This repository has been archived on 2021-05-23. You can view files and clone it, but cannot push or open issues or pull requests.

1.3 KiB

Raw Permalink Blame History

node-http-signature changelog

1.1.1

Version of dependency assert-plus updated: old version was missing some license information
Corrected examples in http_signing.md, added auto-tests to automatically validate these examples

1.1.0

Bump version of sshpk dependency, remove peerDependency on it since it now supports exchanging objects between multiple versions of itself where possible

1.0.2

Bump min version of jsprim dependency, to include fixes for using http-signature with browserify

1.0.1

Bump minimum version of sshpk dependency, to include fixes for whitespace tolerance in key parsing.

1.0.0

First semver release.
#36: Ensure verifySignature does not leak useful timing information
#42: Bring the library up to the latest version of the spec (including the request-target changes)
Support for ECDSA keys and signatures.
Now uses sshpk for key parsing, validation and conversion.
Fixes for #21, #47, #39 and compatibility with node 0.8

0.11.0

Split up HMAC and Signature verification to avoid vulnerabilities where a key intended for use with one can be validated against the other method instead.

0.10.2

Updated versions of most dependencies.
Utility functions exported for PEM => SSH-RSA conversion.
Improvements to tests and examples.