MicDropMessages/node_modules/csurf/HISTORY.md

1.11.0 / 2020-01-18
===================

  * deps: cookie@0.4.0
    - Add `SameSite=None` support
  * deps: http-errors@~1.7.3
    - deps: inherits@2.0.4

1.10.0 / 2019-04-22
===================

  * deps: csrf@3.1.0
    - Remove `base64-url` dependency
    - deps: tsscmp@1.0.6
    - deps: uid-safe@2.1.5
  * deps: http-errors@~1.7.2
    - Make `message` property enumerable for `HttpError`s
    - Set constructor name when possible
    - deps: depd@~1.1.2
    - deps: inherits@2.0.3
    - deps: setprototypeof@1.1.1
    - deps: statuses@'>= 1.5.0 < 2'
  * perf: remove argument reassignment
  * perf: use plain object for internal cookie options

1.9.0 / 2016-05-27
==================

  * Pass invalid csrf token error to `next()` instead of throwing
  * Pass misconfigured error to `next()` instead of throwing
  * Provide misconfigured error when using cookies without cookie-parser
  * deps: cookie@0.3.1
    - Add `sameSite` option
    - Fix cookie `Max-Age` to never be a floating point number
    - Improve error message when `expires` is not a `Date`
    - Throw better error for invalid argument to parse
    - Throw on invalid values provided to `serialize`
    - perf: enable strict mode
    - perf: hoist regular expression
    - perf: use for loop in parse
    - perf: use string concatination for serialization
  * deps: csrf@~3.0.3
    - Use `tsscmp` module for timing-safe token verification
    - deps: base64-url@1.2.2
    - deps: rndm@1.2.0
    - deps: uid-safe@2.1.1
  * deps: http-errors@~1.5.0
    - Add `HttpError` export, for `err instanceof createError.HttpError`
    - Support new code `421 Misdirected Request`
    - Use `setprototypeof` module to replace `__proto__` setting
    - deps: inherits@2.0.1
    - deps: statuses@'>= 1.3.0 < 2'
    - perf: enable strict mode
  * perf: enable strict mode
  * perf: remove argument reassignment

1.8.3 / 2015-06-10
==================

  * deps: cookie@0.1.3
    - Slight optimizations

1.8.2 / 2015-05-09
==================

  * deps: csrf@~3.0.0
    - deps: uid-safe@~2.0.0

1.8.1 / 2015-05-03
==================

  * deps: csrf@~2.0.7
    - Fix compatibility with `crypto.DEFAULT_ENCODING` global changes

1.8.0 / 2015-04-07
==================

  * Add `sessionKey` option

1.7.0 / 2015-02-15
==================

  * Accept `CSRF-Token` and `XSRF-Token` request headers
  * Default `cookie.path` to `'/'`, if using cookies
  * deps: cookie-signature@1.0.6
  * deps: csrf@~2.0.6
    - deps: base64-url@1.2.1
    - deps: uid-safe@~1.1.0
  * deps: http-errors@~1.3.1
   - Construct errors using defined constructors from `createError`
   - Fix error names that are not identifiers
   - Set a meaningful `name` property on constructed errors

1.6.6 / 2015-01-31
==================

  * deps: csrf@~2.0.5
    - deps: base64-url@1.2.0
    - deps: uid-safe@~1.0.3

1.6.5 / 2015-01-08
==================

  * deps: csrf@~2.0.4
    - deps: uid-safe@~1.0.2

1.6.4 / 2014-12-30
==================

  * deps: csrf@~2.0.3
    - Slight speed improvement for `verify`
    - deps: base64-url@1.1.0
    - deps: rndm@~1.1.0
  * deps: http-errors@~1.2.8
   - Fix stack trace from exported function

1.6.3 / 2014-11-09
==================

  * deps: csrf@~2.0.2
    - deps: scmp@1.0.0
  * deps: http-errors@~1.2.7
   - Remove duplicate line

1.6.2 / 2014-10-14
==================

  * Fix cookie name when using `cookie: true`
  * deps: http-errors@~1.2.6
    - Fix `expose` to be `true` for `ClientError` constructor
    - Use `inherits` instead of `util`
    - deps: statuses@1

1.6.1 / 2014-09-05
==================

  * deps: cookie-signature@1.0.5

1.6.0 / 2014-09-03
==================

  * Set `code` property on CSRF token errors

1.5.0 / 2014-08-24
==================

  * Add `ignoreMethods` option

1.4.1 / 2014-08-22
==================

  * Use `csrf-tokens` instead of `csrf`
 
1.4.0 / 2014-07-30
==================

  * Support changing `req.session` after `csurf` middleware
    - Calling `res.csrfToken()` after `req.session.destroy()` will now work

1.3.0 / 2014-07-03
==================

  * Add support for environments without `res.cookie` (connect@3)

1.2.2 / 2014-06-18
==================

  * deps: csrf-tokens@~2.0.0

1.2.1 / 2014-06-09
==================

  * Refactor to use `csrf-tokens` module

1.2.0 / 2014-05-13
==================

  * Add support for double-submit cookie

1.1.0 / 2014-04-06
==================

  * Add constant-time string compare