Protect untrusted requests from SSRF
This is a major release, dropping support for anything below nodejs v20, in line with got v14.
https://github.com/hanover-computing/got-ssrf/compare/v2.0.1...v3.0.0
This release is a typescript rewrite of the package.
However, note that it's done in a fully backwards-compatible way, and there should be ZERO CHANGES from the user's perspective.
Thus, this is a patch release.
https://github.com/hanover-computing/got-ssrf/compare/v2.0.0...v2.0.1
This is a "major" update, in which literally the only two changes are:
There are no code changes, so as long as you're running node v16 or newer, you should be able to upgrade without any worries!
https://github.com/hanover-computing/got-ssrf/compare/v1.3.5...v2.0.0
Fixes typescript definition; no code changes
https://github.com/hanover-computing/got-ssrf/compare/v1.3.4...v1.3.5
This release does NOT affect the code whatsoever; the repository URL in the package.json was broken.
https://github.com/hanover-computing/got-ssrf/compare/v1.3.3...v1.3.4
This is a documentation release to update references in the npm README page.
This is a refactor release, in which we now import the node dns
module directly instead of having to do a roundabout, dirty hack, just so we could mock it during tests.
https://github.com/JaneJeon/got-csrf/compare/v1.3.1...v1.3.2
This release adds special handling for IPv4/IPv6 addresses and fixes issues associated with them (the behaviour is backwards-compatible, minus the fixed bugs, and this does not result in any new "features" or options for the library, so it's a patch upgrade).
In particular, the change in the IP address handling leads to these improvements to the library:
ipv4mapped
- we would've assumed that it's a reserved address and threw an error, even though it's a valid, public IP address)Very subtle things, but it's more "correct" than before, so hey.
https://github.com/JaneJeon/got-csrf/compare/v1.3.0...v1.3.1
This version bumps got
version to v12 from v12 beta v4.
https://github.com/JaneJeon/got-csrf/compare/v1.2.0...v1.3.0
This release makes sure the SSRF check also runs on every redirect, see #2
https://github.com/JaneJeon/got-csrf/compare/v1.1.0...v1.2.0