Releases: DevilsDev/rag-pipeline-utils
Releases · DevilsDev/rag-pipeline-utils
v2.3.1: Security Enhancements & Documentation Updates
🔒 Security Enhancements
This patch release includes all security enhancements from v2.3.0, resolving the npm publishing conflict.
JWT Validation
- Advanced replay protection with self-signed token reusability
- Consistent strictValidation behavior - issuer/audience validation properly controlled
- Race condition mitigation in concurrent token verification
- Separate tracking for reusable vs. single-use tokens
Path Traversal Defense
- Iterative URL decoding (up to 5 passes) to catch sophisticated attacks
- Double-encoded path detection:
%252e%252e%252f→%2e%2e%2f→../ - Malformed encoding handling - treated as attack indicator
- Critical violations always throw regardless of configuration
Defense-in-Depth Architecture
- Path traversal violations always throw, even with
throwOnInvalid=false - Object depth limit violations always throw to prevent DoS
- Enhanced security monitoring with blocked attempt tracking
- Comprehensive audit event logging
📚 Documentation Updates
- Updated version references throughout README.md
- Corrected roadmap timelines to reflect 2026 targets
- Added v2.3.1 changelog entry
- Updated PROJECT_ROADMAP with realistic feature targets
✅ Quality Metrics
- 113 security tests passing across 2 dedicated security suites
- Zero production vulnerabilities (
npm audit --production) - All CI workflows passing (lint, test, build, security)
- 100% backward compatible with v2.3.0
📦 Installation
```bash
npm install @devilsdev/rag-pipeline-utils@2.3.1
```
🔗 Links
🤖 Generated with Claude Code
v2.3.0: Security Enhancements & CI/CD Improvements
🔐 Security Enhancements
- JWT Replay Protection: Advanced token tracking with self-signed token reusability
- Path Traversal Defense: Multi-layer protection with iterative URL decoding
- Plugin Signature Verification: Ed25519-based plugin authentication
- Input Sanitization: Comprehensive protection against XSS, SQL injection, and command injection
🚀 CI/CD & Testing
- Codecov Integration: Complete coverage tracking and reporting
- All CI Workflows Passing: 100% success rate across all pipelines
- Test Coverage: 1706 tests passing across Node 18, 20, 22
- Zero Linting Errors: Down from 1012 issues to 0 errors
📚 Documentation
- Updated roadmap reflecting 2026 timeline
- Reorganized internal documentation structure
- Enhanced security documentation
- Comprehensive migration guides
🛠️ Development Tools
- Enhanced hot-reload capabilities
- Improved error handling utilities
- Better build and verification scripts
📦 Package Quality
- Package size: 327.5 KB (150 files)
- Node.js 18+ required
- Zero production vulnerabilities
- License compliance verified
🔧 Bug Fixes
- Fixed package-lock.json synchronization
- Resolved license compliance issues
- Fixed environment-specific test failures
- Improved CI/CD reliability
📖 Full Documentation
📥 Installation
```bash
npm install @devilsdev/rag-pipeline-utils@2.3.0
```
Note: v2.3.0 is 100% backward compatible with v2.2.x
v2.2.1 - Documentation & Compatibility Improvements
🚀 What's Changed
Documentation
- Improved README: Complete rewrite with community-focused content, clear value proposition, and architecture diagrams
- Organized Internal Docs: Moved all internal documentation to
docs/internal/directory for better organization
Bug Fixes
- Node.js Compatibility: Fixed
isolated-vmdependency compatibility for Node 18-22 (downgraded from 6.0.1 to 5.0.4) - License Consistency: Updated all license references to GPL-3.0
- Logging Fix: Preserved Error object properties in secure logging redaction
Security & Quality
- File Exposure: Updated
.npmignoreto exclude internal documentation from npm package - Test Coverage: All 918 tests passing
- Zero Production Vulnerabilities: Clean
npm audit --production
📦 Installation
npm install @devilsdev/rag-pipeline-utils@2.2.1🔗 Links
- npm Package: https://www.npmjs.com/package/@devilsdev/rag-pipeline-utils/v/2.2.1
- Full Changelog: v2.1.7...v2.2.1
Full Changelog: v2.1.7...v2.2.1