v8.3.4

Packages

• @simplewebauthn/browser@.3.4
• @simplewebauthn/server@.3.4
• @simplewebauthn/typescript-types@.3.4

Changes

• [server] The library will now try to use globalThis.crypto first before trying to import
  Node's node:crypto as a fallback (#468)
• [browser, types] Version sync

v8.3.3

Packages

• @simplewebauthn/browser@8.3.3
• @simplewebauthn/server@8.3.3
• @simplewebauthn/typescript-types@8.3.3

Changes

• [server, types] deno vendor will no longer error out because typescript-types/src/dom.ts
  is missing (#466)
• [server] Authenticator data will now be preserved after bad CBOR encoding is detected and
  temporarily fixed when handling security key responses from Firefox
  (#465)
• [browser] Version sync due to changes in typescript-types

v8.3.2

Packages

• @simplewebauthn/server@8.3.2

Changes

• [server] The cbor-x dependency is now used without pulling in the Node-specific stream API
  for better Web API environment compatibility
  (#455, with thanks to @Maronato)

v8.3.1

Packages

• @simplewebauthn/browser@8.3.1

Changes

• [browser] Calling startAuthentication(..., true) to set up conditional UI will now require
  the "webauthn" value in an input's autocomplete="..." be either the only value or the last
  value (#451)

v8.3.0

Packages

• @simplewebauthn/browser@8.3.0

Changes

• [browser] The WebAuthnAbortService singleton can now be imported, with a cancelCeremony()
  method that can be called to manually cancel any active WebAuthn ceremonies. This can be used by
  developers building projects that use client-side routing to better control the behavior of their
  UX in response to router navigation events.
  (#449)

v8.2.1

Packages

• @simplewebauthn/browser@8.2.1

Changes

• [browser] startRegistration() will visibly warn in the browser console when a WebAuthn API method call errors out in a way that is likely due to a browser extension intercepting the API. The original error is exposed as the cause property on the error. (#447)

v8.2.0

Packages

• @simplewebauthn/browser@8.2.0
• @simplewebauthn/server@8.2.0

Changes

• [browser] startRegistration() will no longer error out on registration responses generated
  by the 1Password browser extension (#443, with thanks to @unix)
• [browser] Helper methods base64URLStringToBuffer() and bufferToBase64URLString() are now
  exported from @simplewebauthn/browser (#444)
• [server] verifyRegistrationResponse() and verifyAuthenticationResponse() now accept a new
  expectedType argument that can be used to, for example, verify Secure Payment Confirmation
  responses (#436, with thanks to @fabiancook)
• [server] Responses containing malformed authenticator data returned from Firefox 117 will no
  longer raise an error (#441)

v8.1.1

Packages

• @simplewebauthn/server@8.1.1

Changes

• [server] Debug logger output from MetadataService has been disabled
  (#434)

v8.1.0

Packages

• @simplewebauthn/server@8.1.0

Changes

• [server] The expectedChallenge argument for verifyRegistrationResponse() and
  verifyAuthenticationResponse() methods now also accept asynchronous methods
  (#432, with thanks to @jordanbtucker)

v8.0.2

Packages

• @simplewebauthn/browser@8.0.2

Changes

• [browser] The NPM package now targets ES2021 for support in older browsers like Safari 13.1
  (#429)