Kraken Js Versions Save

Changes

• Include process.cwd while resolving module for view engine. It is possible that kraken-js module is deployed outside application root. Pull Request
• Use confit@3x Pull Request

• deprecate domains
• add onKrakenMount property; removed node v4, v6 and added node 10 in travis CI config (#514)

Changes

• Core:

  1. Allow config path to be configurable

  Implementation, Pull Request

  2. Updates dependencies

  Pull Request

  3. Updates lusca dependency to 1.5.1

  Pull Request

  4. Enables Lusca XSS protection by default

  Pull Request

Changes

• Core:

  1. Add more robust error handler for both inside and outside of the middleware continuation

     Implementation, Pull Request

Changes

• Core:

  1. Set morgan option to log request even if server crashes

     Implementation, Pull Request

Bug Fixes

• Core:

  1. Fix occasional double close error on shutdown

     Issue, Pull Request

Changes

• Core:

  1. Add shutdownHeaders option to shutdown middleware

     Pull Request

  2. Print deprecation warnings for the included 404 and 500 handlers.

     Implementation, Issue, Pull Request

Breaking Changes

• Dependency: meddleware (v1 -> v3)

  1. Call registered middleware factories with a context set to the method owner. This helps in specific cases (e.g., Passport).
     Previously: The factory was called with a context of null.

     Implementation, Issue, Pull Request

  2. Default middleware enabled to true. I.e., omitting the enabled option will still enable the middleware.
     Previously: middleware was defaulted enabled to false.

     Implementation, Issue, Pull Request

  3. Remove the ability to toggle the enabled state of a middleware at arbitrary points during runtime. Now, a middleware that is not enabled—by explicitly setting enabled to false, given breaking change No.1—will not be required (i.e., not parsed), and cannot be enabled at a later time.
     Previously: middleware could be toggled. Was by design, but largely unused and caused unanticipated behavior.

     Issue, Pull Request

• Dependency: confit (v1 -> v2)

  1. Resolve the import shortstop handler after merging config.json, [env].json, and before the other shortstop handlers are resolved.
     Previously: import handler resolved only once, before the rest of the shortstop handlers.

     implementation 1, implementation 2, Issue, Pull Request

     New Behavior:

     { "main": "import:main.json" }                              // config/config.json
     { "key": "value", "otherKey": "otherValue" }                // config/main.json
     { "main": { "key": "devValue" } }                           // config/dev.json
     { "main": { "key": "devValue", "otherKey": "otherValue" } } // result
     

  2. Change source priority—from highest to lowest (higher overrides lower)— to: command line arguments, environment variables, [env].json, config.json, convenience (environment normalization and env:* keys).
     Previously: source priority order, from highest to lowest, was [env].json, config.json, convenience, environment variables, command line arguments.

     Implementation, Pull Request

     New Behavior

     // config/config.json
     { "KEY": "fromConfig", "OTHER_KEY": "fromConfig", "THIRD_KEY": "fromConfig" }
     

     OTHER_KEY=fromEnv THIRD_KEY=fromEnv node myApp.js --THIRD_KEY=fromArgv
     

     // result
     { "KEY": "fromConfig", "OTHER_KEY": "fromEnv", "THIRD_KEY": "fromArgv" }
     

Changes

• Core:

  1. Print deprecation warnings for the included 404 and 500 handlers.

     Implementation, Issue, Pull Request

Breaking Changes

• Dependency: meddleware (v1 -> v3)

  1. Call registered middleware factories with a context set to the method owner. This helps in specific cases (e.g., Passport).
     Previously: The factory was called with a context of null.

     Implementation, Issue, Pull Request

  2. Default middleware enabled to true. I.e., omitting the enabled option will still enable the middleware.
     Previously: middleware was defaulted enabled to false.

     Implementation, Issue, Pull Request

  3. Remove the ability to toggle the enabled state of a middleware at arbitrary points during runtime. Now, a middleware that is not enabled—by explicitly setting enabled to false, given breaking change No.1—will not be required (i.e., not parsed), and cannot be enabled at a later time.
     Previously: middleware could be toggled. Was by design, but largely unused and caused unanticipated behavior.

     Issue, Pull Request

• Dependency: confit (v1 -> v2)

  1. Resolve the import shortstop handler after merging config.json, [env].json, and before the other shortstop handlers are resolved.
     Previously: import handler resolved only once, before the rest of the shortstop handlers.

     implementation 1, implementation 2, Issue, Pull Request

     New Behavior:

     { "main": "import:main.json" }                              // config/config.json
     { "key": "value", "otherKey": "otherValue" }                // config/main.json
     { "main": { "key": "devValue" } }                           // config/dev.json
     { "main": { "key": "devValue", "otherKey": "otherValue" } } // result
     

  2. Change source priority—from highest to lowest (higher overrides lower)— to: command line arguments, environment variables, [env].json, config.json, convenience (environment normalization and env:* keys).
     Previously: source priority order, from highest to lowest, was [env].json, config.json, convenience, environment variables, command line arguments.

     Implementation, Pull Request

     New Behavior

     // config/config.json
     { "KEY": "fromConfig", "OTHER_KEY": "fromConfig", "THIRD_KEY": "fromConfig" }
     

     OTHER_KEY=fromEnv THIRD_KEY=fromEnv node myApp.js --THIRD_KEY=fromArgv
     

     // result
     { "KEY": "fromConfig", "OTHER_KEY": "fromEnv", "THIRD_KEY": "fromArgv" }
     

Fixes

1. Upstream change regression: respect trust proxy fn.

   Implementation, Pull Request