npm - @small-tech/auto-encrypt - Versions diffs - 2.2.0 → 2.3.0 - Mend

@small-tech/auto-encrypt 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -2,6 +2,8 @@
 Adds automatic provisioning and renewal of [Let’s Encrypt](https://letsencrypt.org) TLS certificates with [OCSP Stapling](https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling) to [Node.js](https://nodejs.org) [https](https://nodejs.org/dist/latest-v12.x/docs/api/https.html) servers (including [Express.js](https://expressjs.com/), etc.)
+__Note:__ this is the CommonJS (CJS) branch of Auto Encrypt. Please see the main branch for the ECMAScript Modules (ESM) version. Security updates are backported to this branch.
 ## How it works
 The first time your web site is hit, it will take a couple of seconds to load as your Let’s Encrypt TLS certificates are automatically provisioned for you. From there on, your certificates will be seamlessly renewed 30 days before their expiry date.
@@ -11,7 +13,7 @@ When not provisioning certificates, Auto Encrypt will also forward HTTP calls to
 ## Installation
 ```sh
-npm i @small-tech/auto-encrypt
+npm i @small-tech/auto-encrypt@cjs
 ```
 ## Usage
@@ -266,7 +268,7 @@ We exist in part thanks to patronage by people like you. If you share [our visio
 ## Copyright
-&copy; 2020 [Aral Balkan](https://ar.al), [Small Technology Foundation](https://small-tech.org).
+&copy; 2020 - present [Aral Balkan](https://ar.al), [Small Technology Foundation](https://small-tech.org).
 Let’s Encrypt is a trademark of the Internet Security Research Group (ISRG). All rights reserved. Node.js is a trademark of Joyent, Inc. and is used with its permission. We are not endorsed by or affiliated with Joyent or ISRG.

package/lib/acmeCsr.js CHANGED Viewed

@@ -62,7 +62,7 @@ function csrAsPem (domains, key) {
     }]
   }])
-  csr.sign(keys.private)
+  csr.sign(keys.private, forge.md.sha256.create())
   const pem = forge.pki.certificationRequestToPem(csr)
   return pem

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@small-tech/auto-encrypt",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "Adds automatic provisioning and renewal of Let’s Encrypt TLS certificates with OCSP Stapling to Node.js https servers (including Express.js, etc.)",
   "keywords": [
     "let's encrypt",
@@ -64,7 +64,7 @@
     "fs-extra": "^8.1.0",
     "jose": "^1.24.0",
     "moment": "^2.24.0",
-    "node-forge": "^0.10.0",
+    "node-forge": "^1.3.1",
     "ocsp": "^1.2.0",
     "server-destroy": "^1.0.1"
   },

package/CHANGELOG.md DELETED Viewed

@@ -1,101 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [2.2.0] - 2021-03-08
-### Changed
-  - Now includes the latest Let’s Encrypt certificate authority root certificate for the staging environment. (This is automatically injected into your Node.js environment when running the server in staging mode and is used during testing.)
-### Fixed
-  - No longer crashes when checking for certificate renewal. (#34)
-### Improved
-  - npm package size is now 199.7kb (down from 345kb previously).
-## [2.0.6] - 2021-02-16
-### Fixed
-  - Assignment to constant. This would have caused a crash when a `Retry-After` header was received from Let’s Encrypt.
-### Improved
-  - Developer documentation. Now lists value to be added to hosts files to run local tests.
-## [2.0.5] - 2020-10-29
-### Improved
-  - Update dependencies to remove npm vulnerability warnings.
-## [2.0.4] - 2020-07-10
-### Fixed
-  - HTTP to HTTPS redirects now start up and work as they should (they weren’t previously).
-## [2.0.3] - 2020-07-10
-### Changed
-  - Update source code repository in npm package to point to GitHub mirror. (The GitHub mirror is the public repository where we can accept issues and pull requests. [The canonical repository](https://source.small-tech.org/site.js/lib/auto-encrypt) is on our own server where we do not accept sign ups as we don’t want it to become yet another centralised host.)
-## [2.0.2] - 2020-07-10
-### Fixed
-  - Links to developer documentation now work everywhere, not just on source code repository web interfaces.
-### Changed
-  - Replaced outdated coverage message in readme and linked to developer documentation for information on tests and coverage.
-## [2.0.1] - 2020-07-03
-### Added
-  - HTTP to HTTPS redirects are now logged.
-## [2.0.0] - 2020-07-03
-### Changed
-  - Breaking change: you no longer have to call AutoEncrypt.shutdown() manually. Closing your server will do it automatically (#33).
-### Added
-  - Automatic HTTP to HTTPS redirection. An HTTP server is now kept running for the lifetime of your HTTPS server and, when it is not responding to Let’s Encrypt challenges, it redirects HTTP calls on port 80 to your HTTPS server (#32).
-## [1.0.3] - 2020-06-20
-### Fixed
-  - Carriage returns are now stripped from Certificate Signing Requests (CSRs) (#31).
-## [1.0.2] - 2020-06-16
-### Fixed
-  - No longer crashes if OCSP request received before certificate created.
-  - Cosmetic: format certificate details nicely in log message.
-  - Minor: fix capitalisation in log message.
-## [1.0.1] - 2020-06-15
-### Changed
-  - Update log format to match Site.js output.
-### Fixed
-  - Remove debug output.
-## [1.0.0] - 2020-04-15
-Initial release.