1 | 1.18.1 / 2024-10-08
|
2 | ==========
|
3 |
|
4 | * deps: cookie@0.7.2
|
5 | - Fix object assignment of `hasOwnProperty`
|
6 | * deps: cookie@0.7.1
|
7 | - Allow leading dot for domain
|
8 | - Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
|
9 | - Add fast path for `serialize` without options, use `obj.hasOwnProperty` when parsing
|
10 | * deps: cookie@0.7.0
|
11 | - perf: parse cookies ~10% faster
|
12 | - fix: narrow the validation of cookies to match RFC6265
|
13 | - fix: add `main` to `package.json` for rspack
|
14 |
|
15 | 1.18.0 / 2024-01-28
|
16 | ===================
|
17 |
|
18 | * Add debug log for pathname mismatch
|
19 | * Add `partitioned` to `cookie` options
|
20 | * Add `priority` to `cookie` options
|
21 | * Fix handling errors from setting cookie
|
22 | * Support any type in `secret` that `crypto.createHmac` supports
|
23 | * deps: cookie@0.6.0
|
24 | - Fix `expires` option to reject invalid dates
|
25 | - perf: improve default decode speed
|
26 | - perf: remove slow string split in parse
|
27 | * deps: cookie-signature@1.0.7
|
28 |
|
29 | 1.17.3 / 2022-05-11
|
30 | ===================
|
31 |
|
32 | * Fix resaving already-saved new session at end of request
|
33 | * deps: cookie@0.4.2
|
34 |
|
35 | 1.17.2 / 2021-05-19
|
36 | ===================
|
37 |
|
38 | * Fix `res.end` patch to always commit headers
|
39 | * deps: cookie@0.4.1
|
40 | * deps: safe-buffer@5.2.1
|
41 |
|
42 | 1.17.1 / 2020-04-16
|
43 | ===================
|
44 |
|
45 | * Fix internal method wrapping error on failed reloads
|
46 |
|
47 | 1.17.0 / 2019-10-10
|
48 | ===================
|
49 |
|
50 | * deps: cookie@0.4.0
|
51 | - Add `SameSite=None` support
|
52 | * deps: safe-buffer@5.2.0
|
53 |
|
54 | 1.16.2 / 2019-06-12
|
55 | ===================
|
56 |
|
57 | * Fix restoring `cookie.originalMaxAge` when store returns `Date`
|
58 | * deps: parseurl@~1.3.3
|
59 |
|
60 | 1.16.1 / 2019-04-11
|
61 | ===================
|
62 |
|
63 | * Fix error passing `data` option to `Cookie` constructor
|
64 | * Fix uncaught error from bad session data
|
65 |
|
66 | 1.16.0 / 2019-04-10
|
67 | ===================
|
68 |
|
69 | * Catch invalid `cookie.maxAge` value earlier
|
70 | * Deprecate setting `cookie.maxAge` to a `Date` object
|
71 | * Fix issue where `resave: false` may not save altered sessions
|
72 | * Remove `utils-merge` dependency
|
73 | * Use `safe-buffer` for improved Buffer API
|
74 | * Use `Set-Cookie` as cookie header name for compatibility
|
75 | * deps: depd@~2.0.0
|
76 | - Replace internal `eval` usage with `Function` constructor
|
77 | - Use instance methods on `process` to check for listeners
|
78 | - perf: remove argument reassignment
|
79 | * deps: on-headers@~1.0.2
|
80 | - Fix `res.writeHead` patch missing return value
|
81 |
|
82 | 1.15.6 / 2017-09-26
|
83 | ===================
|
84 |
|
85 | * deps: debug@2.6.9
|
86 | * deps: parseurl@~1.3.2
|
87 | - perf: reduce overhead for full URLs
|
88 | - perf: unroll the "fast-path" `RegExp`
|
89 | * deps: uid-safe@~2.1.5
|
90 | - perf: remove only trailing `=`
|
91 | * deps: utils-merge@1.0.1
|
92 |
|
93 | 1.15.5 / 2017-08-02
|
94 | ===================
|
95 |
|
96 | * Fix `TypeError` when `req.url` is an empty string
|
97 | * deps: depd@~1.1.1
|
98 | - Remove unnecessary `Buffer` loading
|
99 |
|
100 | 1.15.4 / 2017-07-18
|
101 | ===================
|
102 |
|
103 | * deps: debug@2.6.8
|
104 |
|
105 | 1.15.3 / 2017-05-17
|
106 | ===================
|
107 |
|
108 | * deps: debug@2.6.7
|
109 | - deps: ms@2.0.0
|
110 |
|
111 | 1.15.2 / 2017-03-26
|
112 | ===================
|
113 |
|
114 | * deps: debug@2.6.3
|
115 | - Fix `DEBUG_MAX_ARRAY_LENGTH`
|
116 | * deps: uid-safe@~2.1.4
|
117 | - Remove `base64-url` dependency
|
118 |
|
119 | 1.15.1 / 2017-02-10
|
120 | ===================
|
121 |
|
122 | * deps: debug@2.6.1
|
123 | - Fix deprecation messages in WebStorm and other editors
|
124 | - Undeprecate `DEBUG_FD` set to `1` or `2`
|
125 |
|
126 | 1.15.0 / 2017-01-22
|
127 | ===================
|
128 |
|
129 | * Fix detecting modified session when session contains "cookie" property
|
130 | * Fix resaving already-saved reloaded session at end of request
|
131 | * deps: crc@3.4.4
|
132 | - perf: use `Buffer.from` when available
|
133 | * deps: debug@2.6.0
|
134 | - Allow colors in workers
|
135 | - Deprecated `DEBUG_FD` environment variable
|
136 | - Use same color for same namespace
|
137 | - Fix error when running under React Native
|
138 | - deps: ms@0.7.2
|
139 | * perf: remove unreachable branch in set-cookie method
|
140 |
|
141 | 1.14.2 / 2016-10-30
|
142 | ===================
|
143 |
|
144 | * deps: crc@3.4.1
|
145 | - Fix deprecation warning in Node.js 7.x
|
146 | * deps: uid-safe@~2.1.3
|
147 | - deps: base64-url@1.3.3
|
148 |
|
149 | 1.14.1 / 2016-08-24
|
150 | ===================
|
151 |
|
152 | * Fix not always resetting session max age before session save
|
153 | * Fix the cookie `sameSite` option to actually alter the `Set-Cookie`
|
154 | * deps: uid-safe@~2.1.2
|
155 | - deps: base64-url@1.3.2
|
156 |
|
157 | 1.14.0 / 2016-07-01
|
158 | ===================
|
159 |
|
160 | * Correctly inherit from `EventEmitter` class in `Store` base class
|
161 | * Fix issue where `Set-Cookie` `Expires` was not always updated
|
162 | * Methods are no longer enumerable on `req.session` object
|
163 | * deps: cookie@0.3.1
|
164 | - Add `sameSite` option
|
165 | - Improve error message when `encode` is not a function
|
166 | - Improve error message when `expires` is not a `Date`
|
167 | - perf: enable strict mode
|
168 | - perf: use for loop in parse
|
169 | - perf: use string concatination for serialization
|
170 | * deps: parseurl@~1.3.1
|
171 | - perf: enable strict mode
|
172 | * deps: uid-safe@~2.1.1
|
173 | - Use `random-bytes` for byte source
|
174 | - deps: base64-url@1.2.2
|
175 | * perf: enable strict mode
|
176 | * perf: remove argument reassignment
|
177 |
|
178 | 1.13.0 / 2016-01-10
|
179 | ===================
|
180 |
|
181 | * Fix `rolling: true` to not set cookie when no session exists
|
182 | - Better `saveUninitialized: false` + `rolling: true` behavior
|
183 | * deps: crc@3.4.0
|
184 |
|
185 | 1.12.1 / 2015-10-29
|
186 | ===================
|
187 |
|
188 | * deps: cookie@0.2.3
|
189 | - Fix cookie `Max-Age` to never be a floating point number
|
190 |
|
191 | 1.12.0 / 2015-10-25
|
192 | ===================
|
193 |
|
194 | * Support the value `'auto'` in the `cookie.secure` option
|
195 | * deps: cookie@0.2.2
|
196 | - Throw on invalid values provided to `serialize`
|
197 | * deps: depd@~1.1.0
|
198 | - Enable strict mode in more places
|
199 | - Support web browser loading
|
200 | * deps: on-headers@~1.0.1
|
201 | - perf: enable strict mode
|
202 |
|
203 | 1.11.3 / 2015-05-22
|
204 | ===================
|
205 |
|
206 | * deps: cookie@0.1.3
|
207 | - Slight optimizations
|
208 | * deps: crc@3.3.0
|
209 |
|
210 | 1.11.2 / 2015-05-10
|
211 | ===================
|
212 |
|
213 | * deps: debug@~2.2.0
|
214 | - deps: ms@0.7.1
|
215 | * deps: uid-safe@~2.0.0
|
216 |
|
217 | 1.11.1 / 2015-04-08
|
218 | ===================
|
219 |
|
220 | * Fix mutating `options.secret` value
|
221 |
|
222 | 1.11.0 / 2015-04-07
|
223 | ===================
|
224 |
|
225 | * Support an array in `secret` option for key rotation
|
226 | * deps: depd@~1.0.1
|
227 |
|
228 | 1.10.4 / 2015-03-15
|
229 | ===================
|
230 |
|
231 | * deps: debug@~2.1.3
|
232 | - Fix high intensity foreground color for bold
|
233 | - deps: ms@0.7.0
|
234 |
|
235 | 1.10.3 / 2015-02-16
|
236 | ===================
|
237 |
|
238 | * deps: cookie-signature@1.0.6
|
239 | * deps: uid-safe@1.1.0
|
240 | - Use `crypto.randomBytes`, if available
|
241 | - deps: base64-url@1.2.1
|
242 |
|
243 | 1.10.2 / 2015-01-31
|
244 | ===================
|
245 |
|
246 | * deps: uid-safe@1.0.3
|
247 | - Fix error branch that would throw
|
248 | - deps: base64-url@1.2.0
|
249 |
|
250 | 1.10.1 / 2015-01-08
|
251 | ===================
|
252 |
|
253 | * deps: uid-safe@1.0.2
|
254 | - Remove dependency on `mz`
|
255 |
|
256 | 1.10.0 / 2015-01-05
|
257 | ===================
|
258 |
|
259 | * Add `store.touch` interface for session stores
|
260 | * Fix `MemoryStore` expiration with `resave: false`
|
261 | * deps: debug@~2.1.1
|
262 |
|
263 | 1.9.3 / 2014-12-02
|
264 | ==================
|
265 |
|
266 | * Fix error when `req.sessionID` contains a non-string value
|
267 |
|
268 | 1.9.2 / 2014-11-22
|
269 | ==================
|
270 |
|
271 | * deps: crc@3.2.1
|
272 | - Minor fixes
|
273 |
|
274 | 1.9.1 / 2014-10-22
|
275 | ==================
|
276 |
|
277 | * Remove unnecessary empty write call
|
278 | - Fixes Node.js 0.11.14 behavior change
|
279 | - Helps work-around Node.js 0.10.1 zlib bug
|
280 |
|
281 | 1.9.0 / 2014-09-16
|
282 | ==================
|
283 |
|
284 | * deps: debug@~2.1.0
|
285 | - Implement `DEBUG_FD` env variable support
|
286 | * deps: depd@~1.0.0
|
287 |
|
288 | 1.8.2 / 2014-09-15
|
289 | ==================
|
290 |
|
291 | * Use `crc` instead of `buffer-crc32` for speed
|
292 | * deps: depd@0.4.5
|
293 |
|
294 | 1.8.1 / 2014-09-08
|
295 | ==================
|
296 |
|
297 | * Keep `req.session.save` non-enumerable
|
298 | * Prevent session prototype methods from being overwritten
|
299 |
|
300 | 1.8.0 / 2014-09-07
|
301 | ==================
|
302 |
|
303 | * Do not resave already-saved session at end of request
|
304 | * deps: cookie-signature@1.0.5
|
305 | * deps: debug@~2.0.0
|
306 |
|
307 | 1.7.6 / 2014-08-18
|
308 | ==================
|
309 |
|
310 | * Fix exception on `res.end(null)` calls
|
311 |
|
312 | 1.7.5 / 2014-08-10
|
313 | ==================
|
314 |
|
315 | * Fix parsing original URL
|
316 | * deps: on-headers@~1.0.0
|
317 | * deps: parseurl@~1.3.0
|
318 |
|
319 | 1.7.4 / 2014-08-05
|
320 | ==================
|
321 |
|
322 | * Fix response end delay for non-chunked responses
|
323 |
|
324 | 1.7.3 / 2014-08-05
|
325 | ==================
|
326 |
|
327 | * Fix `res.end` patch to call correct upstream `res.write`
|
328 |
|
329 | 1.7.2 / 2014-07-27
|
330 | ==================
|
331 |
|
332 | * deps: depd@0.4.4
|
333 | - Work-around v8 generating empty stack traces
|
334 |
|
335 | 1.7.1 / 2014-07-26
|
336 | ==================
|
337 |
|
338 | * deps: depd@0.4.3
|
339 | - Fix exception when global `Error.stackTraceLimit` is too low
|
340 |
|
341 | 1.7.0 / 2014-07-22
|
342 | ==================
|
343 |
|
344 | * Improve session-ending error handling
|
345 | - Errors are passed to `next(err)` instead of `console.error`
|
346 | * deps: debug@1.0.4
|
347 | * deps: depd@0.4.2
|
348 | - Add `TRACE_DEPRECATION` environment variable
|
349 | - Remove non-standard grey color from color output
|
350 | - Support `--no-deprecation` argument
|
351 | - Support `--trace-deprecation` argument
|
352 |
|
353 | 1.6.5 / 2014-07-11
|
354 | ==================
|
355 |
|
356 | * Do not require `req.originalUrl`
|
357 | * deps: debug@1.0.3
|
358 | - Add support for multiple wildcards in namespaces
|
359 |
|
360 | 1.6.4 / 2014-07-07
|
361 | ==================
|
362 |
|
363 | * Fix blank responses for stores with synchronous operations
|
364 |
|
365 | 1.6.3 / 2014-07-04
|
366 | ==================
|
367 |
|
368 | * Fix resave deprecation message
|
369 |
|
370 | 1.6.2 / 2014-07-04
|
371 | ==================
|
372 |
|
373 | * Fix confusing option deprecation messages
|
374 |
|
375 | 1.6.1 / 2014-06-28
|
376 | ==================
|
377 |
|
378 | * Fix saveUninitialized deprecation message
|
379 |
|
380 | 1.6.0 / 2014-06-28
|
381 | ==================
|
382 |
|
383 | * Add deprecation message to undefined `resave` option
|
384 | * Add deprecation message to undefined `saveUninitialized` option
|
385 | * Fix `res.end` patch to return correct value
|
386 | * Fix `res.end` patch to handle multiple `res.end` calls
|
387 | * Reject cookies with missing signatures
|
388 |
|
389 | 1.5.2 / 2014-06-26
|
390 | ==================
|
391 |
|
392 | * deps: cookie-signature@1.0.4
|
393 | - fix for timing attacks
|
394 |
|
395 | 1.5.1 / 2014-06-21
|
396 | ==================
|
397 |
|
398 | * Move hard-to-track-down `req.secret` deprecation message
|
399 |
|
400 | 1.5.0 / 2014-06-19
|
401 | ==================
|
402 |
|
403 | * Debug name is now "express-session"
|
404 | * Deprecate integration with `cookie-parser` middleware
|
405 | * Deprecate looking for secret in `req.secret`
|
406 | * Directly read cookies; `cookie-parser` no longer required
|
407 | * Directly set cookies; `res.cookie` no longer required
|
408 | * Generate session IDs with `uid-safe`, faster and even less collisions
|
409 |
|
410 | 1.4.0 / 2014-06-17
|
411 | ==================
|
412 |
|
413 | * Add `genid` option to generate custom session IDs
|
414 | * Add `saveUninitialized` option to control saving uninitialized sessions
|
415 | * Add `unset` option to control unsetting `req.session`
|
416 | * Generate session IDs with `rand-token` by default; reduce collisions
|
417 | * deps: buffer-crc32@0.2.3
|
418 |
|
419 | 1.3.1 / 2014-06-14
|
420 | ==================
|
421 |
|
422 | * Add description in package for npmjs.org listing
|
423 |
|
424 | 1.3.0 / 2014-06-14
|
425 | ==================
|
426 |
|
427 | * Integrate with express "trust proxy" by default
|
428 | * deps: debug@1.0.2
|
429 |
|
430 | 1.2.1 / 2014-05-27
|
431 | ==================
|
432 |
|
433 | * Fix `resave` such that `resave: true` works
|
434 |
|
435 | 1.2.0 / 2014-05-19
|
436 | ==================
|
437 |
|
438 | * Add `resave` option to control saving unmodified sessions
|
439 |
|
440 | 1.1.0 / 2014-05-12
|
441 | ==================
|
442 |
|
443 | * Add `name` option; replacement for `key` option
|
444 | * Use `setImmediate` in MemoryStore for node.js >= 0.10
|
445 |
|
446 | 1.0.4 / 2014-04-27
|
447 | ==================
|
448 |
|
449 | * deps: debug@0.8.1
|
450 |
|
451 | 1.0.3 / 2014-04-19
|
452 | ==================
|
453 |
|
454 | * Use `res.cookie()` instead of `res.setHeader()`
|
455 | * deps: cookie@0.1.2
|
456 |
|
457 | 1.0.2 / 2014-02-23
|
458 | ==================
|
459 |
|
460 | * Add missing dependency to `package.json`
|
461 |
|
462 | 1.0.1 / 2014-02-15
|
463 | ==================
|
464 |
|
465 | * Add missing dependencies to `package.json`
|
466 |
|
467 | 1.0.0 / 2014-02-15
|
468 | ==================
|
469 |
|
470 | * Genesis from `connect`
|