1 # node-http-signature changelog
5 - Version of dependency `assert-plus` updated: old version was missing
6 some license information
7 - Corrected examples in `http_signing.md`, added auto-tests to
8 automatically validate these examples
12 - Bump version of `sshpk` dependency, remove peerDependency on it since
13 it now supports exchanging objects between multiple versions of itself
18 - Bump min version of `jsprim` dependency, to include fixes for using
19 http-signature with `browserify`
23 - Bump minimum version of `sshpk` dependency, to include fixes for
24 whitespace tolerance in key parsing.
28 - First semver release.
29 - #36: Ensure verifySignature does not leak useful timing information
30 - #42: Bring the library up to the latest version of the spec (including the
31 request-target changes)
32 - Support for ECDSA keys and signatures.
33 - Now uses `sshpk` for key parsing, validation and conversion.
34 - Fixes for #21, #47, #39 and compatibility with node 0.8
38 - Split up HMAC and Signature verification to avoid vulnerabilities where a
39 key intended for use with one can be validated against the other method
44 - Updated versions of most dependencies.
45 - Utility functions exported for PEM => SSH-RSA conversion.
46 - Improvements to tests and examples.