CHANGES.md (1350B)
1 # node-http-signature changelog 2 3 ## 1.1.1 4 5 - Version of dependency `assert-plus` updated: old version was missing 6 some license information 7 - Corrected examples in `http_signing.md`, added auto-tests to 8 automatically validate these examples 9 10 ## 1.1.0 11 12 - Bump version of `sshpk` dependency, remove peerDependency on it since 13 it now supports exchanging objects between multiple versions of itself 14 where possible 15 16 ## 1.0.2 17 18 - Bump min version of `jsprim` dependency, to include fixes for using 19 http-signature with `browserify` 20 21 ## 1.0.1 22 23 - Bump minimum version of `sshpk` dependency, to include fixes for 24 whitespace tolerance in key parsing. 25 26 ## 1.0.0 27 28 - First semver release. 29 - #36: Ensure verifySignature does not leak useful timing information 30 - #42: Bring the library up to the latest version of the spec (including the 31 request-target changes) 32 - Support for ECDSA keys and signatures. 33 - Now uses `sshpk` for key parsing, validation and conversion. 34 - Fixes for #21, #47, #39 and compatibility with node 0.8 35 36 ## 0.11.0 37 38 - Split up HMAC and Signature verification to avoid vulnerabilities where a 39 key intended for use with one can be validated against the other method 40 instead. 41 42 ## 0.10.2 43 44 - Updated versions of most dependencies. 45 - Utility functions exported for PEM => SSH-RSA conversion. 46 - Improvements to tests and examples.