CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

7.0.0 (2024-08-08)

⚠ BREAKING CHANGES

• saml: update saml strategy name

Features

• passport: update express (852f263)
• passport: update express (d7537d7)
• passport: update express (dee43a7)
• passport: update express (b75ed78)
• saml: update saml strategy name (7fc4ee2)
• update branch merger (19ab971)
• update git flows and add node 20 for test (6d9863b)

Bug Fixes

• openid-client: pass provided scope in auth request (#539) (68342bd)
• package-lock: update package lock json (78b6de5)
• test: fixing cache provide test cases (a9f2329)
• test: fixing cache provide test cases (eef75fb)
• update branch merger action (d29cece)
• update jose package fix vulnerabilities (32f94e7)

6.0.0 (2022-12-30)

⚠ BREAKING CHANGES

• drop support to node 12 (#520)
• remove deprecated passport-oxd
• remove unmantained passport-tumblr (#517)

Bug Fixes

• drop support to node 12 (#520) (99dbb66)
• remove deprecated passport-oxd (7625be6), closes #516
• remove unmantained passport-tumblr (#517) (04fdda0), closes #515

5.4.2 (2022-12-30)

Bug Fixes

• security: bump config to 3.3.8 (b25c0ba)
• security: bump got to 11.8.6 (d38356d)
• security: bump jose to 4.11.1 (04f5fd4)
• security: bump jsonwebtoken from 8.5.1 to 9.0.0 (#511) (a505439)
• security: bump moment from 2.29.3 to 2.29.4 (#483) (77298eb)
• security: bump passport to 0.6.0 (5cd14ec)
• security: bump passport-apple to v2 (04a00cf)
• security: bump winston (5a65ca5)
• security: update passport twitter xmldom dep (2257e69)

5.4.1 (2022-12-05)

Bug Fixes

• security: bump passport-saml from 3.2.1 to 3.2.4 (ac8b62b)

5.4.0 (2022-06-22)

Features

• production.js: rate limit config from env (#452) (067b1a7)

5.3.2 (2022-06-15)

Features

• httpProxy: add support to global http proxy (#333) (121a629)

Bug Fixes

• change log level to debug as silly is not used (#348) (228ae5f)
• loggin.js: add winston patch to fix date problem (#364) (fdf14ca)
• package-lock.json: update node-xtraverse due to vulnerability in xmldom (#327) (903ebb4)
• remove decimal points from Client assertion JWT exp time (#315) (6ba5b9b), closes #313
• security: update deps for passport-oauth2 (#420) (d61566e)
• sp-meta.spec.js: fix saml test case (b3cb6b2)

Miscellaneous Chores

• release 5.3.2 (#447) (141e683)

5.3.1 (2021-10-06)

Bug Fixes

• change log level to debug as silly is not used (#348) (228ae5f)
• sp-meta.spec.js: fix saml test case (b3cb6b2)

5.3.0 (2021-09-03)

Features

• httpProxy: add support to global http proxy (#333) (121a629)

Bug Fixes

• package-lock.json: update node-xtraverse due to vulnerability in xmldom (#327) (903ebb4)
• remove decimal points from Client assertion JWT exp time (#315) (6ba5b9b), closes #313 #313 #313

5.2.1 (2021-07-30)

Bug Fixes

• remove decimal points from Client assertion JWT exp time (#315) (6ba5b9b), closes #313 #313 #313

5.2.0 (2021-07-15)

Features

• openid-client-helper.js: init issuer with and without discovery endpoint (c287f10), closes #241

Bug Fixes

• logging.test.js: fix empty dirname and use existing log dir path (003cf15), closes #297

5.1.0 (2021-07-13)

Features

• routes.js: track error logs generated by passport strategies (9820226), closes #250

Bug Fixes

• dependencies: relock file to fix vulnerability (d5c298f)
• package.json: fix twitter volunerability (1812efd), closes #265
• package.json: fix url issue (93dde9a)
• security: update vulnerable dep tree (59b725a)

5.0.0 (2021-06-03)

⚠ BREAKING CHANGES

• openid-connect: All openid providers needs to be reconfigured according to new specs. Changes required at oxTrust.
• security: We need to update from ox trust breakingchnage descriptiotn

Features

• app-factory: ensure session is handlable externaly (e7106e6)
• config: ensure sameSite exists and value is lax in default (aeff791)
• config: ensure sameSite exists in production (3ee1504)
• config: ensure secure exists in production (e3d41c3)
• config: ensure secure is true in production (5747cba)
• config: ensure secure value is false in default (9709ab9)
• file-utils.js file-utils.test.js: made a seperate utils for common file operations (fbdf323), closes #206
• openid-client-helper.js: Added utility for openid client strategy initialization (da25ac3), closes #206
• openid-connect: replace deprecated openid lib with openid-client (e0e165f), closes #204
• package.json: support node 14.16.0 to 15.11.0 (da7fd3b), closes #213
• providers.js: added openid-client strategy support (514aad8), closes #206
• session.js session.test.js: make separate file for session config (5092baf), closes #242

Bug Fixes

• config.test.js: update cookie config keys title (72646a5), closes #242
• security: reokacc openid connect dep (224fbdd)
• session: ensure cookies settings are correct (7c24b83)
• package.json & package-lock.json to reduce vulnerabilities (218b7ce)

4.5.1 (2021-03-30)

Features

• config: ensure sameSite exists and value is lax in default (aeff791)
• config: ensure sameSite exists in production (3ee1504)
• config: ensure secure exists in production (e3d41c3)
• config: ensure secure is true in production (5747cba)
• config: ensure secure value is false in default (9709ab9)
• session make separate file for session config (5092baf), closes #242

Bug Fixes

• config.test.js: update cookie config keys title (72646a5), closes #242
• session: ensure cookies settings are correct (7c24b83)
• package.json & package-lock.json to reduce vulnerabilities (218b7ce)

4.4.0 (2021-02-22)

Features

• app-factory.js: added rate-limiting facility (51b6ba3), closes #139

Bug Fixes

• app: add csrf middleware (ef71ec4), closes #140
• app: generate random secret for session middleware (c6202ad), closes #144
• app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
• app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
• app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169
• husky: add missing .huskyrc.json (990ce91)
• logging.js: add propper code for assigning empty string to msg (9846f23)
• routes.js: remove metadata input name on outgoing request (1738306), closes #137
• routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
• routes.js: remove received input from error output msg (4c7f204), closes #137
• uma.js: fixed form data send problem (478b452), closes #205

4.3.8 (2020-12-10)

Bug Fixes

• app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
• app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169

4.3.7 (2020-11-25)

Bug Fixes

• app: add csrf middleware (ef71ec4), closes #140
• app: generate random secret for session middleware (c6202ad), closes #144
• app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
• husky: add missing .huskyrc.json (990ce91)
• logging.js: add propper code for assigning empty string to msg (9846f23)
• routes.js: remove metadata input name on outgoing request (1738306), closes #137
• routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
• routes.js: remove received input from error output msg (4c7f204), closes #137

4.3.6 (2020-10-31)

Bug Fixes

• routes.js: add extended option to urlencode function call (74ae36c), closes #126
• solved the provider update strategy problem #119 (3c4f725)