chore: update version and changelog#53
Merged
Merged
Conversation
e63cc21 to
43acb49
Compare
43acb49 to
be1df48
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
seamless-auth-api@0.2.3
Patch Changes
0201af6: Mark
GET /logoutas deprecated in the generated OpenAPI document.defineRoutenow supports adeprecatedflag that is forwarded to the OpenAPIoperation. The legacy
GET /logoutroute sets it, so consumers and generatedclients can detect the deprecation and migrate to
DELETE /logout/all. Runtimebehavior is unchanged.
7d89315: Remove the legacy refresh-token fallback scan.
Refresh-token lookup now resolves sessions solely by their indexed
refreshTokenLookupfingerprint. The compatibility path that scanned all pre-fingerprint sessions and
bcrypt-compared each hash on a lookup miss has been removed, along with its per-request
Session.findAllscan. Sessions created before therefreshTokenLookupmigration are nolonger refreshable and must re-authenticate; such sessions are long past the refresh-token
TTL, so no active sessions are affected.
a236888: Rate limit the
POST /registration/registerendpoint.Registration now applies the same per-IP and per-identity limiters already used by
the OTP and phone-registration routes. This closes an unthrottled path that allowed
registration/OTP spam and account enumeration against the endpoint.
ac309bb: Validate
system_configon the runtime read path.getSystemConfig()now parses stored configuration againstSystemConfigSchemaon loadinstead of trusting the database rows with a cast. Invalid configuration fails loudly (the
call throws and the error is logged) rather than flowing malformed values into auth logic.
Also corrects the cache TTL comment (the value is 5 minutes, not 30 seconds).