v7.0.1

What's Changed

• build(deps-dev): bump sinon from 18.0.1 to 19.0.2 by @dependabot in #163
• docs(readme), test: generateCsrf no longer require await by @5t111111 in #164
• chore: update fastify to ^5.0.0 by @Fdawgs in #165

New Contributors

• @5t111111 made their first contribution in #164

Full Changelog: v7.0.0...v7.0.1

v7.0.0

What's Changed

• build(deps-dev): bump tsd from 0.29.0 to 0.30.0 by @dependabot in #149
• Fix 404 link to fastify-cookie plugin and replace http link by @davidcralph in #151
• chore(.gitignore): add .tap/ dir by @Fdawgs in #152
• build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @dependabot in #153
• Merge next into master by @jsumners in #156
• fix(types): use void as csrfProtection's return type by @ojeytonwilliams in #159
• build(deps-dev): bump sinon from 17.0.2 to 18.0.0 by @dependabot in #155
• build(deps-dev): bump @types/node from 20.14.13 to 22.0.0 by @dependabot in #160
• build(deps): bump fastify/workflows from 4.1.0 to 5.0.0 by @dependabot in #162
• chore: update min fastify version by @Fdawgs in #161

New Contributors

• @davidcralph made their first contribution in #151
• @ojeytonwilliams made their first contribution in #159

Full Changelog: v6.4.1...v7.0.0

v6.4.1

What's Changed

• fix(types): hmacKey only mandatory with fastify/cookie by @hobi9 in #148

New Contributors

• @hobi9 made their first contribution in #148

Full Changelog: v6.4.0...v6.4.1

v6.4.0

What's Changed

• ci: only trigger on pushes to main branches by @Fdawgs in #134
• build(deps-dev): bump @types/node from 18.16.5 to 20.1.0 by @dependabot in #136
• build(deps-dev): bump @fastify/cookie from 8.3.0 to 9.0.4 by @dependabot in #137
• build(deps-dev): bump @fastify/secure-session from 6.2.0 to 7.0.0 by @dependabot in #138
• docs - update @fastify/session docs by @leftieFriele in #139
• build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @dependabot in #140
• perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in #141
• build(deps-dev): bump sinon from 15.2.0 to 16.0.0 by @dependabot in #142
• chore: add .gitattributes file by @Fdawgs in #144
• build(deps-dev): bump sinon from 16.1.3 to 17.0.0 by @dependabot in #145
• chore(package): explicitly declare js module type by @Fdawgs in #146

New Contributors

• @leftieFriele made their first contribution in #139

Full Changelog: v6.3.0...v6.4.0

v6.3.0

⚠️ Security Release ⚠️

This release fixes a vulnerability (CVE-2023-27495) that can lead to a bypass of the CSRF protection in the case of predictable userInfo more details at GHSA-qrgf-9gpc-vrxw.

What's Changed

• chore(.gitignore): add bun lockfile by @Fdawgs in #126
• build(deps-dev): bump tsd from 0.25.0 to 0.27.0 by @dependabot in #128
• build(deps-dev): bump tsd from 0.27.0 to 0.28.0 by @dependabot in #129

Full Changelog: v6.2.0...v6.3.0

v4.1.0

⚠️ Security Release ⚠️

This release fixes a vulnerability (CVE-2023-27495) that can lead to a bypass of the CSRF protection in the case of predictable userInfo more details at GHSA-qrgf-9gpc-vrxw.

v6.2.0

What's Changed

• build(deps-dev): bump sinon from 14.0.2 to 15.0.0 by @dependabot in #120
• build(deps-dev): bump tsd from 0.24.1 to 0.25.0 by @dependabot in #121
• build(deps-dev): bump @fastify/secure-session from 5.3.0 to 6.0.0 by @dependabot in #122
• fix: Update generateCsrf return type by @Arnesfield in #125

New Contributors

• @Arnesfield made their first contribution in #125

Full Changelog: v6.1.0...v6.2.0

v6.1.0

📚 PR:

• Updated example getToken function in README.md (#117)
• add nodenext compatibility (#119)

v6.0.0

📚 PR:

• build(deps): bump fastify-plugin from 3.0.1 to 4.0.0 (#103)
• ci: enable license checking (#104)
• build(deps-dev): bump @fastify/cookie from 7.4.0 to 8.0.0 (#105)
• build(deps-dev): bump tsd from 0.22.0 to 0.23.0 (#106)
• Clarify that the preHandler lifecycle must be used if the token is passed as a body (#108)
• build(deps-dev): bump @fastify/session from 9.0.0 to 10.0.0 (#109)
• build(deps-dev): bump tsd from 0.23.0 to 0.24.1 (#110)
• modernize project structure (#111)
• avoid unnecessary if conditions (#112)
• major: Update csrf and fix some typings (#114)
• Improve documentation (#115)

v5.1.0

What's Changed

• build(deps): bump @fastify/csrf from 4.0.1 to 5.0.0 by @dependabot in #94
• chore(.gitignore): use updated skeleton template by @Fdawgs in #95
• build(deps-dev): bump tsd from 0.20.0 to 0.21.0 by @dependabot in #96
• build(deps-dev): bump @types/node from 17.0.45 to 18.0.0 by @dependabot in #97
• build(deps-dev): bump tsd from 0.21.0 to 0.22.0 by @dependabot in #98
• add .npmrc to disable package-lock.json generation by @Uzlopak in #101
• use @fastify/error instead of http-errors by @Uzlopak in #102
• Use secretSync by @Uzlopak in #100

New Contributors

• @Uzlopak made their first contribution in #101

Full Changelog: v5.0.0...v5.1.0