0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
verdaccio/packages/plugins/audit/CHANGELOG.md
Juan Picado 53d9df92c6
chore: update versions (next-7) (#4624)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2024-05-05 17:09:41 +02:00

27 KiB

Change Log

12.0.0-next-7.15

Patch Changes

  • Updated dependencies [bd8703e]
    • @verdaccio/core@7.0.0-next-7.15
    • @verdaccio/config@7.0.0-next-7.15

12.0.0-next-7.14

Patch Changes

  • @verdaccio/core@7.0.0-next-7.14
  • @verdaccio/config@7.0.0-next-7.14

12.0.0-next-7.13

Patch Changes

  • Updated dependencies [a99a4bb]
    • @verdaccio/config@7.0.0-next-7.13
    • @verdaccio/core@7.0.0-next-7.13

12.0.0-next-7.12

Patch Changes

  • @verdaccio/core@7.0.0-next-7.12
  • @verdaccio/config@7.0.0-next-7.12

12.0.0-next-7.11

Patch Changes

  • Updated dependencies [c9962fe]
    • @verdaccio/config@7.0.0-next-7.11
    • @verdaccio/core@7.0.0-next-7.11

12.0.0-next-7.10

Patch Changes

  • @verdaccio/core@7.0.0-next-7.10
  • @verdaccio/config@7.0.0-next-7.10

12.0.0-next-7.9

Patch Changes

  • @verdaccio/core@7.0.0-next-7.9
  • @verdaccio/config@7.0.0-next-7.9

12.0.0-next-7.8

Patch Changes

  • @verdaccio/core@7.0.0-next-7.8
  • @verdaccio/config@7.0.0-next-7.8

12.0.0-next-7.7

Patch Changes

  • @verdaccio/core@7.0.0-next-7.7
  • @verdaccio/config@7.0.0-next-7.7

12.0.0-next.6

Patch Changes

  • Updated dependencies [4d96324]
    • @verdaccio/config@7.0.0-next.6
    • @verdaccio/core@7.0.0-next.6

12.0.0-next.5

Patch Changes

  • Updated dependencies [f047cc8]
    • @verdaccio/core@7.0.0-next.5
    • @verdaccio/config@7.0.0-next.5

12.0.0-next.4

Patch Changes

  • @verdaccio/core@7.0.0-next.4
  • @verdaccio/config@7.0.0-next.4

12.0.0-next.3

Major Changes

  • e7ebccb61: update major dependencies, remove old nodejs support

Minor Changes

Patch Changes

  • Updated dependencies [daceb6d87]
  • Updated dependencies [e7ebccb61]
    • @verdaccio/config@7.0.0-next.3
    • @verdaccio/core@7.0.0-next.3

12.0.0-next.2

Patch Changes

  • @verdaccio/core@7.0.0-next.2
  • @verdaccio/config@7.0.0-next.2

12.0.0-next.1

Patch Changes

  • @verdaccio/core@7.0.0-next.1
  • @verdaccio/config@7.0.0-next.1

12.0.0-next.0

Major Changes

  • feat!: bump to v7

Patch Changes

  • Updated dependencies
    • @verdaccio/config@7.0.0-next.0
    • @verdaccio/core@7.0.0-next.0

11.0.0

Major Changes

  • 292c0a37f: feat!: replace deprecated request dependency by got

    This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.

    Notes

    • Remove deprecated request by other got, retry improved, custom Agent ( got does not include it built-in)
    • Remove async dependency from storage (used by core) it was linked with proxy somehow safe to remove now
    • Refactor with promises instead callback wherever is possible
    • Document the API
    • Improve testing, integration tests
    • Bugfix
    • Clean up old validations
    • Improve performance

    💥 Breaking changes

    • Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
    • Write Tarball, Read Tarball methods parameters change, a new set of options like AbortController signals are being provided to the addAbortSignal can be internally used with Streams when a request is aborted. eg: addAbortSignal(signal, fs.createReadStream(pathName));
    • @verdaccio/streams stream abort support is legacy is being deprecated removed
    • Remove AWS and Google Cloud packages for future refactoring #2574.
  • a3a209b5e: feat: migrate to pino.js 8

  • 459b6fa72: refactor: search v1 endpoint and local-database

    • refactor search api v1 endpoint, improve performance
    • remove usage of async dependency https://github.com/verdaccio/verdaccio/issues/1225
    • refactor method storage class
    • create new module core to reduce the ammount of modules with utilities
    • use undici instead node-fetch
    • use fastify instead express for functional test

    Breaking changes

    • plugin storage API changes
    • remove old search endpoint (return 404)
    • filter local private packages at plugin level

    The storage api changes for methods get, add, remove as promise base. The search methods also changes and recieves a query object that contains all query params from the client.

    export interface IPluginStorage<T> extends IPlugin {
      add(name: string): Promise<void>;
      remove(name: string): Promise<void>;
      get(): Promise<any>;
      init(): Promise<void>;
      getSecret(): Promise<string>;
      setSecret(secret: string): Promise<any>;
      getPackageStorage(packageInfo: string): IPackageStorage;
      search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
      saveToken(token: Token): Promise<any>;
      deleteToken(user: string, tokenKey: string): Promise<any>;
      readTokens(filter: TokenFilter): Promise<Token[]>;
    }
    
  • 9fc2e7961: feat(plugins): improve plugin loader

    Changes

    Features

    // config.yaml
    server:
      pluginPrefix: mycompany
    middleware:
      audit:
          foo: 1
    

    This configuration will look up for mycompany-audit instead Verdaccio-audit.

    Breaking Changes

    sinopia plugins

    • sinopia fallback support is removed, but can be restored using pluginPrefix

    plugin filter

    • method rename filter_metadata->filterMetadata

    Plugin constructor does not merge configs anymore https://github.com/verdaccio/verdaccio/issues/928

    The plugin receives as first argument config, which represents the config of the plugin. Example:

    // config.yaml
    auth:
      plugin:
         foo: 1
         bar: 2
    
    export class Plugin<T> {
      public constructor(config: T, options: PluginOptions) {
        console.log(config);
        // {foo:1, bar: 2}
     }
    }
    
  • 794af76c5: Remove Node 12 support

    • We need move to the new undici and does not support Node.js 12
  • 10aeb4f13: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities
  • 061bfcc8d: feat: standalone registry with no dependencies

    Usage

    To install a server with no dependencies

    npm install -g @verdaccio/standalone
    

    with no internet required

    npm install -g ./tarball.tar.gz
    

    Bundles htpasswd and audit plugins.

    Breaking Change

    It does not allow anymore the auth and middleware property at config file empty, it will fallback to those plugins by default.

Minor Changes

  • 24b9be020: refactor: improve docker image build with strict dependencies and prod build

  • 631abe1ac: feat: refactor logger

  • b61f762d6: feat: add server rate limit protection to all request

    To modify custom values, use the server settings property.

    server:
    
    ## https://www.npmjs.com/package/express-rate-limit#configuration-options
    
    rateLimit:
    windowMs: 1000
    max: 10000
    

    The values are intended to be high, if you want to improve security of your server consider using different values.

  • 45c03819e: refactor: render html middleware

Patch Changes

11.0.0-6-next.39

Patch Changes

  • @verdaccio/core@6.0.0-6-next.76
  • @verdaccio/config@6.0.0-6-next.76

11.0.0-6-next.38

Patch Changes

  • Updated dependencies [0a6412ca9]
    • @verdaccio/core@6.0.0-6-next.75
    • @verdaccio/config@6.0.0-6-next.75

11.0.0-6-next.37

Patch Changes

  • @verdaccio/core@6.0.0-6-next.74
  • @verdaccio/config@6.0.0-6-next.74

11.0.0-6-next.36

Patch Changes

  • Updated dependencies [f859d2b1a]
    • @verdaccio/core@6.0.0-6-next.73
    • @verdaccio/config@6.0.0-6-next.73

11.0.0-6-next.35

Patch Changes

  • @verdaccio/core@6.0.0-6-next.72
  • @verdaccio/config@6.0.0-6-next.72

11.0.0-6-next.34

Patch Changes

  • Updated dependencies [679c19c1b]
    • @verdaccio/config@6.0.0-6-next.71
    • @verdaccio/core@6.0.0-6-next.71

11.0.0-6-next.33

Patch Changes

  • @verdaccio/core@6.0.0-6-next.70
  • @verdaccio/config@6.0.0-6-next.70

11.0.0-6-next.32

Patch Changes

  • Updated dependencies [c9d1af0e]
    • @verdaccio/core@6.0.0-6-next.69
    • @verdaccio/config@6.0.0-6-next.69

11.0.0-6-next.31

Patch Changes

  • @verdaccio/core@6.0.0-6-next.68
  • @verdaccio/config@6.0.0-6-next.68

11.0.0-6-next.30

Patch Changes

  • Updated dependencies [16e38df8]
    • @verdaccio/config@6.0.0-6-next.67
    • @verdaccio/core@6.0.0-6-next.67

11.0.0-6-next.29

Patch Changes

  • @verdaccio/core@6.0.0-6-next.66
  • @verdaccio/config@6.0.0-6-next.66

11.0.0-6-next.28

Patch Changes

  • Updated dependencies [a1da1130]
    • @verdaccio/core@6.0.0-6-next.65
    • @verdaccio/config@6.0.0-6-next.65

11.0.0-6-next.27

Patch Changes

  • Updated dependencies [974cd8c1]
    • @verdaccio/core@6.0.0-6-next.64
    • @verdaccio/config@6.0.0-6-next.64

11.0.0-6-next.26

Patch Changes

  • Updated dependencies [ddb6a223]
  • Updated dependencies [dc571aab]
    • @verdaccio/config@6.0.0-6-next.63
    • @verdaccio/core@6.0.0-6-next.63

11.0.0-6-next.25

Patch Changes

  • Updated dependencies [378e907d]
    • @verdaccio/core@6.0.0-6-next.62
    • @verdaccio/config@6.0.0-6-next.62

11.0.0-6-next.24

Patch Changes

  • Updated dependencies [d167f92e]
    • @verdaccio/config@6.0.0-6-next.61
    • @verdaccio/core@6.0.0-6-next.61

11.0.0-6-next.23

Minor Changes

  • 45c03819: refactor: render html middleware

Patch Changes

  • Updated dependencies [45c03819]
    • @verdaccio/config@6.0.0-6-next.60
    • @verdaccio/core@6.0.0-6-next.60

11.0.0-6-next.22

Patch Changes

  • Updated dependencies [65f88b82]
    • @verdaccio/logger@6.0.0-6-next.27
    • @verdaccio/core@6.0.0-6-next.59
    • @verdaccio/config@6.0.0-6-next.59

11.0.0-6-next.21

Patch Changes

  • @verdaccio/core@6.0.0-6-next.58
  • @verdaccio/config@6.0.0-6-next.58
  • @verdaccio/logger@6.0.0-6-next.26

11.0.0-6-next.20

Patch Changes

  • @verdaccio/core@6.0.0-6-next.57
  • @verdaccio/config@6.0.0-6-next.57
  • @verdaccio/logger@6.0.0-6-next.25

11.0.0-6-next.19

Patch Changes

  • @verdaccio/config@6.0.0-6-next.56
  • @verdaccio/core@6.0.0-6-next.56
  • @verdaccio/logger@6.0.0-6-next.24

11.0.0-6-next.18

Patch Changes

  • Updated dependencies [9718e033]
    • @verdaccio/config@6.0.0-6-next.55
    • @verdaccio/core@6.0.0-6-next.55
    • @verdaccio/logger@6.0.0-6-next.23

11.0.0-6-next.17

Patch Changes

  • Updated dependencies [ef88da3b]
    • @verdaccio/config@6.0.0-6-next.54
    • @verdaccio/core@6.0.0-6-next.54
    • @verdaccio/logger@6.0.0-6-next.22

11.0.0-6-next.16

Patch Changes

  • @verdaccio/core@6.0.0-6-next.53
  • @verdaccio/logger@6.0.0-6-next.21
  • @verdaccio/config@6.0.0-6-next.53

11.0.0-6-next.15

Patch Changes

  • @verdaccio/core@6.0.0-6-next.52
  • @verdaccio/config@6.0.0-6-next.52
  • @verdaccio/logger@6.0.0-6-next.20

11.0.0-6-next.14

Patch Changes

  • Updated dependencies [4b29d715]
    • @verdaccio/config@6.0.0-6-next.51
    • @verdaccio/core@6.0.0-6-next.51
    • @verdaccio/logger@6.0.0-6-next.19

11.0.0-6-next.13

Patch Changes

  • @verdaccio/core@6.0.0-6-next.50
  • @verdaccio/config@6.0.0-6-next.50
  • @verdaccio/logger@6.0.0-6-next.18

11.0.0-6-next.12

Patch Changes

  • @verdaccio/core@6.0.0-6-next.49
  • @verdaccio/config@6.0.0-6-next.49
  • @verdaccio/logger@6.0.0-6-next.17

11.0.0-6-next.11

Major Changes

11.0.0-6-next.10

Patch Changes

  • 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage

11.0.0-6-next.9

Major Changes

  • 292c0a37: feat!: replace deprecated request dependency by got

    This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.

    Notes

    • Remove deprecated request by other got, retry improved, custom Agent ( got does not include it built-in)
    • Remove async dependency from storage (used by core) it was linked with proxy somehow safe to remove now
    • Refactor with promises instead callback wherever is possible
    • Document the API
    • Improve testing, integration tests
    • Bugfix
    • Clean up old validations
    • Improve performance

    💥 Breaking changes

    • Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
    • Write Tarball, Read Tarball methods parameters change, a new set of options like AbortController signals are being provided to the addAbortSignal can be internally used with Streams when a request is aborted. eg: addAbortSignal(signal, fs.createReadStream(pathName));
    • @verdaccio/streams stream abort support is legacy is being deprecated removed
    • Remove AWS and Google Cloud packages for future refactoring #2574.
  • a3a209b5: feat: migrate to pino.js 8

11.0.0-6-next.8

Minor Changes

  • 24b9be02: refactor: improve docker image build with strict dependencies and prod build

11.0.0-6-next.7

Major Changes

  • 794af76c: Remove Node 12 support

    • We need move to the new undici and does not support Node.js 12

11.0.0-6-next.6

Major Changes

  • 459b6fa7: refactor: search v1 endpoint and local-database

    • refactor search api v1 endpoint, improve performance
    • remove usage of async dependency https://github.com/verdaccio/verdaccio/issues/1225
    • refactor method storage class
    • create new module core to reduce the ammount of modules with utilities
    • use undici instead node-fetch
    • use fastify instead express for functional test

    Breaking changes

    • plugin storage API changes
    • remove old search endpoint (return 404)
    • filter local private packages at plugin level

    The storage api changes for methods get, add, remove as promise base. The search methods also changes and recieves a query object that contains all query params from the client.

    export interface IPluginStorage<T> extends IPlugin {
      add(name: string): Promise<void>;
      remove(name: string): Promise<void>;
      get(): Promise<any>;
      init(): Promise<void>;
      getSecret(): Promise<string>;
      setSecret(secret: string): Promise<any>;
      getPackageStorage(packageInfo: string): IPackageStorage;
      search(query: searchUtils.SearchQuery): Promise<searchUtils.SearchItem[]>;
      saveToken(token: Token): Promise<any>;
      deleteToken(user: string, tokenKey: string): Promise<any>;
      readTokens(filter: TokenFilter): Promise<Token[]>;
    }
    

11.0.0-6-next.5

Patch Changes

  • f96b147e: fix: several issues which caused the audit to fail (#2335)

10.0.0-alpha.4

Major Changes

  • f8a50baa: feat: standalone registry with no dependencies

    Usage

    To install a server with no dependencies

    npm install -g @verdaccio/standalone
    

    with no internet required

    npm install -g ./tarball.tar.gz
    

    Bundles htpasswd and audit plugins.

    Breaking Change

    It does not allow anymore the auth and middleware property at config file empty, it will fallback to those plugins by default.

10.0.0-alpha.3

Patch Changes

  • fecbb9be: chore: add release step to private regisry on merge changeset pr

10.0.0-alpha.2

Minor Changes

  • 54c58d1e: feat: add server rate limit protection to all request

    To modify custom values, use the server settings property.

    server:
    
    ## https://www.npmjs.com/package/express-rate-limit#configuration-options
    
    rateLimit:
    windowMs: 1000
    max: 10000
    

    The values are intended to be high, if you want to improve security of your server consider using different values.

10.0.0-alpha.1

Major Changes

  • d87fa026: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

9.7.3 (2020-07-30)

Bug Fixes

  • update marked / request security vulnerability (#378) (4188e08)

9.7.2 (2020-07-20)

Note: Version bump only for package verdaccio-audit

9.7.1 (2020-07-10)

Note: Version bump only for package verdaccio-audit

9.7.0 (2020-06-24)

Note: Version bump only for package verdaccio-audit

9.6.1 (2020-06-07)

Note: Version bump only for package verdaccio-audit

9.5.0 (2020-05-02)

Note: Version bump only for package verdaccio-audit

9.4.0 (2020-03-21)

Note: Version bump only for package verdaccio-audit

9.3.2 (2020-03-08)

Note: Version bump only for package verdaccio-audit

9.3.1 (2020-02-23)

Note: Version bump only for package verdaccio-audit

9.3.0 (2020-01-29)

Note: Version bump only for package verdaccio-audit

9.0.0 (2020-01-07)

Note: Version bump only for package verdaccio-audit

8.5.2 (2019-12-25)

Note: Version bump only for package verdaccio-audit

8.5.1 (2019-12-24)

Note: Version bump only for package verdaccio-audit

8.5.0 (2019-12-22)

Note: Version bump only for package verdaccio-audit

8.4.2 (2019-11-23)

Note: Version bump only for package verdaccio-audit

8.4.1 (2019-11-22)

Note: Version bump only for package verdaccio-audit

8.4.0 (2019-11-22)

Note: Version bump only for package verdaccio-audit

8.3.0 (2019-10-27)

Note: Version bump only for package verdaccio-audit

8.2.0 (2019-10-23)

Note: Version bump only for package verdaccio-audit

8.2.0-next.0 (2019-10-08)

Bug Fixes

8.1.4 (2019-09-30)

Note: Version bump only for package verdaccio-audit

8.1.3 (2019-09-30)

Note: Version bump only for package verdaccio-audit

8.1.2 (2019-09-29)

Note: Version bump only for package verdaccio-audit

8.1.1 (2019-09-26)

Note: Version bump only for package verdaccio-audit

8.1.0 (2019-09-07)

Note: Version bump only for package verdaccio-audit

8.0.1-next.1 (2019-08-29)

Note: Version bump only for package verdaccio-audit

8.0.1-next.0 (2019-08-29)

Note: Version bump only for package verdaccio-audit

8.0.0 (2019-08-22)

Note: Version bump only for package verdaccio-audit

8.0.0-next.4 (2019-08-18)

Note: Version bump only for package verdaccio-audit

8.0.0-next.2 (2019-08-03)

Note: Version bump only for package verdaccio-audit

8.0.0-next.1 (2019-08-01)

Note: Version bump only for package verdaccio-audit

8.0.0-next.0 (2019-08-01)

Bug Fixes

  • on error returns 500 by default (86bf628)
  • package.json to reduce vulnerabilities (457a791)

Features

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.2.1 (2019-07-29)

Bug Fixes

  • audit module doesn't support strict_ssl flag (f7d3f86)

Build System

1.2.0 (2019-04-06)

Bug Fixes

Features

1.1.0 (2019-01-09)

Features

  • pipe request and response bodies to save memory (#8) (0af7363)

1.0.1 (2019-01-09)

Bug Fixes

  • package.json to reduce vulnerabilities (bdf35df)

1.0.0 (2018-10-18)

Features

  • handle 'application/json, application/octet-stream' content types (cf38a38)

0.2.0 (2018-06-15)

Features

  • support audit via HTTPS proxy (5328bc3)