0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00
verdaccio/packages/plugins/htpasswd/CHANGELOG.md
github-actions[bot] 61bbede301
chore: update versions (6-next) (#3030)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2022-03-03 22:25:35 +01:00

14 KiB

Change Log

11.0.0-6-next.12

Patch Changes

  • aeff267d: Refactor htpasswd plugin to use the bcryptjs 'compare' api call instead of 'comparSync'. Add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message.

11.0.0-6-next.11

Patch Changes

  • Updated dependencies [24b9be02]
    • @verdaccio/core@6.0.0-6-next.4
    • @verdaccio/file-locking@11.0.0-6-next.4

11.0.0-6-next.10

Patch Changes

  • Updated dependencies [6c1eb021]
    • @verdaccio/core@6.0.0-6-next.3

11.0.0-6-next.9

Major Changes

  • 794af76c: Remove Node 12 support

    • We need move to the new undici and does not support Node.js 12

Minor Changes

  • 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications

Patch Changes

  • Updated dependencies [794af76c]
  • Updated dependencies [154b2ecd]
    • @verdaccio/core@6.0.0-6-next.2
    • @verdaccio/file-locking@11.0.0-6-next.4

11.0.0-6-next.8

Patch Changes

  • Updated dependencies [459b6fa7]
    • @verdaccio/commons-api@11.0.0-6-next.4
    • @verdaccio/file-locking@11.0.0-alpha.3

11.0.0-6-next.7

Patch Changes

  • df0da3d6: Added core-js missing from dependencies though referenced in .js sources

10.0.0-alpha.6

Major Changes

  • 174cdcaa: feat: allow other password hashing algorithms (#1917)

    breaking change

    The current implementation of the htpasswd module supports multiple hash formats on verify, but only crypt on sign in. crypt is an insecure old format, so to improve the security of the new verdaccio release we introduce the support of multiple hash algorithms on sign in step.

    New hashing algorithms

    The new possible hash algorithms to use are bcrypt, md5, sha1. bcrypt is chosen as a default, because of its customizable complexity and overall reliability. You can read more about them here.

    Two new properties are added to auth section in the configuration file:

    • algorithm to choose the way you want to hash passwords.
    • rounds is used to determine bcrypt complexity. So one can improve security according to increasing computational power.

    Example of the new auth config file section:

    auth:
    htpasswd:
      file: ./htpasswd
      max_users: 1000
      # Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
      algorithm: bcrypt
      # Rounds number for "bcrypt", will be ignored for other algorithms.
      rounds: 10
    

10.0.0-alpha.5

Major Changes

  • f8a50baa: feat: standalone registry with no dependencies

    Usage

    To install a server with no dependencies

    npm install -g @verdaccio/standalone
    

    with no internet required

    npm install -g ./tarball.tar.gz
    

    Bundles htpasswd and audit plugins.

    Breaking Change

    It does not allow anymore the auth and middleware property at config file empty, it will fallback to those plugins by default.

10.0.0-alpha.4

Patch Changes

  • fecbb9be: chore: add release step to private regisry on merge changeset pr
  • Updated dependencies [fecbb9be]
    • @verdaccio/commons-api@10.0.0-alpha.3
    • @verdaccio/file-locking@10.0.0-alpha.3

10.0.0-alpha.3

Minor Changes

  • 54c58d1e: feat: add server rate limit protection to all request

    To modify custom values, use the server settings property.

    server:
    
    ## https://www.npmjs.com/package/express-rate-limit#configuration-options
    
    rateLimit:
    windowMs: 1000
    max: 10000
    

    The values are intended to be high, if you want to improve security of your server consider using different values.

Patch Changes

  • Updated dependencies [54c58d1e]
    • @verdaccio/commons-api@10.0.0-alpha.2
    • @verdaccio/file-locking@10.0.0-alpha.2

10.0.0-alpha.2

Minor Changes

  • 2a327c4b: feat: remove level dependency by lowdb for npm token cli as storage

    new npm token database

    There will be a new database located in your storage named .token-db.json which will store all references to created tokens, it does not store tokens, just mask of them and related metadata required to reference them.

    Breaking change

    If you were relying on npm token experiment. This PR will replace the used database (level) by a json plain based one (lowbd) which does not require Node.js C++ compilation step and has less dependencies. Since was a experiment there is no migration step.

10.0.0-alpha.1

Major Changes

  • d87fa026: feat!: experiments config renamed to flags

    • The experiments configuration is renamed to flags. The functionality is exactly the same.
    flags: token: false;
    search: false;
    
    • The self_path property from the config file is being removed in favor of config_file full path.
    • Refactor config module, better types and utilities
  • da1ee9c8: - Replace signature handler for legacy tokens by removing deprecated crypto.createDecipher by createCipheriv

    • Introduce environment variables for legacy tokens

    Code Improvements

    • Add debug library for improve developer experience

    Breaking change

    • The new signature invalidates all previous tokens generated by Verdaccio 4 or previous versions.
    • The secret key must have 32 characters long.

    New environment variables

    • VERDACCIO_LEGACY_ALGORITHM: Allows to define the specific algorithm for the token signature which by default is aes-256-ctr
    • VERDACCIO_LEGACY_ENCRYPTION_KEY: By default, the token stores in the database, but using this variable allows to get it from memory

Minor Changes

Patch Changes

  • b57b4338: Enable prerelease mode with changesets

  • 31af0164: ESLint Warnings Fixed

    Related to issue #1461

    • max-len: most of the sensible max-len errors are fixed
    • no-unused-vars: most of these types of errors are fixed by deleting not needed declarations
    • @typescript-eslint/no-unused-vars: same as above
  • Updated dependencies [d87fa026]

  • Updated dependencies [da1ee9c8]

  • Updated dependencies [26b494cb]

  • Updated dependencies [b57b4338]

  • Updated dependencies [31af0164]

    • @verdaccio/file-locking@10.0.0-alpha.1

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

9.7.2 (2020-07-20)

Note: Version bump only for package verdaccio-htpasswd

9.7.1 (2020-07-10)

Bug Fixes

9.7.0 (2020-06-24)

Note: Version bump only for package verdaccio-htpasswd

9.6.1 (2020-06-07)

Note: Version bump only for package verdaccio-htpasswd

9.5.0 (2020-05-02)

Note: Version bump only for package verdaccio-htpasswd

9.4.1 (2020-04-30)

Bug Fixes

  • verdaccio-htpasswd: generate non-constant legacy 2 byte salt (#357) (d522595)

9.4.0 (2020-03-21)

Note: Version bump only for package verdaccio-htpasswd

9.3.2 (2020-03-08)

Bug Fixes

9.3.1 (2020-02-23)

Note: Version bump only for package verdaccio-htpasswd

9.3.0 (2020-01-29)

Note: Version bump only for package verdaccio-htpasswd

9.0.0 (2020-01-07)

chore

Features

BREAKING CHANGES

  • @verdaccio/eslint-config requires ESLint >=6.8.0 and Prettier >=1.19.1 to fix compatibility with overrides.extends config

8.5.2 (2019-12-25)

Note: Version bump only for package verdaccio-htpasswd

8.5.1 (2019-12-24)

Note: Version bump only for package verdaccio-htpasswd

8.5.0 (2019-12-22)

Note: Version bump only for package verdaccio-htpasswd

8.4.2 (2019-11-23)

Note: Version bump only for package verdaccio-htpasswd

8.4.1 (2019-11-22)

Note: Version bump only for package verdaccio-htpasswd

8.4.0 (2019-11-22)

Note: Version bump only for package verdaccio-htpasswd

8.3.0 (2019-10-27)

Note: Version bump only for package verdaccio-htpasswd

8.2.0 (2019-10-23)

Note: Version bump only for package verdaccio-htpasswd

8.2.0-next.0 (2019-10-08)

Bug Fixes

8.1.2 (2019-09-29)

Note: Version bump only for package verdaccio-htpasswd

8.1.1 (2019-09-26)

Note: Version bump only for package verdaccio-htpasswd

8.1.0 (2019-09-07)

Note: Version bump only for package verdaccio-htpasswd

8.0.1-next.1 (2019-08-29)

Note: Version bump only for package verdaccio-htpasswd

8.0.1-next.0 (2019-08-29)

Note: Version bump only for package verdaccio-htpasswd

8.0.0 (2019-08-22)

Note: Version bump only for package verdaccio-htpasswd

8.0.0-next.4 (2019-08-18)

Note: Version bump only for package verdaccio-htpasswd

8.0.0-next.2 (2019-08-03)

Note: Version bump only for package verdaccio-htpasswd

8.0.0-next.1 (2019-08-01)

Note: Version bump only for package verdaccio-htpasswd

8.0.0-next.0 (2019-08-01)

Note: Version bump only for package verdaccio-htpasswd

Change Log

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.0.0 (2019-04-14)

Features

2.0.0-beta.1 (2019-02-24)

Bug Fixes

2.0.0-beta.0 (2019-02-03)

Features

  • migrate to typescript (79f6937)
  • remove Node6 from CircleCI (d3a05ab)
  • use verdaccio babel preset (3a63f88)

1.0.1 (2018-09-30)

Bug Fixes

  • password hash & increase coverage (6420c26)

1.0.0 (2018-09-30)

Bug Fixes

  • adds error message for user registration (0bab945)

Features

  • change-passwd: implement change password #32 (830b143)