Releases: auth0/auth0.js
v9.23.0
Added
- [IAMRISK-2602] Add support for Arkose #1341 (srijonsaha)
v9.22.1
v9.22.0
Added
- Added support for hCaptcha and Friendly Captcha #1312 (DominickBattistini)
- Support Organization Name #1313 (frederikprijck)
Security
v9.21.0
v9.20.2
v9.20.1
Fixed
- Updated jsdocs for Authentication#login #1284 (siddtheone)
Security
- Bump jsonwebtoken from 8.5.1 to 9.0.0 #1282 (dependabot[bot])
Note: This release is functionally identical to the previous release, but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used (we only include it as a dev dependency and use it in some tests).
v9.20.0
v9.19.2
Changed
- Regenerate API docs using new readme #1271 (frederikprijck)
- Update readme based on the internal redesign #1269 (frederikprijck)
Fixed
- support timeout option in Popup.loginWithCredentials #1273 (stevehobbsdev)
v9.19.1
This release includes some clarification updates to the readme, as well as a culmination of security patches from dependabot.
Changed
- Clean up old/missing library migration links #1256 (stevehobbsdev)
- Clarify usage of legacySameSiteCookie in readme #1255 (stevehobbsdev)
Security
v9.19.0
This release by default now stores additional cookies for backward compatibility when using the SameSite attribute, for those older browsers that do not understand SameSite=None. As well as creating the normal transaction cookies with Secure=true and SameSite=none, it also stores a _x_compat cookie (where x is the name of the original cookie) which only sets Secure=true.
If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting legacySameSiteCookie: false in the SDK configuration.
Added
- Add compatibility cookie for SameSite, with option to turn it off #1232 (stevehobbsdev)