestation_statement/android_safetynet_spec.rb b/spec/webauthn/attestation_statement/android_safetynet_spec.rb index efe6e4c2..0912c2c0 100644 --- a/spec/webauthn/attestation_statement/android_safetynet_spec.rb +++ b/spec/webauthn/attestation_statement/android_safetynet_spec.rb @@ -30,7 +30,7 @@ OpenSSL::Digest::SHA256.digest(authenticator_data_bytes + client_data_hash) ) end - let(:attestation_key) { create_rsa_key } + let(:attestation_key) { create_rsa_key(2048) } let(:leaf_certificate) do issue_certificate(root_certificate, root_key, attestation_key, name: "CN=attest.android.com")