v1.0.0

---

As part of the continual effort to mitigate risks, the current 1.0.0 release is undergoing a a third-party security audit at the time of this writing. The process will take about 6 to 8 weeks to complete, but we are planning to keep the 1.0.0 API stability in place as dictated by the semantic versioning rules.

All notable changes to this project will be documented in this file.
See Conventional Commits for commit guidelines.

1.0.0 (2022-03-16)

Bug Fixes

• 1852: slow breakpoints (ff02ba1), closes #1852
• add optional auth token to api-client and consortium-manual (c2feebf), closes #1579
• cmd-api-server: add express static rate limiting (190cf12), closes #1840
• cmd-api-server: disable validateKeyPairMatch (7deaa22)
• cmd-api-server: upgrade socket.io - CVE-2022-21676 (8e1c69e), closes #1914
• config-service validator throws warnings (877dcab)
• connector-besu/quorum/xdai: unvalidated dynamic method call (bdc1aba), closes #1911
• connector-fabric: uncontrolled data used in path expression (ef0981d), closes #1909
• deps: ensure glob-parent is above 5.1.2 - CVE-2020-28469 (23ded0f), closes #1916
• fix faulty shutdownHook definition in the Config-Schema (fbae2da), closes #1648
• plugin-ledger-connector-fabric-socketio: upgrade Fabric due to jsrsasign (a9ecb19), closes #1754 #1799
• plugin-odap-hermes: remove extraneous dependencies (87af023), closes #1641
• remove jade dependencies (f4ce09e), closes #1662
• reset script from package.json does not work #1656 (c74e002)
• security: address CVE-2019-5413 (212b770), closes #1777
• security: address CVE-2021-23358 - TEMPORARY fix (2fdee4f), closes #1775
• security: ensure ansi-html > 0.0.8 - CVE-2021-23424 (e3e2d1c), closes #1920
• security: force lodash > 4.17.20 - CVE-2020-8203 (08ace66), closes #1918
• security: upgrade to yarn > 1.22.0 - CVE-2019-10773, CVE-2020-8131 (43d591d), closes #1922
• security: upgrade web3 to upgrade elliptic > 6.5.4 (5513848), closes #1639
• set apiServerOptions.configFile="" (5c5a1e1), closes #1619
• shutdown hook configuration is using wrong config key (e760e04), closes #1619

Features

• cactus-api-client: add support for plain socketio validators in api-server and api-client (634b10e), closes #1602 #1602
• cactus-api-client: common verifier-factory (2f70a64), closes #1878
• connector-corda: enable Flow Database Access CorDapp (60dfe1a), closes #1493
• connector-corda: read privateKey from filesystem (e7e39fd), closes #789
• connector-xdai: remove hard dependency on keychain (da793c5), closes #1162
• core-api: add weaver protobuf codegen #1556 (b5b68a7)