v1.1: Sessions

This release introduces server-side sessions as an alternative to the previous approach of just issuing JWTs, and a bunch of smaller improvements and bug fixes.

• New config options

session:
  server_side:
    enabled: true
    limit: 5

• Sessions are stored in the DB, the JWT contains the session ID
• New /sessions endpoint to verify the JWT (instead of retrieving the JWKS and verifying the JWT yourself)
• Remote session revocation
• Sessions list in <hanko-profile>

What's Changed

• fix: chinese email template corrected by @bjoern-m in #1627
• fix(admin-api): return webauthn transports in users endpoints by @lfleischmann in #1652
• feat(admin-api): get users by multiple ids by @lfleischmann in #1653
• chore(webhooks): update webhook.go by @eltociear in #1666
• fix: password update, password service transaction handling by @lfleischmann in #1669
• ci: fix schema and markdown generation workflows by @lfleischmann in #1603
• Server side sessions by @FreddyDevelop in #1673
• chore: update versions to 1.1.0 by @FreddyDevelop in #1748
• chore: autogenerate config JSON schema by @FreddyDevelop in #1754

Full Changelog: backend/v1.0.3...backend/v1.1.0

v1.0.2

Another bug fix release. Most importantly, changing the way DB connections are used during flow transactions to avoid potential deadlocks when a large number of users initiate certain flow actions simultaneously.

What's Changed

• fix: passcode invalid error not shown by @bjoern-m in #1594
• fix: only use transaction connection in a transaction by @FreddyDevelop in #1598
• chore: update versions to 1.0.2 by @FreddyDevelop in #1599

Full Changelog: backend/v1.0.1...backend/v1.0.2

v1.0.1

This release contains some important fixes and additions to the recently released Hanko v1.0.

The most important changes are:

• Added webhook support to Flow API
• Username property is now included when retrieving the user from the SDK or the admin API
• Fixed a potential concurrency issue when new flows are created

What's Changed

• ci: no jekyll by @lfleischmann in #1568
• ci: do not create cname file on docs publish by @lfleischmann in #1569
• ci: move nojekyll file by @lfleischmann in #1570
• chore: correct broken links by @bjoern-m in #1567
• fix: fix faulity migration by @FreddyDevelop in #1571
• chore: add linkedin provider guide link in readme by @lfleischmann in #1572
• chore: add webhooks to flow-api by @bjoern-m in #1574
• Fix/email delivery by @FreddyDevelop in #1575
• fix: fix links by @FlxMgdnz in #1576
• Minor text changes and typo fixes by @FlxMgdnz in #1579
• feat: update DTO with username field by @bjoern-m in #1583
• docs: backend config and user import schema and markdown generation improvements by @lfleischmann in #1582
• feat: return complete user in admin API by @FreddyDevelop in #1581
• fix: fix email verified check for saml by @FreddyDevelop in #1589
• fix: create new flow for every request by @FreddyDevelop in #1591

Full Changelog: backend/v1.0.0...backend/v1.0.1

Hanko 1.0

We are excited to release Hanko 1.0 today. After two years in Beta, the new Hanko is more user-friendly, more customizable and more mature than all previous releases in almost all areas and finally deserves the 1.0 version number.

Highlights

Options, options, options

• Identifiers and auth methods can be enabled individually and freely combined, no more implicit settings
• Optional passwords that can be deleted by the user, i.e. give users the choice to select a password or a passkey as their preferred authentication method
• Smooth migration of existing users, e.g. transition from a password-based system to passkeys, without overburdening all users at once

Usernames

• Usernames are now supported as identifiers, in addition to email addresses
• Emails and usernames can also be used simultaneously

Privacy

• Configurations that use the email identifier and require email verification now effectively prevent email enumeration, enabling a fully privacy-preserving implementation of login and registration
• A setting to disable "privacy mode" for situations where explicit feedback to the user (e.g. "An account using this email address already exists.") is more important than privacy is planned for a future release

Dedicated login and registration flows

• Login and registration flows have been separated to present only relevant actions to the user, e.g. "Sign in with a passkey" makes no sense for a user who wants to register a new account
• Introducing new elements <hanko-login> and <hanko-registration> that can be placed on separate pages, e.g. /login and /registration
• Combined <hanko-auth> element is still available, allowing users to toggle between login and registration on the same page

Introducing the all-new Flow API

This version contains a new API, which we call Flow API (#1532). With the previous RESTful API of the Hanko backend, it had become very complex to extend the functionality of Hanko. This was mainly due to the fact that most of the state handling was done in Hanko Elements and each endpoint had to be called in a specific order to work properly. The Flow API takes over this complexity completely in the backend and thus enables us to further develop the Hanko system at a higher speed than ever before.

• This 1.0 release includes the Flow API as well as the completely redesigned Hanko Elements to match the Flow API
• Flow API consists of three new endpoints: /registration, /login, and /profile
• A number of new email templates have been introduced to provide better context for users
• Old API endpoints handling login and registration will be deprecated, but will continue to work for the foreseeable future to allow a smooth transition to the Flow API
• A frontend SDK and documentation for the creation of custom frontends for the Flow API will follow shortly

New config options

Flow API supports much more granular settings to control the login and registration flows. The following is a sample configuration containing the most important new settings:

debug: false
convert_legacy_config: false

email:
  enabled: true
  optional: false
  acquire_on_registration: true
  acquire_on_login: true
  require_verification: true
  use_as_login_identifier: true
  use_for_authentication: true
  limit: 5
  max_length: 100
  passcode_ttl: 300

username:
  enabled: false
  optional: true
  acquire_on_registration: true
  acquire_on_login: false
  use_as_login_identifier: true
  min_length: 3
  max_length: 32

password:
  enabled: true
  optional: false
  acquire_on_registration: always
  acquire_on_login: never
  recovery: true
  min_length: 8

passkey:
  enabled: true
  optional: true
  acquire_on_registration: always
  acquire_on_login: always
  user_verification: preferred
  attestation_preference: direct
  limit: 10

Migration

Config

With the introduction of the new configuration parameters, some old parameters have become obsolete and the new parameters should be used in future if the default values are not sufficient (default values have not changed):

Old	New
emails.max_num_of_addresses	email.limit
emails.require_verification	email.require_verification
passcode.ttl	email.passcode_ttl
smtp	email_delivery.smtp
passcode.email.from_name	email_delivery.from_name
passcode.email.from_address	email_delivery.from_address
password.min_password_length	password.min_length
webauthn.user_verification	passkey.user_verification
webauthn.timeout	webauthn.timeouts.registration
webauthn.timeout	webauthn.timeouts.login

Old config files can still be used, but the convert_legacy_config parameter must be set to true.

Caution

Some of the new configuration parameters are not compatible with older versions of Hanko Elements (< v1.0). To ensure smooth operation, Hanko Elements v1.0 or higher should be used with the new configuration parameters.

Caution

The new configuration parameters email.enabled, email.use_for_authentication and passkey.enabled also disable the REST API endpoints if set to false, but Hanko Elements before v1.0 does not know how to deal with that and will throw an error.

Frontend

Events

• onAuthFlowCompleted events have been removed (use onSessionCreated instead)
• onSessionCreated contains the session JWT, but not the user ID anymore

Check session state

The element will no longer check if a session has already been established, and the "You're already logged in" page has been removed. This change was necessary to enable re-authentication in future versions. You can check if a user is already logged in using the following code:

import {register} from "https://cdn.jsdelivr.net/npm/@teamhanko/hanko-elements/dist/elements.js"

const {hanko} = await register("https://...");

if (hanko.session.isValid()) {
	// user is already logged in
} else {
	// show auth component
}

What's Changed

• feat: add webhook env var decoder by @lfleischmann in #1515
• Update package.json by @Fohlen in #1504
• ci: suspend e2e test automation by @lfleischmann in #1550
• Introduce Flowpilot - integration by @bjoern-m in #1532
• Update roadmap by @FlxMgdnz in #1541
• fix: don't show onboarding for already existing credentials by @bjoern-m in #1559
• docs: update config reference links by @lfleischmann in #1557
• fix: respect length requirements username by @FreddyDevelop in #1560
• chore: update default config, adjust and re-generate json schema by @bjoern-m in #1556
• fix: hopefully fix thirdparty for cross-domain by @FreddyDevelop in #1562
• Chore change database parameters by @FreddyDevelop in #1564

New Contributors

• @Fohlen made their first contribution in #1504

Full Changelog: backend/v0.12.0...backend/v1.0.0

v0.12: Sign in with LinkedIn

Highlights

• LinkedIn is now available as 3rd-party identity provider.

What's Changed

• chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 in /backend by @dependabot in #1454
• chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 in /backend by @dependabot in #1455
• chore(deps): bump github.com/go-playground/validator/v10 from 10.19.0 to 10.20.0 in /backend by @dependabot in #1449
• chore(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 in /backend by @dependabot in #1456
• feat(thirdparty): add linkedin to social providers by @shentschel in #1463
• chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.21.0 in /backend by @dependabot in #1475
• chore(deps): bump github.com/rs/zerolog from 1.32.0 to 1.33.0 in /backend by @dependabot in #1465
• chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /backend by @dependabot in #1469
• chore(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 in /backend by @dependabot in #1481
• chore(deps): bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 in /backend by @dependabot in #1480
• feat(saml): make getting providers from metadata non-panic by @shentschel in #1464
• fix: improve passcode email text by @FlxMgdnz in #1170
• fix: mail renderer tests after text updates by @lfleischmann in #1489
• chore(deps): bump github.com/go-playground/validator/v10 from 10.21.0 to 10.22.0 in /backend by @dependabot in #1487
• chore(deps): bump goreleaser/goreleaser-action from 5 to 6 by @dependabot in #1486
• chore(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 in /backend by @dependabot in #1478
• chore(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #1494
• chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 in /backend by @dependabot in #1493
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.21 to 2.1.0 in /backend by @dependabot in #1497

Full Changelog: backend/v0.11.0...backend/v0.12.0

v0.11: Sign in with Microsoft, custom email sending

Highlights

• Microsoft is now available as 3rd-party identity provider. Admins can set up a "Sign in with Microsoft" authentication option for users in the backend config. Both personal and work accounts are supported. Learn more here.
• Custom email sending is now supported by a new webhook and the option to disable email sending through the Hanko backend. Apps can subscribe to the webhook and implement their own email sending (e.g. passcode emails).

What's Changed

• docs: add link to discord guide in backend readme by @lfleischmann in #1424
• feat(thirdparty): add microsoft provider by @lfleischmann in #1409
• Update LICENSE by @FlxMgdnz in #1432
• Update README.md by @FlxMgdnz in #1433
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.4 to 4.12.0 in /backend by @dependabot in #1436
• fix: fix saml login for existing users by @FreddyDevelop in #1434
• [FEAT] disable email delivery by @FreddyDevelop in #1419
• chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 in /quickstart by @dependabot in #1440
• chore(deps): bump github.com/labstack/echo-contrib from 0.15.0 to 0.17.1 in /backend by @dependabot in #1441
• fix: don't override error before return by @FreddyDevelop in #1447

Full Changelog: backend/v0.10.2...backend/v0.11.0

v0.10.2

Highlights

• Fix that ensures email JWT claim is present on user creation.
• Change that sets the default Passkey/WebAuthn attestation conveyance preference from 'none' to 'direct' for better AAGUID handling on Windows.

What's Changed

• fix(jwt): add updated email on user create by @shentschel in #1416
• chore(deps): bump github.com/jackc/pgconn from 1.14.1 to 1.14.3 in /backend by @dependabot in #1380
• chore(deps): bump jose from 4.15.4 to 4.15.5 in /frontend by @dependabot in #1385
• chore(deps): bump softprops/action-gh-release from 1 to 2 by @dependabot in #1389
• chore(deps): bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2 in /backend by @dependabot in #1391
• chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /backend by @dependabot in #1395
• chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible in /backend by @dependabot in #1402
• chore(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.1 in /backend by @dependabot in #1410
• chore(deps): bump follow-redirects from 1.15.4 to 1.15.6 in /docs by @dependabot in #1399
• chore(deps): bump follow-redirects from 1.15.4 to 1.15.6 in /frontend by @dependabot in #1400
• chore(deps): bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs by @dependabot in #1406
• chore(deps-dev): bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /frontend by @dependabot in #1405
• Update README.md by @FlxMgdnz in #1408
• chore(deps): bump express from 4.18.1 to 4.19.2 in /docs by @dependabot in #1413
• chore(deps): bump express from 4.18.2 to 4.19.2 in /frontend by @dependabot in #1414
• chore(deps): bump peaceiris/actions-gh-pages from 3 to 4 by @dependabot in #1422
• Roadmap updates by @FlxMgdnz in #1411
• chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 in /backend by @dependabot in #1425
• chore(deps): bump github.com/go-webauthn/webauthn from 0.10.1 to 0.10.2 in /backend by @dependabot in #1426
• chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 in /backend by @dependabot in #1428
• enhance(webauthn): change default attestation mode by @shentschel in #1421
• chore: update versions to v0.10.2 by @lfleischmann in #1430

Full Changelog: backend/v0.10.1...backend/v0.10.2

v0.10.1

Highlights

• Email claim added to session JWT, allowing developers to quickly retrieve the user's primary email address
• New Social SSO provider: Discord

What's Changed

• chore(deps): bump github.com/go-playground/validator/v10 from 10.17.0 to 10.18.0 in /backend by @dependabot in #1342
• chore: update debug dockerfile by @lfleischmann in #1352
• chore(webhooks): improve webhook docs by @shentschel in #1351
• feat(thirdparty): add discord provider by @lfleischmann in #1353
• fix(webhooks): fix HasEvent logic by @shentschel in #1355
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.19 to 2.0.20 in /backend by @dependabot in #1358
• chore(deps-dev): bump ip from 2.0.0 to 2.0.1 in /frontend by @dependabot in #1359
• Roadmap updated by @FlxMgdnz in #1363
• feat(webhooks): add webhooks trigger to thirdparty auth by @shentschel in #1367
• chore(deps): bump golang.org/x/crypto from 0.19.0 to 0.21.0 in /backend by @dependabot in #1378
• chore(deps): bump github.com/go-playground/validator/v10 from 10.18.0 to 10.19.0 in /backend by @dependabot in #1377
• chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 in /backend by @dependabot in #1375
• chore(deps): bump github.com/gomodule/redigo from 1.8.9 to 1.9.2 in /backend by @dependabot in #1365
• chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /backend by @dependabot in #1379
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.20 to 2.0.21 in /backend by @dependabot in #1386
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.19 to 2.0.21 in /quickstart by @dependabot in #1387
• Fix links in README.md by @wttw in #1407
• feat(jwt): add email claim to session JWT by @shentschel in #1404

New Contributors

• @wttw made their first contribution in #1407

Full Changelog: backend/v0.10.0...backend/v0.10.1

v0.10: Webhooks, Account Linking, Passkey Names

This release contains some highly requested new features:

Webhooks

It is now possible to configure webhooks. For now, subscribable events are limited to changes to user accounts. More information here.

3rd-party Account Linking

Automatic account linking can now be activated for individual 3rd-party OAuth connections. This allows for existing accounts to be accessed with 3rd-party connections like Sign in with Google when using the same email address, and vice versa.

Improved Passkey Naming

When a new passkey is created, the original passkey name displayed in the list of passkeys in the user profile is generated by Hanko Backend. Previously, all passkey names looked like "Passkeys-ABCDE", where "ABCDE" was the last characters of the random credential ID. From now on, the passkey names are based on the available information about the authenticator used to create the passkey, e.g. "iCloud Keychain", "Windows Hello" or "1Password", which improves the usability of the passkey list in the user profile.

What's Changed

• feat:add passcode.zh-CN.yaml for support chinese by @zhaoyii in #1219
• chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 in /backend by @dependabot in #1225
• chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 in /backend by @dependabot in #1226
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.24.0 to 6.25.0 in /backend by @dependabot in #1227
• feat(i18n): add italian translations by @riccardoperra in #1228
• Fixed typo by @FlxMgdnz in #1238
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.1 to 0.9.2 in /backend by @dependabot in #1232
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.25.0 to 6.26.0 in /backend by @dependabot in #1248
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.2.2 to 2.3.0 in /backend by @dependabot in #1246
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.17 to 2.0.18 in /backend by @dependabot in #1243
• chore(deps-dev): bump vite from 4.4.9 to 4.4.12 in /frontend by @dependabot in #1247
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.2 to 0.9.4 in /backend by @dependabot in #1242
• fix: set cookie secure flag by @lfleischmann in #1250
• chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 in /backend by @dependabot in #1252
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.0 to 6.26.2 in /backend by @dependabot in #1257
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.2 to 6.26.3 in /backend by @dependabot in #1258
• chore(deps): bump follow-redirects from 1.15.2 to 1.15.4 in /frontend by @dependabot in #1286
• chore(deps): bump follow-redirects from 1.15.1 to 1.15.4 in /docs by @dependabot in #1285
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.18 to 2.0.19 in /backend by @dependabot in #1283
• chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 in /backend by @dependabot in #1281
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /quickstart by @dependabot in #1268
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.3 to 4.11.4 in /backend by @dependabot in #1272
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.4 to 0.10.0 in /backend by @dependabot in #1271
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.3 to 6.26.4 in /backend by @dependabot in #1287
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.4 to 6.27.0 in /backend by @dependabot in #1296
• chore(deps): bump github.com/go-playground/validator/v10 from 10.16.0 to 10.17.0 in /backend by @dependabot in #1293
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.27.0 to 6.28.0 in /backend by @dependabot in #1302
• chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 in /backend by @dependabot in #1306
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.11 to 2.0.19 in /quickstart by @dependabot in #1305
• 1030 - Refactor SMTP settings to be outside of passcode config by @irby in #1121
• improve(passkeys): improve passkey naming by @shentschel in #1303
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.3.0 to 2.4.0 in /backend by @dependabot in #1313
• chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 in /backend by @dependabot in #1314
• chore(backend): update config json schema by @lfleischmann in #1318
• ci: enable dependabot version updates for actions by @lfleischmann in #1319
• fix: make samesite and domain attributes configurable for frontend sdk cookie by @lfleischmann in #1251
• chore(deps): bump actions/checkout from 3 to 4 by @dependabot in #1326
• chore(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #1325
• chore(deps): bump actions/setup-go from 3 to 5 by @dependabot in #1324
• chore(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 in /backend by @dependabot in #1327
• chore(deps): bump github/codeql-action from 2 to 3 by @dependabot in #1322
• chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #1323
• chore(deps): bump docker/metadata-action from 4 to 5 by @dependabot in #1332
• chore(deps): bump docker/setup-qemu-action from 2 to 3 by @dependabot in #1331
• chore(deps): bump docker/setup-buildx-action from 2 to 3 by @dependabot in #1330
• chore(deps): bump docker/login-action from 2 to 3 by @dependabot in #1329
• chore(deps): bump actions/github-script from 6 to 7 by @dependabot in #1328
• chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 in /backend by @dependabot in #1335
• feat: extend third-party account linking by @lfleischmann in #1316
• chore(deps): bump github.com/go-webauthn/webauthn from 0.10.0 to 0.10.1 in /backend by @dependabot in #1339
• chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /backend by @dependabot in #1338
• feat(webhooks): add webhooks by @shentschel in #1291
• chore(docs): add webhook docs by @shentschel in #1346
• chore: bump frontend versions to v0.10.0 by @lfleischmann in #1348
• ci: fix tag extraction pattern in docker publish workflow by @lfleischmann in #1350

New Contributors

• @zhaoyii made their first contribution in #1219
• @riccardoperra made their first contribution in #1228

Full Changelog: backend/v0.9.1...backend/v0.10.0

v0.9.1

Lots of small improvements and fixes in this one.

A big thank you to all contributors.

What's Changed

• #983 add instructions on how to run project locally with bare metal vs Docker by @irby in #1008
• feat(i18n): add pt-BR translation by @caioluis in #1090
• feat(i18n): add bn translation by @heysagnik in #1092
• Fix (1067): Allow Multiple Email Servers for Test Suites by @irby in #1093
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.23.2 to 6.24.0 in /backend by @dependabot in #1127
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.2.1 to 2.2.2 in /backend by @dependabot in #1126
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.14 to 2.0.15 in /backend by @dependabot in #1117
• chore(deps): bump vue from 3.2.47 to 3.3.6 in /frontend by @dependabot in #1118
• docs: roadmap updates by @FlxMgdnz in #1129
• chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 in /backend by @dependabot in #1130
• chore(deps): bump github.com/russellhaering/goxmldsig from 1.3.0 to 1.4.0 in /backend by @dependabot in #1131
• chore(deps-dev): bump eslint from 8.47.0 to 8.52.0 in /frontend by @dependabot in #1132
• Publish backend binaries by @IgnisDa in #1135
• chore(deps): bump @types/react from 18.2.0 to 18.2.32 in /frontend by @dependabot in #1139
• docs: corrected minute grammatical errors in README.md by @alienishi in #1120
• chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 in /backend by @dependabot in #1146
• chore(deps): bump @angular/forms from 15.2.8 to 15.2.10 in /frontend by @dependabot in #1145
• Updated the name of Twitter in all the docs by @Arcturus22 in #1149
• fix: get session token from header for passcode finalization by @FreddyDevelop in #1124
• chore(deps): bump next from 13.2.3 to 14.0.1 in /frontend by @dependabot in #1154
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.15 to 2.0.16 in /backend by @dependabot in #1153
• chore(deps): bump github.com/docker/docker from 23.0.3+incompatible to 24.0.7+incompatible in /backend by @dependabot in #1151
• chore(deps): bump react-router-dom from 6.14.2 to 6.18.0 in /frontend by @dependabot in #1156
• chore(deps-dev): bump webpack-cli from 5.0.1 to 5.1.4 in /frontend by @dependabot in #1157
• chore(deps): bump jwks-rsa from 3.0.1 to 3.1.0 in /frontend by @dependabot in #1161
• Error message styling by @Esther-Lita in #1150
• chore: re-generate example.css file by @bjoern-m in #1162
• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.5 to 10.16.0 in /backend by @dependabot in #1163
• chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 in /backend by @dependabot in #1164
• chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 in /backend by @dependabot in #1165
• chore(deps): bump tslib from 2.5.0 to 2.6.2 in /frontend by @dependabot in #1166
• fix: reload the profile after passkey creation by @bjoern-m in #1172
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.2 to 4.11.3 in /backend by @dependabot in #1177
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.15.0 in /backend by @dependabot in #1184
• chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 in /backend by @dependabot in #1183
• chore(deps-dev): bump @vitejs/plugin-vue from 4.1.0 to 4.4.1 in /frontend by @dependabot in #1180
• feat(elements): inherit the justify-content property when using shadow… by @bjoern-m in #1182
• chore(deps): bump vue from 3.3.6 to 3.3.8 in /frontend by @dependabot in #1190
• chore(deps-dev): bump svelte-preprocess from 5.0.4 to 5.1.0 in /frontend by @dependabot in #1191
• chore(deps-dev): bump ts-jest from 29.0.5 to 29.1.1 in /frontend by @dependabot in #1194
• chore(deps-dev): bump jest-environment-jsdom from 29.6.1 to 29.7.0 in /frontend by @dependabot in #1193
• chore(deps-dev): bump css-loader from 6.7.3 to 6.8.1 in /frontend by @dependabot in #1196
• chore(docs): fix typo in backend Config.md by @kimar in #1195
• fix: typo by @testwill in #1201
• fix: fix user-import json schema by @FreddyDevelop in #1202
• chore(deps-dev): bump vue-tsc from 1.2.0 to 1.8.22 in /frontend by @dependabot in #1200
• chore(deps-dev): bump @vue/eslint-config-typescript from 11.0.3 to 12.0.0 in /frontend by @dependabot in #1199
• chore(dockerfile): update Node.js version for compatibility in Next.j… by @kenaqshal in #1206
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.16 to 2.0.17 in /backend by @dependabot in #1209
• chore(deps-dev): bump @vitejs/plugin-vue from 4.4.1 to 4.5.0 in /frontend by @dependabot in #1205
• chore(deps-dev): bump eslint-config-next from 12.3.4 to 14.0.3 in /frontend by @dependabot in #1204
• chore(deps): bump github.com/go-webauthn/webauthn from 0.8.6 to 0.9.1 in /backend by @dependabot in #1207
• chore(deps): bump @angular/core from 15.2.9 to 15.2.10 in /frontend by @dependabot in #1212

New Contributors

• @caioluis made their first contribution in #1090
• @heysagnik made their first contribution in #1092
• @alienishi made their first contribution in #1120
• @Arcturus22 made their first contribution in #1149
• @kimar made their first contribution in #1195
• @testwill made their first contribution in #1201
• @kenaqshal made their first contribution in #1206

Full Changelog: backend/v0.9.0...backend/v0.9.1