All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
5.2.0 (2021-07-15)
5.1.0 (2021-07-13)
- dependencies: relock file to fix vulnerability (d5c298f)
- package.json: fix twitter volunerability (1812efd), closes #265
- package.json: fix url issue (93dde9a)
- security: update vulnerable dep tree (59b725a)
5.0.0 (2021-06-03)
- openid-connect: All openid providers needs to be reconfigured according to new specs. Changes required at oxTrust.
- security: We need to update from ox trust breakingchnage descriptiotn
- app-factory: ensure session is handlable externaly (e7106e6)
- config: ensure sameSite exists and value is lax in default (aeff791)
- config: ensure sameSite exists in production (3ee1504)
- config: ensure secure exists in production (e3d41c3)
- config: ensure secure is true in production (5747cba)
- config: ensure secure value is false in default (9709ab9)
- file-utils.js file-utils.test.js: made a seperate utils for common file operations (fbdf323), closes #206
- openid-client-helper.js: Added utility for openid client strategy initialization (da25ac3), closes #206
- openid-connect: replace deprecated openid lib with openid-client (e0e165f), closes #204
- package.json: support node 14.16.0 to 15.11.0 (da7fd3b), closes #213
- providers.js: added openid-client strategy support (514aad8), closes #206
- session.js session.test.js: make separate file for session config (5092baf), closes #242
- config.test.js: update cookie config keys title (72646a5), closes #242
- security: reokacc openid connect dep (224fbdd)
- session: ensure cookies settings are correct (7c24b83)
- package.json & package-lock.json to reduce vulnerabilities (218b7ce)
4.5.0 (2021-03-30)
- config: ensure sameSite exists and value is lax in default (aeff791)
- config: ensure sameSite exists in production (3ee1504)
- config: ensure secure exists in production (e3d41c3)
- config: ensure secure is true in production (5747cba)
- config: ensure secure value is false in default (9709ab9)
- session make separate file for session config (5092baf), closes #242
- config.test.js: update cookie config keys title (72646a5), closes #242
- session: ensure cookies settings are correct (7c24b83)
- package.json & package-lock.json to reduce vulnerabilities (218b7ce)
4.4.0 (2021-02-22)
- app: add csrf middleware (ef71ec4), closes #140
- app: generate random secret for session middleware (c6202ad), closes #144
- app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
- app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
- app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169
- husky: add missing .huskyrc.json (990ce91)
- logging.js: add propper code for assigning empty string to msg (9846f23)
- routes.js: remove metadata input name on outgoing request (1738306), closes #137
- routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
- routes.js: remove received input from error output msg (4c7f204), closes #137
- uma.js: fixed form data send problem (478b452), closes #205
4.3.8 (2020-12-10)
- app-factory.js: fix location undefine and req.flash function problem (6d10f9b), closes #170 #173
- app-factory.js: remove undeeded csurf middleware (2b2152f), closes #169
4.3.7 (2020-11-25)
- app: add csrf middleware (ef71ec4), closes #140
- app: generate random secret for session middleware (c6202ad), closes #144
- app-factory.js: add missing parenthesis to randomSecret() (2ff8a29)
- husky: add missing .huskyrc.json (990ce91)
- logging.js: add propper code for assigning empty string to msg (9846f23)
- routes.js: remove metadata input name on outgoing request (1738306), closes #137
- routes.js: remove provider name from error message to avoid cross script (577daaa), closes #137
- routes.js: remove received input from error output msg (4c7f204), closes #137