From c9a56026ffb8357b6ffa6d5f6c3316722590dc8c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Sep 2025 23:49:47 +0100
Subject: [PATCH] build(deps): bump @boxyhq/saml20 from 1.10.2 to 1.12.1
 (#1001)

* build(deps): bump @boxyhq/saml20 from 1.10.2 to 1.12.1

Bumps [@boxyhq/saml20](https://github.com/boxyhq/saml20) from 1.10.2 to 1.12.1.
- [Release notes](https://github.com/boxyhq/saml20/releases)
- [Changelog](https://github.com/ory/saml20/blob/main/.release-it.json)
- [Commits](https://github.com/boxyhq/saml20/compare/1.10.2...1.12.1)

---
updated-dependencies:
- dependency-name: "@boxyhq/saml20"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* updated saml20

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Deepak Prabhakara <deepak.prabhakara@ory.sh>
---
 package-lock.json     | 8 ++++----
 package.json          | 2 +-
 pages/api/saml/sso.ts | 3 +--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 39b0503..ef6c0a7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "1.4.1",
       "license": "Apache 2.0",
       "dependencies": {
-        "@boxyhq/saml20": "1.10.2",
+        "@boxyhq/saml20": "1.12.1",
         "daisyui": "4.12.24",
         "next": "15.5.3",
         "react": "19.1.1",
@@ -50,9 +50,9 @@
       }
     },
     "node_modules/@boxyhq/saml20": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/@boxyhq/saml20/-/saml20-1.10.2.tgz",
-      "integrity": "sha512-B7Z3bbgc2T3+284nqyciHeQpu4+isBITuRKeLsznHIkunXb/viakkfGJOmW78ohmtGz0P73lu6mAuQBm8ASAJA==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@boxyhq/saml20/-/saml20-1.12.1.tgz",
+      "integrity": "sha512-lAHJ13kTZqPgSFUuAV8+kg5As3/MoSfiEr96tNKP0sj6c6o/Sbwn6DIhUZLQRNzDtmyAu9zuQk3vdbY5BK56Xg==",
       "license": "MIT",
       "dependencies": {
         "@xmldom/xmldom": "0.9.8",
diff --git a/package.json b/package.json
index 51f8dcb..dd1e609 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,7 @@
     "release": "git checkout release && git merge origin/main && release-it && git checkout main && git merge origin/release && git push origin main"
   },
   "dependencies": {
-    "@boxyhq/saml20": "1.10.2",
+    "@boxyhq/saml20": "1.12.1",
     "daisyui": "4.12.24",
     "next": "15.5.3",
     "react": "19.1.1",
diff --git a/pages/api/saml/sso.ts b/pages/api/saml/sso.ts
index e69dd0a..910aeca 100644
--- a/pages/api/saml/sso.ts
+++ b/pages/api/saml/sso.ts
@@ -34,8 +34,7 @@ async function processSAMLRequest(req: NextApiRequest, res: NextApiResponse, isP
     const { id, audience, acsUrl, providerName, publicKey } = await saml.parseSAMLRequest(rawRequest, isPost);
 
     if (isPost) {
-      const { valid } = await saml.hasValidSignature(rawRequest, publicKey, null);
-      if (!valid) {
+      if (!saml.validateSignature(rawRequest, publicKey, null)) {
         throw new Error('Invalid signature');
       }
     }