All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
- Stops support for node versions < 12
- When using signed JWT assertions (https://github.com/auth0/node-wsfed#jwt), new restrictions apply. See ([jsonwebtokenv9.0.0]https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9). In particular:
- RSA key size must be 2048 bits or greater. (unless the not recommended and insecure option jwtAllowInsecureKeySizes is used)
- Asymmetric keys cannot be used to sign HMAC tokens.
- Key types must be valid for the signing algorithm (unless the not recommended and insecure option jwtAllowInvalidAsymmetricKeyTypes is used)
- upgrades jsonwebtoken to version 9.0.0, fixing JWT signing vulnerabilities ([GHSA-8cf7-32gw-wr33]https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33).
6.1.0 (2021-02-12)
- adding support for name identifier format option (2228a7a)
- add back support for custom profile mapper for nameIdentifierFormat (c0d932b)
- make xtend a production dependency (26f3dc4)
6.0.0 (2020-11-04)
- stop supporting node v4, v6 and v8
- update saml dependency to fix vulnerabilities reported by npm
- update saml dependency to fix vulnerabilities reported by npm (178c9af)
- remove unused
debugdev depenency and fix the deprecated usage of express res.send (0dfb671)
- remove node v4, v6 and v8 in travis configuration (5ffa4c8)
5.0.0 (2020-10-28)
-
an error will be returned in case no
nameIdentifieris returned from the profile mapper -
fix!(nameIdentifier): handle the case of not found nameIdentifier (615cffd)