Skip to content

chore: update version and changelog#53

Merged
Bccorb merged 1 commit into
mainfrom
changeset-release/main
Jul 8, 2026
Merged

chore: update version and changelog#53
Bccorb merged 1 commit into
mainfrom
changeset-release/main

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

seamless-auth-api@0.2.3

Patch Changes

  • 0201af6: Mark GET /logout as deprecated in the generated OpenAPI document.

    defineRoute now supports a deprecated flag that is forwarded to the OpenAPI
    operation. The legacy GET /logout route sets it, so consumers and generated
    clients can detect the deprecation and migrate to DELETE /logout/all. Runtime
    behavior is unchanged.

  • 7d89315: Remove the legacy refresh-token fallback scan.

    Refresh-token lookup now resolves sessions solely by their indexed refreshTokenLookup
    fingerprint. The compatibility path that scanned all pre-fingerprint sessions and
    bcrypt-compared each hash on a lookup miss has been removed, along with its per-request
    Session.findAll scan. Sessions created before the refreshTokenLookup migration are no
    longer refreshable and must re-authenticate; such sessions are long past the refresh-token
    TTL, so no active sessions are affected.

  • a236888: Rate limit the POST /registration/register endpoint.

    Registration now applies the same per-IP and per-identity limiters already used by
    the OTP and phone-registration routes. This closes an unthrottled path that allowed
    registration/OTP spam and account enumeration against the endpoint.

  • ac309bb: Validate system_config on the runtime read path.

    getSystemConfig() now parses stored configuration against SystemConfigSchema on load
    instead of trusting the database rows with a cast. Invalid configuration fails loudly (the
    call throws and the error is logged) rather than flowing malformed values into auth logic.
    Also corrects the cache TTL comment (the value is 5 minutes, not 30 seconds).

@github-actions github-actions Bot force-pushed the changeset-release/main branch 10 times, most recently from e63cc21 to 43acb49 Compare July 7, 2026 19:47
@github-actions github-actions Bot force-pushed the changeset-release/main branch from 43acb49 to be1df48 Compare July 7, 2026 23:30
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Bccorb Bccorb merged commit afe1e59 into main Jul 8, 2026
2 of 3 checks passed
@Bccorb Bccorb deleted the changeset-release/main branch July 8, 2026 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants