Releases: verdaccio/verdaccio
v5.31.0
5.31.0 (2024-05-11)
(ποΈ hey (renovate/dependabot/other bots) users, read this)
βΉοΈ Important changes added to the .verdaccio-db.json
and token signature for users that run on Node.js 22 or higher (in the future π ) please read
https://verdaccio.org/docs/configuration/#.verdaccio-db
TLDR:
- Enforced for users that runs verdaccio via npmjs, for all Docker image isuers, verdaccio uses Node.js LTS 21 and the secret migration is voluntary until next major release.
- For Node.js 21 or lower a new deprecation will appear
[VERWAR007] VerdaccioDeprecation: the secret length is too lon...
to remove it please read the link above - For Node.js 22 if you have already a storage with
.verdaccio-db.json
and the token inside does not complies with the length (read link above) the application startup will fail with fatal error (Error: Invalid storage secret key length, must be 32 characters long but is....
)
In both cases by updating the secret all previously tokens will get invalid, in your benefit a new legacy signature will be applied and is more secure than the old one (generating tokens with salt).
For existing installations that have no issues by invalidating tokens is recommended to add to the config.yaml
the following setup, this will automatically generate a new the secret once is started, could be removed aftewards, if all went succesfull the [VERWAR007]
deprecation will not be displayed anymore.
security:
api:
migrateToSecureLegacySignature: true
Any new installation should not worry about this, new token signature and secret (32 characters) is applied by default.
Features
Bug Fixes
v5.30.3
5.30.3 (2024-04-06)
βΉοΈ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Bug Fixes
v5.30.2
5.30.2 (2024-03-24)
Same as https://github.com/verdaccio/verdaccio/releases/tag/v5.30.0
βΉοΈ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Bug Fixes
v5.30.1
v5.30.0
5.30.0 (2024-03-24)
π 3 new contributors
Be warned, if you are using (or cannot upgrade to major) Node.js 12 (only if you install from npmjs) please do not upgrade to this version, the minimum is now Node.js 14 (due dependency reasons are out my hand), the recommendation is always go for LTS releases anyway which at this moment is Node.js 20. For context if you are using the Docker image ignore this warning, the Dockerfile uses Node.js 20 as base image.
βΉοΈ Verdaccio v6.0.0-beta.2 has been released, ready for user test to ensure the best backward compatibility, help us by trying it out.
Features
On the versions view there is a new filter that allows semantic versioning filtering (feedback is welcome)
Versions filter by semver range
Bug Fixes
- fix multiple user interface issues in dark mode (css styles)
- newline after version command (#4543) (c478324) by @aseerkt
- deps: update core verdaccio dependencies (#4530) (7206f84)
- fix config builder erroring when passed partial config #4552 by @ItamarGronich
- Avoid displaying "prettify pipeline error" if there is no error #4551 by @divdavem
- deps: update core verdaccio dependencies (5.x) (#4539) (da50302)
- deps: update dependency envinfo to v7.11.1 (#4527) (c2604e7)
- deps: update dependency express to v4.18.3 (#4528) (e07c352)
- deps: update dependency semver to v7.6.0 (#4529) (43d3c5e)
@verdaccio/search-indexer@7.0.0-next-7.2
Patch Changes
- 542f9d3: fix: remove node engine restriction
v6.0.0-beta.2
βΉοΈ Available via npm install -g verdaccio@latest-6
Feedback is welcome ππΌ
6.0.0-beta.2 (2024-03-17)
Features
Bug Fixes
- deps: update core verdaccio dependencies (#4436) (5a03778)
- deps: update core verdaccio dependencies (#4500) (eda0f51)
- deps: update core verdaccio dependencies (#4531) (f46f9e1)
- deps: update core verdaccio dependencies (6.x) (#4540) (c12e1a0)
- newline after version command (913ce37), closes #4543
- profile v1 endpoint and tests (a183446)
v5.29.2
v5.29.1
5.29.1 (2024-02-17)
Bug Fixes
Powered by @mbtools π―
- deps: update core verdaccio dependencies (#4389) (f64b395)
- deps: update core verdaccio dependencies (#4428) (30af49f)
- deps: update core verdaccio dependencies (#4499) (e10b381)
- deps: update core verdaccio dependencies (#4508) (23afe22)
- deps: update core verdaccio dependencies (5.x) (#4352) (b41f6c9)
- deps: update dependency cookies to v0.9.0 (#4341) (0bdc10e)
- deps: update dependency cookies to v0.9.1 (#4371) (c96468a)
- deps: update dependency verdaccio-audit to v12.0.0-next.5 (#4353) (11421c0)
- deps: update dependency verdaccio-htpasswd to v12.0.0-next.5 (#4355) (03d8bb4)
v6.0.0-beta.1
6.0.0-beta.1 (2024-01-07)
βΉοΈ Available via npm install -g verdaccio@latest-6
Bug Fixes
- release script (7e7b578)
6.0.0-beta.0 (2024-01-07)
β BREAKING CHANGES
- using new plugin loader (#4097)
- drop nodejs 16 (#4032)
- remove request (#3960)
- drop Node.js 12 (#3983)
Features
- drop Node.js 12 (#3983) (5a0ead5)
- drop nodejs 16 (#4032) (02af45c)
- experiment: accept async tarball_url_redirect function (#3914) (e174e8c)
- refactor auth class (#4364) (428a256)
- remove request (#3960) (d40d0ff)
- search on cache packages (#4001) (c2aa0b6)
- using new plugin loader (#4097) (8a8a330)
Bug Fixes
- check if node.js minimum version is correct (#4002) (547ba9a)
- deps: update core verdaccio dependencies (#4358) (f0c1a3f)
- deps: update core verdaccio dependencies (#4390) (4ee9878)
- deps: update dependency cookies to v0.9.0 (#4342) (786c200)
- deps: update dependency validator to v13.11.0 (#3967) (f61cfda)
- update docker image to v20.9.0 (127e6cf)
- update verdaccio core dependencies (dc3fb46)
- update verdaccio core dependencies (#4034) (4ddb220)