1 | # node-http-signature changelog
|
2 |
|
3 | ## 1.1.1
|
4 |
|
5 | - Version of dependency `assert-plus` updated: old version was missing
|
6 | some license information
|
7 | - Corrected examples in `http_signing.md`, added auto-tests to
|
8 | automatically validate these examples
|
9 |
|
10 | ## 1.1.0
|
11 |
|
12 | - Bump version of `sshpk` dependency, remove peerDependency on it since
|
13 | it now supports exchanging objects between multiple versions of itself
|
14 | where possible
|
15 |
|
16 | ## 1.0.2
|
17 |
|
18 | - Bump min version of `jsprim` dependency, to include fixes for using
|
19 | http-signature with `browserify`
|
20 |
|
21 | ## 1.0.1
|
22 |
|
23 | - Bump minimum version of `sshpk` dependency, to include fixes for
|
24 | whitespace tolerance in key parsing.
|
25 |
|
26 | ## 1.0.0
|
27 |
|
28 | - First semver release.
|
29 | - #36: Ensure verifySignature does not leak useful timing information
|
30 | - #42: Bring the library up to the latest version of the spec (including the
|
31 | request-target changes)
|
32 | - Support for ECDSA keys and signatures.
|
33 | - Now uses `sshpk` for key parsing, validation and conversion.
|
34 | - Fixes for #21, #47, #39 and compatibility with node 0.8
|
35 |
|
36 | ## 0.11.0
|
37 |
|
38 | - Split up HMAC and Signature verification to avoid vulnerabilities where a
|
39 | key intended for use with one can be validated against the other method
|
40 | instead.
|
41 |
|
42 | ## 0.10.2
|
43 |
|
44 | - Updated versions of most dependencies.
|
45 | - Utility functions exported for PEM => SSH-RSA conversion.
|
46 | - Improvements to tests and examples.
|