Skip to content

Latest commit

 

History

History
152 lines (92 loc) · 14.5 KB

CHANGELOG.md

File metadata and controls

152 lines (92 loc) · 14.5 KB
Raw

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.3.0 (2021-09-03)

Features

  • httpProxy: add support to global http proxy (#333) (121a629)

Bug Fixes

  • package-lock.json: update node-xtraverse due to vulnerability in xmldom (#327) (903ebb4)
  • remove decimal points from Client assertion JWT exp time (#315) (6ba5b9b), closes #313 #313 #313

5.2.1 (2021-07-30)

Bug Fixes

5.2.0 (2021-07-15)

Features

  • openid-client-helper.js: init issuer with and without discovery endpoint (c287f10), closes #241

Bug Fixes

  • logging.test.js: fix empty dirname and use existing log dir path (003cf15), closes #297

5.1.0 (2021-07-13)

Features

  • routes.js: track error logs generated by passport strategies (9820226), closes #250

Bug Fixes

  • dependencies: relock file to fix vulnerability (d5c298f)
  • package.json: fix twitter volunerability (1812efd), closes #265
  • package.json: fix url issue (93dde9a)
  • security: update vulnerable dep tree (59b725a)

5.0.0 (2021-06-03)

⚠ BREAKING CHANGES

  • openid-connect: All openid providers needs to be reconfigured according to new specs. Changes required at oxTrust.
  • security: We need to update from ox trust breakingchnage descriptiotn

Features

  • app-factory: ensure session is handlable externaly (e7106e6)
  • config: ensure sameSite exists and value is lax in default (aeff791)
  • config: ensure sameSite exists in production (3ee1504)
  • config: ensure secure exists in production (e3d41c3)
  • config: ensure secure is true in production (5747cba)
  • config: ensure secure value is false in default (9709ab9)
  • file-utils.js file-utils.test.js: made a seperate utils for common file operations (fbdf323), closes #206
  • openid-client-helper.js: Added utility for openid client strategy initialization (da25ac3), closes #206
  • openid-connect: replace deprecated openid lib with openid-client (e0e165f), closes #204
  • package.json: support node 14.16.0 to 15.11.0 (da7fd3b), closes #213
  • providers.js: added openid-client strategy support (514aad8), closes #206
  • session.js session.test.js: make separate file for session config (5092baf), closes #242

Bug Fixes

  • config.test.js: update cookie config keys title (72646a5), closes #242
  • security: reokacc openid connect dep (224fbdd)
  • session: ensure cookies settings are correct (7c24b83)
  • package.json & package-lock.json to reduce vulnerabilities (218b7ce)

4.5.0 (2021-03-30)

Features

  • config: ensure sameSite exists and value is lax in default (aeff791)
  • config: ensure sameSite exists in production (3ee1504)
  • config: ensure secure exists in production (e3d41c3)
  • config: ensure secure is true in production (5747cba)
  • config: ensure secure value is false in default (9709ab9)
  • session make separate file for session config (5092baf), closes #242

Bug Fixes

  • config.test.js: update cookie config keys title (72646a5), closes #242
  • session: ensure cookies settings are correct (7c24b83)
  • package.json & package-lock.json to reduce vulnerabilities (218b7ce)

4.4.0 (2021-02-22)

Features

  • app-factory.js: added rate-limiting facility (51b6ba3), closes #139

Bug Fixes

  • app: add csrf middleware (ef71ec4), closes #140
  • app: generate random secret for session middleware (c6202ad), closes #144
  • app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
  • app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
  • app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169
  • husky: add missing .huskyrc.json (990ce91)
  • logging.js: add propper code for assigning empty string to msg (9846f23)
  • routes.js: remove metadata input name on outgoing request (1738306), closes #137
  • routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
  • routes.js: remove received input from error output msg (4c7f204), closes #137
  • uma.js: fixed form data send problem (478b452), closes #205

4.3.8 (2020-12-10)

Bug Fixes

  • app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
  • app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169

4.3.7 (2020-11-25)

Bug Fixes

  • app: add csrf middleware (ef71ec4), closes #140
  • app: generate random secret for session middleware (c6202ad), closes #144
  • app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
  • husky: add missing .huskyrc.json (990ce91)
  • logging.js: add propper code for assigning empty string to msg (9846f23)
  • routes.js: remove metadata input name on outgoing request (1738306), closes #137
  • routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
  • routes.js: remove received input from error output msg (4c7f204), closes #137

4.3.6 (2020-10-31)

Bug Fixes

  • routes.js: add extended option to urlencode function call (74ae36c), closes #126
  • solved the provider update strategy problem #119 (3c4f725)