fix(deps): update minor-updates-npm

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@credo-ts/core (source)	^0.6.1 → ^0.7.0
@credo-ts/openid4vc (source)	^0.6.1 → ^0.7.0
@eudiplo/sdk-core (source)	^4.1.0 → ^4.4.0

---

Release Notes

openwallet-foundation/credo-ts (@​credo-ts/core)

v0.7.0

Compare Source

Minor Changes

• b75f0bf: - Updated the LogLevel enum to use the correct casing
  For migration, use LogLevel.Trace, etc, instead of LogLevel.trace

• cc65c27: - Removed buffer dependency and replaced with @scure/base for base-x encoding/decoding

  • Updated DIDComm attachments to use base64url, not base64
  • Updated tests to make sure urland base64 encoded items use base64url
  • Added fromBase64Url to TypedArrayEncoder and JsonEncoder

  Breaking changes:

  1. TypedArrayEncoder.fromBase64 does not support base64url anymore, please use TypedArrayEncoder.fromBase64Url for that. Same for JsonEncoder
  2. TypedArrayEncoder.fromString has been replaced by TypedArrayEncoder.fromUtf8String to be consistent with TypedArrayEncoder.toUtf8String
  3. Every place where we accepted Buffer as input we now only support Uint8Array as input
  4. TypedArrayEncoder.equals is now constant-time, however I would still hesitate to use it for any private crypto operation 5. Removed Uint8ArrayBuffer type, not used anymore

Patch Changes

• 5056b97: Improved RSA support in X509 certificate chain validation.
• 120cee8: fix: set lowS to false for noble curves after updating to v2
• c1ab9be: feat: support SHA-512 for certificates signed with P-256/P384 keys
• 10a3ce5: fix: typo in asymmetric
• b7aec4e: Fix the parsing of RSA-signed X509 certificates.

v0.6.3

Compare Source

Patch Changes

• 73d2d59: Introduced cursor-based pagination for Drizzle-backed storage with support for before and after cursors. This ensures stable ordering using (createdAt, id) and enables efficient bidirectional pagination for large number of records.

v0.6.2

Compare Source

Patch Changes

• b9bd214: feat: add a (configurable) 30 seconds skew to JWT-based credentials and other JWT object verification. This is to prevent verification errors based on slight deviations in server time. This does not affect non-JWT credentials yet (mDOC, JSON-LD)
• 69acbc3: feat: add a method to create an x509 certificate signing request
• 4a4473c: chore: use sub export for kms module
• 2c15356: fix: correctly extract authority of vc when verifying presentations against DCQL query
• 4989dd9: fix(pex): use found signature suite proof type instead of default
• 0f7171a: chore: updates sd-jwt-js to 0.18.x
• e441cc1: fix: improve did key id resolving. We used startsWith to match, but that has loopholes, and did not correctly handle all relative key ids. We now 'compact' each key id (remove the did prefix) but only if the keyId starts with the did document id, and compares them.
• 1969c67: feat: fetch updated sd-jwt-vc type metadata path for sd-jwt-vc. There is also a new fetchTypeMetadata method in the SdJwtVcApi, allowing to resolve the type metadata for an SD-JWT VC. It will also verify the vct#integrity if available on the credential. Only HTTPS urls are supported at the moment.
• 620bb38: chore: update @sd-jwt/* dependencies to 0.19.x. If you're only using Credo for SD-JWT this has no impact, but if you're using @​sd-jwt directly in your project, it's good to update
• 2073110: fix: correctly extract and store the kms key id for JWK-bound sd-jwt credentials received over openid4vc
• 620bb38: feat: resolve, merge and store type metadata chain for SD-JWT VC

openwallet-foundation/credo-ts (@​credo-ts/openid4vc)

v0.7.0

Compare Source

Minor Changes

• cc65c27: - Removed buffer dependency and replaced with @scure/base for base-x encoding/decoding

  • Updated DIDComm attachments to use base64url, not base64
  • Updated tests to make sure urland base64 encoded items use base64url
  • Added fromBase64Url to TypedArrayEncoder and JsonEncoder

  Breaking changes:

  1. TypedArrayEncoder.fromBase64 does not support base64url anymore, please use TypedArrayEncoder.fromBase64Url for that. Same for JsonEncoder
  2. TypedArrayEncoder.fromString has been replaced by TypedArrayEncoder.fromUtf8String to be consistent with TypedArrayEncoder.toUtf8String
  3. Every place where we accepted Buffer as input we now only support Uint8Array as input
  4. TypedArrayEncoder.equals is now constant-time, however I would still hesitate to use it for any private crypto operation 5. Removed Uint8ArrayBuffer type, not used anymore

Patch Changes

• 944358e: Fix query to find session when using authorization server.
• 0bd4bd0: Set issuance error message based on error, similarly to other places.
• Updated dependencies [5056b97]
• Updated dependencies [b75f0bf]
• Updated dependencies [120cee8]
• Updated dependencies [c1ab9be]
• Updated dependencies [10a3ce5]
• Updated dependencies [cc65c27]
• Updated dependencies [b7aec4e]
  • @​credo-ts/core@​0.7.0

v0.6.3

Compare Source

Patch Changes

• d7c08a1: Adds support for setting a custom expiration for individual credential offers and authorization requests.

• 8f1b343: The state of the issuance session is now correctly updated to 'Error' if an error happens while creating a credential response.

• e2cbb15: Introduces a new callback in the issuer configuration (getChainedAuthorizationRequestParameters),
  which can be used to dynamically provide:

  • The scopes to request to the chained authorization server.
  • Any additional payload to add to the request to the chained authorization server.
  • An allowed list of redirect URIs, if you want to limit to which wallets you're issuing to.

  The following has been changed in OpenId4VciChainedAuthorizationServerConfig:

  • The scopesMapping option is now optional. Either scopesMapping or the new callback
    must be defined in order to fullfil a chained authorization request.
  • A new redirectUris option has been added. This can be used when you want to statically
    define the allowed redirectUris, instead of using the callback. If the callback is
    provided, this option will not be used.

  The option getVerificationSessionForIssuanceSessionAuthorization has been deprecated and replaced with getVerificationSession. Please update your usage.

• 7a79b99: fix: update @​openid4vci package to fix an issue where did-based proofs would not work in OpenID4VCI authorization code flow

• 55389c4: The state of the issuance session is now correctly updated to 'Error' if an error happens while creating a deferred credential response.

• 7f24d03: For new credential deferrals, Credo keeps track of until when the transaction is deferred.
  If the wallet calls the endpoint before the interval has passed by, we automatically
  return a new deferral response with the remaining interval.

• 5358453: Adds an holderBinding object to the OpenId4VcIssuanceSessionRecordTransaction,
  allowing you to easily use the holder binding in the deferred credential response
  endpoint.

  In addition, we now pass the respective transaction to OpenId4VciDeferredCredentialRequestToCredentialMapperOptions
  when called. This simplifies the user logic, since you no longer need to retrieve the transaction manually.

• 020c864: You can now customize the grace period during which an issuance session is kept alive after the deferral interval has passed by defining deferralIntervalGracePeriodInSeconds (default is 7 days).

  Note that this only applies to deferrals happening after upgrading Credo. For sessions deferred before updating Credo, the previous expiry date will remain unless the issuance is deferred once more.

• Updated dependencies [73d2d59]

  • @​credo-ts/core@​0.6.3

v0.6.2

Compare Source

Patch Changes

• df82d40: fix: add alg to OpenID4VP client_metadata jwk for encryption
• b9bd214: feat: add a (configurable) 30 seconds skew to JWT-based credentials and other JWT object verification. This is to prevent verification errors based on slight deviations in server time. This does not affect non-JWT credentials yet (mDOC, JSON-LD)
• 2c15356: fix: correctly extract authority of vc when verifying presentations against DCQL query
• 657ec73: chore: update @​openid4vc package to ^0.4.3. This includes several transformation logic fixes for transforming between drafts, that caused issues for projects updating from Credo 0.5
• 8f63ac3: feat: add support for RFC 9207 OAuth 2.0 Authorization Server Issuer Identification, as required by HAIP/FAPI. For the Credo authorization server this is automatically handled (chained authorization). For external authorization servers this needs to be done manually. For wallets you need to parse the oid4vci authorization response using the new agent.openid4vc.holder.parseAuthorizationCodeFromAuthorizationResponse method.
• 2073110: fix: correctly extract and store the kms key id for JWK-bound sd-jwt credentials received over openid4vc
• 620bb38: feat: resolve, merge and store type metadata chain for SD-JWT VC
• Updated dependencies [b9bd214]
• Updated dependencies [69acbc3]
• Updated dependencies [4a4473c]
• Updated dependencies [2c15356]
• Updated dependencies [4989dd9]
• Updated dependencies [0f7171a]
• Updated dependencies [e441cc1]
• Updated dependencies [1969c67]
• Updated dependencies [620bb38]
• Updated dependencies [2073110]
• Updated dependencies [620bb38]
  • @​credo-ts/core@​0.6.2

openwallet-foundation/eudiplo (@​eudiplo/sdk-core)

v4.4.0

Compare Source

Bug Fixes

• add PostgreSQL SSL cert-path support and SSL e2e coverage (#​702) (9f15ddc)
• move token endpoint under admin api (#​701) (a02bfab)

Features

• audit-log docs cleanup and migrate org references (v2) (#​707) (6c10d5a)

---

This release is also available on:

• v4.4.0
• npm package (@​latest dist-tag)

v4.3.0

Compare Source

Features

• issuer: Add schema metadata management UI and documentation (#​699) (68a3f6c)
• enforce single-use validation for presentation and issuance offers (#​695) (f4a1a01), closes #​503 openwallet-foundation-labs/eudiplo#503
• improve schema metadata workflows and registrar integration (#​700) (91b9b8c)

---

This release is also available on:

• v4.3.0
• npm package (@​latest dist-tag)

v4.2.0

Compare Source

Bug Fixes

• fixing oidf tests (#​683) (b8c5d75)
• improve dashboard and check AC availability (#​690) (d7e73d1)
• mdoc validation (#​689) (a4bf740)
• oid4vp: use accessKeyChainId when building client_id in offer URI (#​691) (8d03d92), closes #​687

Features

• auth: Add external OIDC user management with temporary password onboarding (#​680) (d493708)
• add max retry counter for tx_code validation in OID4VCI pre-authorized code flow (#​692) (cdb79da), closes #​673

---

This release is also available on:

• v4.2.0
• npm package (@​latest dist-tag)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.