Skip to content

v2.7.0

Latest
Latest

Choose a tag to compare

View all tags
@anton62k anton62k released this 12 May 04:31
· 3 commits to master since this release
v2.7.0
eaddcab
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

@revisium/endpoint 2.7.0 hardens authentication on generated REST and GraphQL endpoints, fixes cookie-based auth on generated endpoints under the JWT 2.0 cookie-session model, smooths out the Redis health-check, and tightens the release-train workflow and CI dependencies.

Generated Endpoint Auth

  • Rejected unauthorized requests on generated endpoints. #178
  • Fixed cookie-based auth on generated endpoints so JWT 2.0 cookie sessions are accepted on generated REST and GraphQL surfaces. #180

Reliability

  • Avoided Redis health-check connection churn. #184
  • Fixed uuid usage in generated endpoint code paths. #179

Docs

  • Clarified internal API key endpoint configuration. #183
  • Fixed env.md. #182

Build, Security, And Release

  • Bumped vulnerable transitive dependencies via package overrides. #189
  • Pinned the npm publish workflow actions. #188
  • Migrated to revisium-actions v0.3.2 workflows and restored CI / deploy workflow definitions. #185 #187
  • Guarded the "latest release" tag selection in the release workflow. #177

Compatibility Notes

  • Generated endpoints now require authenticated requests where they previously could leak responses; clients that relied on unauthenticated access must provide a valid cookie session or X-Api-Key / ?api_key=.
  • Microservice deployments should continue to use INTERNAL_API_KEY_ENDPOINT for endpoint-to-core communication; the deprecated CORE_API_URL_USERNAME / CORE_API_URL_PASSWORD path is unchanged from 2.6.0.
  • Release publication remains tag-driven; GitHub Releases are manual release documentation over an existing tag.

Full Changelog: v2.6.0...v2.7.0

Assets 2
Loading