http-signature
Advanced tools
Comparing version 1.3.5 to 1.3.6
@@ -7,10 +7,14 @@ # node-http-signature changelog | ||
## 1.3.6 | ||
* Update jsprim due to vulnerability in json-schema (#123) | ||
## 1.3.5 | ||
- Add keyPassphrase option to signer (#115) | ||
- Add support for created and expires values (#110) | ||
* Add keyPassphrase option to signer (#115) | ||
* Add support for created and expires values (#110) | ||
## 1.3.4 | ||
- Fix breakage in v1.3.3 with the setting of the "algorithm" field in the | ||
* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the | ||
Authorization header (#102) | ||
@@ -22,12 +26,12 @@ | ||
- Add support for an opaque param in the Authorization header (#101) | ||
- Add support for adding the keyId and algorithm params into the signing string (#100) | ||
* Add support for an opaque param in the Authorization header (#101) | ||
* Add support for adding the keyId and algorithm params into the signing string (#100) | ||
## 1.3.2 | ||
- Allow Buffers to be used for verifyHMAC (#98) | ||
* Allow Buffers to be used for verifyHMAC (#98) | ||
## 1.3.1 | ||
- Fix node 0.10 usage (#90) | ||
* Fix node 0.10 usage (#90) | ||
@@ -38,16 +42,16 @@ ## 1.3.0 | ||
- Bump dependency `sshpk` | ||
- Add `Signature` header support (#83) | ||
* Bump dependency `sshpk` | ||
* Add `Signature` header support (#83) | ||
## 1.2.0 | ||
- Bump dependency `assert-plus` | ||
- Add ability to pass a custom header name | ||
- Replaced dependency `node-uuid` with `uuid` | ||
* Bump dependency `assert-plus` | ||
* Add ability to pass a custom header name | ||
* Replaced dependency `node-uuid` with `uuid` | ||
## 1.1.1 | ||
- Version of dependency `assert-plus` updated: old version was missing | ||
* Version of dependency `assert-plus` updated: old version was missing | ||
some license information | ||
- Corrected examples in `http_signing.md`, added auto-tests to | ||
* Corrected examples in `http_signing.md`, added auto-tests to | ||
automatically validate these examples | ||
@@ -57,3 +61,3 @@ | ||
- Bump version of `sshpk` dependency, remove peerDependency on it since | ||
* Bump version of `sshpk` dependency, remove peerDependency on it since | ||
it now supports exchanging objects between multiple versions of itself | ||
@@ -64,3 +68,3 @@ where possible | ||
- Bump min version of `jsprim` dependency, to include fixes for using | ||
* Bump min version of `jsprim` dependency, to include fixes for using | ||
http-signature with `browserify` | ||
@@ -70,3 +74,3 @@ | ||
- Bump minimum version of `sshpk` dependency, to include fixes for | ||
* Bump minimum version of `sshpk` dependency, to include fixes for | ||
whitespace tolerance in key parsing. | ||
@@ -76,13 +80,13 @@ | ||
- First semver release. | ||
- #36: Ensure verifySignature does not leak useful timing information | ||
- #42: Bring the library up to the latest version of the spec (including the | ||
* First semver release. | ||
* #36: Ensure verifySignature does not leak useful timing information | ||
* #42: Bring the library up to the latest version of the spec (including the | ||
request-target changes) | ||
- Support for ECDSA keys and signatures. | ||
- Now uses `sshpk` for key parsing, validation and conversion. | ||
- Fixes for #21, #47, #39 and compatibility with node 0.8 | ||
* Support for ECDSA keys and signatures. | ||
* Now uses `sshpk` for key parsing, validation and conversion. | ||
* Fixes for #21, #47, #39 and compatibility with node 0.8 | ||
## 0.11.0 | ||
- Split up HMAC and Signature verification to avoid vulnerabilities where a | ||
* Split up HMAC and Signature verification to avoid vulnerabilities where a | ||
key intended for use with one can be validated against the other method | ||
@@ -93,4 +97,4 @@ instead. | ||
- Updated versions of most dependencies. | ||
- Utility functions exported for PEM => SSH-RSA conversion. | ||
- Improvements to tests and examples. | ||
* Updated versions of most dependencies. | ||
* Utility functions exported for PEM => SSH-RSA conversion. | ||
* Improvements to tests and examples. |
{ | ||
"name": "http-signature", | ||
"description": "Reference implementation of Joyent's HTTP Signature scheme.", | ||
"version": "1.3.5", | ||
"version": "1.3.6", | ||
"license": "MIT", | ||
@@ -34,3 +34,3 @@ "author": "Joyent, Inc", | ||
"assert-plus": "^1.0.0", | ||
"jsprim": "^1.2.2", | ||
"jsprim": "^2.0.2", | ||
"sshpk": "^1.14.1" | ||
@@ -37,0 +37,0 @@ }, |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
40743
1
+ Addedjsprim@2.0.2(transitive)
- Removedjsprim@1.4.2(transitive)
Updatedjsprim@^2.0.2