1# node-http-signature changelog 2 3## 1.1.1 4 5- Version of dependency `assert-plus` updated: old version was missing 6 some license information 7- Corrected examples in `http_signing.md`, added auto-tests to 8 automatically validate these examples 9 10## 1.1.0 11 12- Bump version of `sshpk` dependency, remove peerDependency on it since 13 it now supports exchanging objects between multiple versions of itself 14 where possible 15 16## 1.0.2 17 18- Bump min version of `jsprim` dependency, to include fixes for using 19 http-signature with `browserify` 20 21## 1.0.1 22 23- Bump minimum version of `sshpk` dependency, to include fixes for 24 whitespace tolerance in key parsing. 25 26## 1.0.0 27 28- First semver release. 29- #36: Ensure verifySignature does not leak useful timing information 30- #42: Bring the library up to the latest version of the spec (including the 31 request-target changes) 32- Support for ECDSA keys and signatures. 33- Now uses `sshpk` for key parsing, validation and conversion. 34- Fixes for #21, #47, #39 and compatibility with node 0.8 35 36## 0.11.0 37 38- Split up HMAC and Signature verification to avoid vulnerabilities where a 39 key intended for use with one can be validated against the other method 40 instead. 41 42## 0.10.2 43 44- Updated versions of most dependencies. 45- Utility functions exported for PEM => SSH-RSA conversion. 46- Improvements to tests and examples. 47