v4.0.1

4.0.1 (2025-02-02)

Bug Fixes

• ignore duplicate identifier (#104) (2d1a44b)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.8.0

3.8.0 (2025-01-22)

Features

• support custom pathToRegexpModule (#102) (8e12a8e)

---

This release is also available on:

• npm package (@release-3.x dist-tag)

v4.0.0

4.0.0 (2025-01-17)

⚠ BREAKING CHANGES

• drop Node.js < 18.19.0 support

part of eggjs/egg#3644

eggjs/egg#5257

Summary by CodeRabbit

Based on the comprehensive changes, here are the updated release notes:

• New Features

  • Migrated security plugin to TypeScript.
  • Enhanced type safety for security configurations.
  • Improved middleware and helper utilities.

• Introduced new middleware for handling Strict-Transport-Security,
  X-Frame-Options, and X-XSS-Protection headers.

  • Added support for new security configurations and helper functions.

• Breaking Changes

  • Renamed package from egg-security to @eggjs/security.
  • Dropped support for Node.js versions below 18.19.0.
  • Restructured module exports and configurations.
  • Removed several deprecated middleware and utility functions.

• Security Improvements

  • Updated CSRF, XSS, and SSRF protection mechanisms.
  • Enhanced middleware for handling security headers.
  • Refined configuration options for various security features.

• Performance

  • Modernized codebase with ES module syntax.
  • Improved type definitions and module structure.

• Enhanced test suite with TypeScript support and better resource
  management.

Features

• support cjs and esm both by tshy (#101) (a11661f)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.7.0

3.7.0 (2025-01-13)

Features

• csrf support check origin header with referer type (#69) (2c950d3)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.6.0

3.6.0 (2024-07-08)

Features

• add hostnameExceptionList for ssrf (#100) (92a34f3)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.5.0

3.5.0 (2024-07-03)

Features

• add rotateWhenInvalid option for CSRF token (#98) (ae37c8f)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.4.0

3.4.0 (2024-07-01)

Features

• support SSRF check on useHttpClientNext = true (#96) (1d6bfff)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.3.1

3.3.1 (2024-06-12)

Bug Fixes

• use @eggjs/ip instead of ip (#95) (5e3ee95)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.3.0

3.3.0 (2024-05-29)

Features

• use ip@v2 (#93) (ffb761d)

---

This release is also available on:

• npm package (@latest dist-tag)

v3.2.0

3.2.0 (2024-01-04)

Features

• CSRF cookies allow the use of signatures (#88) (da1b532)

---

This release is also available on:

• npm package (@latest dist-tag)