Update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@testing-library/react	16.1.0 -> 16.2.0					dependencies	minor
@testing-library/user-event	14.5.2 -> 14.6.1					dependencies	minor
@types/node (source)	22.10.5 -> 22.13.5					dependencies	minor
@types/react (source)	19.0.3 -> 19.0.10					dependencies	patch
@types/react-dom (source)	19.0.2 -> 19.0.4					dependencies	patch
gradle (source)	8.12 -> 8.12.1						patch
typescript (source)	5.7.2 -> 5.7.3					dependencies	patch
com.yubico:yubico-util (source)	2.6.0-alpha8 -> 2.6.0					dependencies	patch
com.yubico:webauthn-server-attestation (source)	2.6.0-alpha8 -> 2.6.0					dependencies	patch
com.yubico:webauthn-server-core (source)	2.6.0-alpha8 -> 2.6.0					dependencies	patch
com.webauthn4j:webauthn4j-core	0.28.4.RELEASE -> 0.28.5.RELEASE					dependencies	patch
org.springframework.boot	3.4.1 -> 3.4.3					plugin	patch

---

Release Notes

testing-library/react-testing-library (@​testing-library/react)

v16.2.0

Compare Source

Features

• Add support for React error handlers (#​1354) (9618c51)

testing-library/user-event (@​testing-library/user-event)

v14.6.1

Compare Source

Bug Fixes

• correct description for delay option (#​1175) (2edf14d)
• keyboard: add ContextMenu to defaultKeyMap (#​1079) (3e471d1)
• keyboard: add brackets to defaultKeyMap (#​1226) (543ecb0)
• keyboard: walk through radio group per arrow keys (#​1049) (bf8111c)
• pointer: dispatch mouse events if pointerdown is defaultPrevented (#​1121) (f681f7b)
• pointer: set button and buttons properties on PointerEvent (#​1219) (6614f72)
• pointer: use 1 as default value for PointerEvent.width and PointerEvent.height (#​1224) (f0468d0)
• prevent click event loop on form-associated custom element (#​1238) (465fc7e)
• prevent click event on non-focusable control (#​1130) (e429094)
• upload: apply accept filter more leniently (#​1064) (a344ad4)

v14.6.0

Compare Source

Features

• dispatch FocusEvent in hidden documents (#​1252) (1ed8b15)

Bug Fixes

• clipboard: await DataTransferItem.getAsString() callback (#​1251) (7b11b0e)
• event: assign pointer coords to MouseEvent (#​1039) (8528972)
• pointer: check PointerCoords.x in isDifferentPointerPosition (#​1216) (75edef5)
• pointer: check all fields of PointerCoords in isDifferentPointerPosition() (#​1229) (5f3d28f)

gradle/gradle (gradle)

v8.12.1

Compare Source

microsoft/TypeScript (typescript)

v5.7.3

Compare Source

Yubico/java-webauthn-server (com.yubico:yubico-util)

v2.6.0: Version 2.6.0

Compare Source

webauthn-server-core:

New features:

• Added method getParsedPublicKey(): java.security.PublicKey to
  RegistrationResult and RegisteredCredential.
  • Thanks to Jakob Heher (A-SIT) for the contribution, see https://github.com/Yubico/java-webauthn-server/pull/299
• Added enum parsing functions:
  • AuthenticatorAttachment.fromValue(String): Optional<AuthenticatorAttachment>
  • PublicKeyCredentialType.fromId(String): Optional<PublicKeyCredentialType>
  • ResidentKeyRequirement.fromValue(String): Optional<ResidentKeyRequirement>
  • TokenBindingStatus.fromValue(String): Optional<TokenBindingStatus>
  • UserVerificationRequirement.fromValue(String): Optional<UserVerificationRequirement>
• Added public builder to CredentialPropertiesOutput.
• Added public factory function LargeBlobRegistrationOutput.supported(boolean).
• Added public factory functions to LargeBlobAuthenticationOutput.
• Added hints property to StartRegistrationOptions, StartAssertionOptions, PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions, and class PublicKeyCredentialHint to support them, to support the hints parameter introduced in WebAuthn L3: https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints
• (Experimental) Added option isSecurePaymentConfirmation(boolean) to FinishAssertionOptions. When set, RelyingParty.finishAssertion() will adapt the validation logic for a Secure Payment Confirmation (SPC) response instead of an ordinary WebAuthn response. See the JavaDoc for details.
  • NOTE: Experimental features may receive breaking changes without a major version increase.

webauthn-server-attestation:

New features:

• FidoMetadataDownloader now parses the CRLDistributionPoints extension on the application level, so the com.sun.security.enableCRLDP=true system property setting is no longer necessary.
• Added helper function CertificateUtil.parseFidoSernumExtension for parsing serial number from enterprise attestation certificates.

Artifacts built with openjdk version "17.0.13" 2024-10-15.

v2.6.0-RC1: Pre-release 2.6.0-RC1

Compare Source

Changes since 2.6.0-alpha8

webauthn-server-core:

Breaking changes:

• Removed the suite of experimental interfaces related with CredentialRepositoryV2. These will be postponed to minor release 2.7 instead.
• Removed property RegisteredCredential.transports.
• Removed property credProps.authenticatorDisplayName.
• Removed credProps extension from assertion extension outputs.

webauthn-server-attestation:

New features:

• FidoMetadataDownloader now parses the CRLDistributionPoints extension on the application level, so the com.sun.security.enableCRLDP=true system property setting is no longer necessary.
• Added helper function CertificateUtil.parseFidoSernumExtension for parsing serial number from enterprise attestation certificates.

Changes since 2.5.4

webauthn-server-core:

New features:

• Added method getParsedPublicKey(): java.security.PublicKey to RegistrationResult and RegisteredCredential.
  • Thanks to Jakob Heher (A-SIT) for the contribution, see https://github.com/Yubico/java-webauthn-server/pull/299
• Added enum parsing functions:
  • AuthenticatorAttachment.fromValue(String): Optional<AuthenticatorAttachment>
  • PublicKeyCredentialType.fromId(String): Optional<PublicKeyCredentialType>
  • ResidentKeyRequirement.fromValue(String): Optional<ResidentKeyRequirement>
  • TokenBindingStatus.fromValue(String): Optional<TokenBindingStatus>
  • UserVerificationRequirement.fromValue(String): Optional<UserVerificationRequirement>
• Added public builder to CredentialPropertiesOutput.
• Added public factory function LargeBlobRegistrationOutput.supported(boolean).
• Added public factory functions to LargeBlobAuthenticationOutput.
• Added hints property to StartRegistrationOptions, StartAssertionOptions, PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions, and class PublicKeyCredentialHint to support them, to support the hints parameter introduced in WebAuthn L3: https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints
• (Experimental) Added option isSecurePaymentConfirmation(boolean) to FinishAssertionOptions. When set, RelyingParty.finishAssertion() will adapt the validation logic for a Secure Payment Confirmation (SPC) response instead of an ordinary WebAuthn response. See the JavaDoc for details.
  • NOTE: Experimental features may receive breaking changes without a major version increase.

webauthn-server-attestation:

New features:

• FidoMetadataDownloader now parses the CRLDistributionPoints extension on the application level, so the com.sun.security.enableCRLDP=true system property setting is no longer necessary.
• Added helper function CertificateUtil.parseFidoSernumExtension for parsing serial number from enterprise attestation certificates.

Artifacts built with openjdk version "17.0.13" 2024-10-15.

webauthn4j/webauthn4j (com.webauthn4j:webauthn4j-core)

v0.28.5.RELEASE

Compare Source

⭐ Enhancements

• Deprecate AuthenticationParameters constructor that takes Authenticator as a parameter #​1085

📦 Dependency Upgrades

• Bump org.jetbrains:annotations from 26.0.1 to 26.0.2 #​1088
• Bump bouncycastle from 1.79 to 1.80 #​1086

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: react_app/package-lock.json

npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: react-scripts@5.0.1
npm error Found: typescript@5.7.3
npm error node_modules/typescript
npm error   typescript@"5.7.3" from the root project
npm error   peer typescript@">= 2.7" from fork-ts-checker-webpack-plugin@6.5.3
npm error   node_modules/fork-ts-checker-webpack-plugin
npm error     fork-ts-checker-webpack-plugin@"^6.5.0" from react-dev-utils@12.0.1
npm error     node_modules/react-dev-utils
npm error       react-dev-utils@"^12.0.1" from react-scripts@5.0.1
npm error       node_modules/react-scripts
npm error         react-scripts@"5.0.1" from the root project
npm error   1 more (tsutils)
npm error
npm error Could not resolve dependency:
npm error peerOptional typescript@"^3.2.1 || ^4" from react-scripts@5.0.1
npm error node_modules/react-scripts
npm error   react-scripts@"5.0.1" from the root project
npm error
npm error Conflicting peer dependency: typescript@4.9.5
npm error node_modules/typescript
npm error   peerOptional typescript@"^3.2.1 || ^4" from react-scripts@5.0.1
npm error   node_modules/react-scripts
npm error     react-scripts@"5.0.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-02-21T22_31_29_622Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-02-21T22_31_29_622Z-debug-0.log