v3.1.1

Patch Changes

• f706747: Fix security and correctness issues in auth middleware

  • Catch exceptions from malformed auth headers (returns 401 instead of 500)
  • Fix parseCredentials to allow colons in passwords (split on first colon only)
  • Eliminate timing leak in compareCredentials (always evaluate both comparisons)
  • Remove dead pathname option that had no effect

• f706747: Switch npm publishing from token-based auth to OIDC trusted publishing

3.0.1

3.0.1

Patch Changes

• Add artifacts to NPM release

3.0.0

3.0.0

Major Changes

• Use middleware responses instead of api page redirect

  This removes the createApiPage export and uses Middleware responses to serve
  a 401 when basic authentication fails. This requires next >=13.1.

  This is a much cleaner and less hacky approach to return the correct status code to a browser.

  ⚠️ This is a breaking change, please use v2 if you are below next 13.1

2.0.0

2.0.0

• BREAKING CHANGE: Removes SSR Middleware
• BREAKING CHANGE: Updates Next.js middleware to use API pages for 401 error message

Please update to this version if you've been using the v1 Next.js middleware