Sourced from koa's releases.

v3.2.1

What's Changed

• fix: request.length overflows on Content-Length > 2GB by @​tejgokani in koajs/koa#1961

New Contributors

• @​tejgokani made their first contribution in koajs/koa#1961

Full Changelog: koajs/koa@v3.2.0...v3.2.1

v3.2.0

What's Changed

• docs: remove dead Job Board links by @​Jerry-CodeHub in koajs/koa#1926
• build(deps-dev): bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in koajs/koa#1927
• chore: Add workflow_dispatch trigger to npm-publish workflow by @​Copilot in koajs/koa#1930
• feat: defer AsyncLocalStorage creation for v8 startup snapshots by @​killagu in koajs/koa#1946

New Contributors

• @​Jerry-CodeHub made their first contribution in koajs/koa#1926
• @​killagu made their first contribution in koajs/koa#1946

Full Changelog: koajs/koa@v3.1.2...v3.2.0

v3.1.2

What's Changed

• fix: typo in troubleshooting.md by @​WuMingDao in koajs/koa#1916
• build(deps-dev): bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in koajs/koa#1921
• build(deps): bump http-errors from 2.0.0 to 2.0.1 by @​dependabot[bot] in koajs/koa#1919
• build(deps): bump mime-types from 3.0.1 to 3.0.2 by @​dependabot[bot] in koajs/koa#1918
• docs: use correct term "Server-Sent Events" in guide by @​jtr860830 in koajs/koa#1920
• build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @​dependabot[bot] in koajs/koa#1917
• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in koajs/koa#1922
• fix(security): Host Header Injection via ctx.hostname by @​killagu GHSA-7gcc-r8m5-44qm

New Contributors

• @​WuMingDao made their first contribution in koajs/koa#1916
• @​jtr860830 made their first contribution in koajs/koa#1920

Full Changelog: koajs/koa@v3.1.1...v3.1.2

v3.1.1

What's Changed

• fix: only original value destroy if the new value is not a stream by @​yowainwright in koajs/koa#1914

Full Changelog: koajs/koa@v3.1.0...v3.1.1

v3.1.0

What's Changed

• feat: fixes mem leak relating to issue-1834 by @​yowainwright in koajs/koa#1893
• fix: adds steam clean up by @​yowainwright in koajs/koa#1910

... (truncated)

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

• 6984592 3.2.1
• 3f3ac48 fix: request.length overflows on Content-Length > 2GB (#1961)
• e0ba8ef 3.2.0
• 2503a1f feat: defer AsyncLocalStorage creation for v8 startup snapshots (#1946)
• d3ea8bf chore: Add workflow_dispatch trigger to npm-publish workflow (#1930)
• 3b0508e build(deps-dev): bump qs from 6.14.1 to 6.14.2 (#1927)
• fd11140 docs: remove dead Job Board links (#1926)
• c5a52e0 3.1.2
• 55ab9ba Merge commit from fork
• fecd464 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922)
• Additional commits viewable in compare view

This version was pushed to npm by GitHub Actions, a new releaser for koa since your current version.

Sourced from oidc-provider's releases.

v9.8.5

Fixes

• escape default html helper output in shouldChange functions (f688321)

Documentation

• note helpers requiring deployment customization (567e551)

v9.8.4

Refactor

• detect non-node runtimes before checking for LTS (b3be0fd), closes #1424
• isolate SSRF dispatcher protection (1f64996)

v9.8.3

Fixes

• await registration token policy (6269602)
• pass ciba user code to verifier (a340869)
• reject malformed dpop htu with a clearer message (1b6146c)
• select signing keys for jwt access tokens (1d6df9c)
• validate ciba notification tokens (2807a8f)

v9.8.2

Fixes

• html-escape debug data sent to development-only interactions (924d25c), closes #1414

v9.8.1

Refactor

• relax native app custom URI scheme validation (75be6ce), closes #1411

v9.8.0

Features

• promote rpMetadataChoices to stable (cc8cfcc)

Refactor

• do not depend on undici being part of the bundle (2ffec73)

v9.7.1

Refactor

• CIMD: filter unrecognized array members before validating (969edba), closes #1398
• fetch_body_check.js now returns early when limit is Infinite (a794f51)

... (truncated)

Sourced from oidc-provider's changelog.

9.8.5 (2026-06-15)

Fixes

• escape default html helper output in shouldChange functions (f688321)

Documentation

• note helpers requiring deployment customization (567e551)

9.8.4 (2026-05-29)

Refactor

• detect non-node runtimes before checking for LTS (b3be0fd), closes #1424
• isolate SSRF dispatcher protection (1f64996)

9.8.3 (2026-04-27)

Fixes

• await registration token policy (6269602)
• pass ciba user code to verifier (a340869)
• reject malformed dpop htu with a clearer message (1b6146c)
• select signing keys for jwt access tokens (1d6df9c)
• validate ciba notification tokens (2807a8f)

9.8.2 (2026-04-17)

Fixes

• html-escape debug data sent to development-only interactions (924d25c), closes #1414

9.8.1 (2026-04-15)

Refactor

• relax native app custom URI scheme validation (75be6ce), closes #1411

9.8.0 (2026-04-07)

Features

... (truncated)

• 40ad405 chore(release): 9.8.5
• 082c9d4 chore: update docs/README.md cautions
• 567e551 docs: note helpers requiring deployment customization
• f688321 fix: escape default html helper output in shouldChange functions
• cb81029 chore: use the new RFC Editor links
• 6dc484a chore(deps): bump the actions group with 2 updates
• 570bc8b chore(release): 9.8.4
• b3be0fd refactor: detect non-node runtimes before checking for LTS
• 6e075e4 chore: bump packages
• 7982ddc chore: bump packages
• Additional commits viewable in compare view

This version was pushed to npm by GitHub Actions, a new releaser for oidc-provider since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.