http-signature
Advanced tools
Comparing version 1.3.5 to 1.3.6
@@ -7,10 +7,14 @@ # node-http-signature changelog | ||
| ## 1.3.6 | ||
| * Update jsprim due to vulnerability in json-schema (#123) | ||
| ## 1.3.5 | ||
| - Add keyPassphrase option to signer (#115) | ||
| - Add support for created and expires values (#110) | ||
| * Add keyPassphrase option to signer (#115) | ||
| * Add support for created and expires values (#110) | ||
| ## 1.3.4 | ||
| - Fix breakage in v1.3.3 with the setting of the "algorithm" field in the | ||
| * Fix breakage in v1.3.3 with the setting of the "algorithm" field in the | ||
| Authorization header (#102) | ||
@@ -22,12 +26,12 @@ | ||
| - Add support for an opaque param in the Authorization header (#101) | ||
| - Add support for adding the keyId and algorithm params into the signing string (#100) | ||
| * Add support for an opaque param in the Authorization header (#101) | ||
| * Add support for adding the keyId and algorithm params into the signing string (#100) | ||
| ## 1.3.2 | ||
| - Allow Buffers to be used for verifyHMAC (#98) | ||
| * Allow Buffers to be used for verifyHMAC (#98) | ||
| ## 1.3.1 | ||
| - Fix node 0.10 usage (#90) | ||
| * Fix node 0.10 usage (#90) | ||
@@ -38,16 +42,16 @@ ## 1.3.0 | ||
| - Bump dependency `sshpk` | ||
| - Add `Signature` header support (#83) | ||
| * Bump dependency `sshpk` | ||
| * Add `Signature` header support (#83) | ||
| ## 1.2.0 | ||
| - Bump dependency `assert-plus` | ||
| - Add ability to pass a custom header name | ||
| - Replaced dependency `node-uuid` with `uuid` | ||
| * Bump dependency `assert-plus` | ||
| * Add ability to pass a custom header name | ||
| * Replaced dependency `node-uuid` with `uuid` | ||
| ## 1.1.1 | ||
| - Version of dependency `assert-plus` updated: old version was missing | ||
| * Version of dependency `assert-plus` updated: old version was missing | ||
| some license information | ||
| - Corrected examples in `http_signing.md`, added auto-tests to | ||
| * Corrected examples in `http_signing.md`, added auto-tests to | ||
| automatically validate these examples | ||
@@ -57,3 +61,3 @@ | ||
| - Bump version of `sshpk` dependency, remove peerDependency on it since | ||
| * Bump version of `sshpk` dependency, remove peerDependency on it since | ||
| it now supports exchanging objects between multiple versions of itself | ||
@@ -64,3 +68,3 @@ where possible | ||
| - Bump min version of `jsprim` dependency, to include fixes for using | ||
| * Bump min version of `jsprim` dependency, to include fixes for using | ||
| http-signature with `browserify` | ||
@@ -70,3 +74,3 @@ | ||
| - Bump minimum version of `sshpk` dependency, to include fixes for | ||
| * Bump minimum version of `sshpk` dependency, to include fixes for | ||
| whitespace tolerance in key parsing. | ||
@@ -76,13 +80,13 @@ | ||
| - First semver release. | ||
| - #36: Ensure verifySignature does not leak useful timing information | ||
| - #42: Bring the library up to the latest version of the spec (including the | ||
| * First semver release. | ||
| * #36: Ensure verifySignature does not leak useful timing information | ||
| * #42: Bring the library up to the latest version of the spec (including the | ||
| request-target changes) | ||
| - Support for ECDSA keys and signatures. | ||
| - Now uses `sshpk` for key parsing, validation and conversion. | ||
| - Fixes for #21, #47, #39 and compatibility with node 0.8 | ||
| * Support for ECDSA keys and signatures. | ||
| * Now uses `sshpk` for key parsing, validation and conversion. | ||
| * Fixes for #21, #47, #39 and compatibility with node 0.8 | ||
| ## 0.11.0 | ||
| - Split up HMAC and Signature verification to avoid vulnerabilities where a | ||
| * Split up HMAC and Signature verification to avoid vulnerabilities where a | ||
| key intended for use with one can be validated against the other method | ||
@@ -93,4 +97,4 @@ instead. | ||
| - Updated versions of most dependencies. | ||
| - Utility functions exported for PEM => SSH-RSA conversion. | ||
| - Improvements to tests and examples. | ||
| * Updated versions of most dependencies. | ||
| * Utility functions exported for PEM => SSH-RSA conversion. | ||
| * Improvements to tests and examples. |
| { | ||
| "name": "http-signature", | ||
| "description": "Reference implementation of Joyent's HTTP Signature scheme.", | ||
| "version": "1.3.5", | ||
| "version": "1.3.6", | ||
| "license": "MIT", | ||
@@ -34,3 +34,3 @@ "author": "Joyent, Inc", | ||
| "assert-plus": "^1.0.0", | ||
| "jsprim": "^1.2.2", | ||
| "jsprim": "^2.0.2", | ||
| "sshpk": "^1.14.1" | ||
@@ -37,0 +37,0 @@ }, |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.16%
40743
Worsened metrics
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedjsprim@2.0.2(transitive)
- Removedjsprim@1.4.2(transitive)
Updatedjsprim@^2.0.2