Bump com.yubico:webauthn-server-core from 2.5.4 to 2.6.0

[dependabot]

Bumps com.yubico:webauthn-server-core from 2.5.4 to 2.6.0.

Release notes

Sourced from com.yubico:webauthn-server-core's releases.

Version 2.6.0

webauthn-server-core:

New features:

• Added method getParsedPublicKey(): java.security.PublicKey to RegistrationResult and RegisteredCredential.
  • Thanks to Jakob Heher (A-SIT) for the contribution, see Yubico/java-webauthn-server#299
• Added enum parsing functions:
  • AuthenticatorAttachment.fromValue(String): Optional<AuthenticatorAttachment>
  • PublicKeyCredentialType.fromId(String): Optional<PublicKeyCredentialType>
  • ResidentKeyRequirement.fromValue(String): Optional<ResidentKeyRequirement>
  • TokenBindingStatus.fromValue(String): Optional<TokenBindingStatus>
  • UserVerificationRequirement.fromValue(String): Optional<UserVerificationRequirement>
• Added public builder to CredentialPropertiesOutput.
• Added public factory function LargeBlobRegistrationOutput.supported(boolean).
• Added public factory functions to LargeBlobAuthenticationOutput.
• Added hints property to StartRegistrationOptions, StartAssertionOptions, PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions, and class PublicKeyCredentialHint to support them, to support the hints parameter introduced in WebAuthn L3: https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints
• (Experimental) Added option isSecurePaymentConfirmation(boolean) to FinishAssertionOptions. When set, RelyingParty.finishAssertion() will adapt the validation logic for a Secure Payment Confirmation (SPC) response instead of an ordinary WebAuthn response. See the JavaDoc for details.
  • NOTE: Experimental features may receive breaking changes without a major version increase.

webauthn-server-attestation:

New features:

• FidoMetadataDownloader now parses the CRLDistributionPoints extension on the application level, so the com.sun.security.enableCRLDP=true system property setting is no longer necessary.
• Added helper function CertificateUtil.parseFidoSernumExtension for parsing serial number from enterprise attestation certificates.

Artifacts built with openjdk version "17.0.13" 2024-10-15.

Pre-release 2.6.0-RC1

Changes since 2.6.0-alpha8

webauthn-server-core:

Breaking changes:

... (truncated)

Changelog

Sourced from com.yubico:webauthn-server-core's changelog.

== Version 2.6.0 ==

webauthn-server-core:

New features:

• Added method getParsedPublicKey(): java.security.PublicKey to RegistrationResult and RegisteredCredential. ** Thanks to Jakob Heher (A-SIT) for the contribution, see Yubico/java-webauthn-server#299
• Added enum parsing functions: ** AuthenticatorAttachment.fromValue(String): Optional<AuthenticatorAttachment> ** PublicKeyCredentialType.fromId(String): Optional<PublicKeyCredentialType> ** ResidentKeyRequirement.fromValue(String): Optional<ResidentKeyRequirement> ** TokenBindingStatus.fromValue(String): Optional<TokenBindingStatus> ** UserVerificationRequirement.fromValue(String): Optional<UserVerificationRequirement>
• Added public builder to CredentialPropertiesOutput.
• Added public factory function LargeBlobRegistrationOutput.supported(boolean).
• Added public factory functions to LargeBlobAuthenticationOutput.
• Added hints property to StartRegistrationOptions, StartAssertionOptions, PublicKeyCredentialCreationOptions and PublicKeyCredentialRequestOptions, and class PublicKeyCredentialHint to support them, to support the hints parameter introduced in WebAuthn L3: https://www.w3.org/TR/2023/WD-webauthn-3-20230927/#dom-publickeycredentialcreationoptions-hints
• (Experimental) Added option isSecurePaymentConfirmation(boolean) to FinishAssertionOptions. When set, RelyingParty.finishAssertion() will adapt the validation logic for a Secure Payment Confirmation (SPC) response instead of an ordinary WebAuthn response. See the JavaDoc for details. ** NOTE: Experimental features may receive breaking changes without a major version increase.

webauthn-server-attestation:

New features:

• FidoMetadataDownloader now parses the CRLDistributionPoints extension on the application level, so the com.sun.security.enableCRLDP=true system property setting is no longer necessary.
• Added helper function CertificateUtil.parseFidoSernumExtension for parsing serial number from enterprise attestation certificates.

Commits

• 47ceee8 Release 2.6.0
• 0cbba57 Revert new experimental interfaces and classes
• 798ec03 Merge branch 'parse-sernum'
• 1be5ddd Add parseFidoSernumExtension to NEWS
• 4cb64e3 Add JavaDoc and README docs parseFidoSernumExtension
• 482f4a2 Rename parseFidoSerNumExtension to parseFidoSernumExtension
• d181f75 Return ByteArray from parseFidoSerNumExtension
• a466021 Use BinaryUtil.parseDerOctetString in CertificateUtil.parseSerNum
• 47cabc2 Use generated byte arrays in synthetic test of parseFidoSerNumExtension
• 91a8015 Add ScalaCheck shrinker for ByteArray
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)