Releases: auth0/auth0-spa-js
v2.0.2
Security
- Bump jsonwebtoken to v9 #1062 (dependabot)
This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.
Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.
v1.22.6
Security
- Bump jsonwebtoken to v9 #1065 (frederikprijck)
This patch release is identical to 1.22.5 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.
Even though 1.22.5 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.
v2.0.1
Changed
- Add openUrl and deprecate onRedirect #1058 (frederikprijck)
Fixed
- Export MissingRefreshTokenError #1043 (frederikprijck)
v2.0.0
Auth0-SPA-JS v2 includes many significant changes compared to v1:
- Refactor module output and avoid default export #942 (frederikprijck)
- Do not throw from
checkSession#943 (frederikprijck) - Rework
ignoreCachetocacheModeand introducecache-only#950 (ewanharris) - Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
- Use form-encoded data by default #945 (frederikprijck)
- Remove
getIdTokenClaimsOptionstype #960 (ewanharris) - Rename
client_idtoclientId#956 (ewanharris) - Remove polyfills from bundles #951 (frederikprijck)
- Update output target to ES2017 #953 (frederikprijck)
- Introduce
authorizationParamsto hold properties sent to Auth0 #959 (ewanharris) - Do not build Common JS module with externals #971 (frederikprijck)
- De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
- Remove
advancedOptions.defaultScopeand replace withscope#972 (ewanharris) - Cache and return id token from memory #975 (ewanharris)
- Remove
buildAuthorizeUrl#980 (frederikprijck) - Make
buildLogoutUrlinternal #982 (ewanharris) - Fix spelling mistakes in id token validation messages #940 (frederikprijck)
As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.
v2.0.0-beta.1
Fixed
- Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)
- Close MessageChannel after receiving and processing message from worker #1023 (ewanharris)
v1.22.5
v2.0.0-beta.0
Auth0-SPA-JS v2 includes many significant changes compared to v1:
- Refactor module output and avoid default export #942 (frederikprijck)
- Do not throw from
checkSession#943 (frederikprijck) - Rework
ignoreCachetocacheModeand introducecache-only#950 (ewanharris) - Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
- Use form-encoded data by default #945 (frederikprijck)
- Remove
getIdTokenClaimsOptionstype #960 (ewanharris) - Rename
client_idtoclientId#956 (ewanharris) - Remove polyfills from bundles #951 (frederikprijck)
- Update output target to ES2017 #953 (frederikprijck)
- Introduce
authorizationParamsto hold properties sent to Auth0 #959 (ewanharris) - Do not build Common JS module with externals #971 (frederikprijck)
- De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
- Remove
advancedOptions.defaultScopeand replace withscope#972 (ewanharris) - Cache and return id token from memory #975 (ewanharris)
- Remove
buildAuthorizeUrl#980 (frederikprijck) - Make
buildLogoutUrlinternal #982 (ewanharris) - Fix spelling mistakes in id token validation messages #940 (frederikprijck)
As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.