chore(deps): update dependency @simplewebauthn/server to v12 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@simplewebauthn/server (source)	10.0.1 -> 12.0.0

---

Release Notes

MasterKale/SimpleWebAuthn (@​simplewebauthn/server)

v12.0.0

Compare Source

All SimpleWebAuthn packages are now available for installation from the
JavaScript Registry (JSR)! JSR is an "open-source package registry
for modern JavaScript and TypeScript" - you can read more about this new package registry and its
ESM-centric capabilities here.

All packages in v12.0.0 are functionally identical to v11.0.0! And JSR package hosting is in
addition to existing package hosting on NPM. Nothing changes about package installation via
npm install. Read on for more information.

Packages

• @​simplewebauthn/browser@​12.0.0
• @​simplewebauthn/server@​12.0.0
• @​simplewebauthn/types@​12.0.0

Changes

• [browser] [server] [types] All packages can now be installed from JSR wherever JSR
  imports are supported (#​634)
• [browser] Deno projects using frameworks like Fresh can now import and use
  @​simplewebauthn/browser (#​634)

To install from JSR, use npx jsr add @​simplewebauthn/... or deno add jsr:@​simplewebauthn/...
depending on which package manager is available.

Projects using npm for package management:

npx jsr add @​simplewebauthn/browser

npx jsr add @​simplewebauthn/server

npx jsr add @​simplewebauthn/types

Projects using deno for package management:

deno add jsr:@​simplewebauthn/browser

deno add jsr:@​simplewebauthn/server

deno add jsr:@​simplewebauthn/types

Projects using HTTPS modules via deno.land/x:

v12.0.0 officially deprecates importing SimpleWebAuthn from deno.land/x. See Breaking Changes
below for refactor guidance.

Breaking Changes

Importing SimpleWebAuthn packages from "https://deno.land/x/simplewebauthn/..." URLs is no longer
supported. Please use Deno's native support for JSR imports instead, available in projects running
Deno v1.42 and higher.

Before:

import { generateAuthenticationOptions } from 'https://deno.land/x/simplewebauthn/deno/server.ts';

After:

import { generateAuthenticationOptions } from 'jsr:@​simplewebauthn/server';

Alternatively, use deno add to install these packages from
JSR:

v11.0.0

Compare Source

Say hello to support for automatic passkey registration, support for valid conditional UI <input>
elements stashed away in web components, and to the new WebAuthnCredential type that modernizes
some logic within.

There are some breaking changes in this release! Please see Breaking Changes below for refactor
guidance.

Packages

• @​simplewebauthn/browser@​11.0.0
• @​simplewebauthn/server@​11.0.0
• @​simplewebauthn/types@​11.0.0

Changes

• [browser] [server] A new useAutoRegister argument has been added to startRegistration() to
  support attempts to automatically register passkeys for users who just completed non-passkey auth.
  verifyRegistrationResponse() has gained a new requireUserPresence option that can be set to
  false when verifying responses from startRegistration({ useAutoRegister: true, ... })
  (#​623)
• [browser] A new verifyBrowserAutofillInput argument has been added to
  startAuthentication() to disable throwing an error when a correctly configured <input> element
  cannot be found (but perhaps a valid one is present in a web component shadow's DOM)
  (#​621)
• [server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential and
  has had its properties renamed. The return value out of verifyRegistrationResponse() and
  corresponding inputs into verifyAuthenticationResponse() have been updated accordingly. See
  Breaking Changes below for refactor guidance
  (#​625)
• [server] verifyRegistrationResponse() now verifies that the authenticator data AAGUID
  matches the leaf cert's id-fido-gen-ce-aaguid extension AAGUID when it is present
  (#​609)
• [server] TPM attestation verification recognizes the corrected TPM manufacturer identifier for
  IBM (#​610)
• [server] Types for the defunct authenticator extensions uvm and dpk have been removed
  (#​611)

Breaking Changes

[browser] Positional arguments in startRegistration() and startAuthentication() have been replaced by a single object

Property names in the object match the names of the previously-positional arguments. To update
existing implementations, wrap existing options in an object with corresponding properties:

Before:

startRegistration(options);
startAuthentication(options, true);

After:

startRegistration({ optionsJSON: options });
startAuthentication({ optionsJSON: options, useBrowserAutofill: true });

[server] [types] The AuthenticatorDevice type has been renamed to WebAuthnCredential

AuthenticatorDevice.credentialID and AuthenticatorDevice.credentialPublicKey have been shortened
to WebAuthnCredential.id and WebAuthnCredential.publicKey respectively.

verifyRegistrationResponse() has been updated accordingly to return a new credential value of
type WebAuthnCredential. Update code that stores credentialID, credentialPublicKey, and
counter out of verifyRegistrationResponse() to store credential.id, credential.publicKey,
and credential.counter instead:

Before:

const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credentialID,
  registrationInfo.credentialPublicKey,
  registrationInfo.counter,
  body.response.transports,
);

After:

const { registrationInfo } = await verifyRegistrationResponse({...});

storeInDatabase(
  registrationInfo.credential.id,
  registrationInfo.credential.publicKey,
  registrationInfo.credential.counter,
  registrationInfo.credential.transports,
);

Update calls to verifyAuthenticationResponse() to match the new credential argument that
replaces the authenticator argument:

Before:

import { AuthenticatorDevice } from '@​simplewebauthn/types';

const authenticator: AuthenticatorDevice = {
  credentialID: ...,
  credentialPublicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  authenticator,
});

After:

import { WebAuthnCredential } from '@​simplewebauthn/types';

const credential: WebAuthnCredential = {
  id: ...,
  publicKey: ...,
  counter: 0,
  transports: [...],
};

const verification = await verifyAuthenticationResponse({
  // ...
  credential,
});

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.