Version 1.3: Urgent update and update to adapter specification

[pilcrowonpaper]

Hi everyone!

Urgent update

If you're using lucia-auth version 1.2.x, please update to version 1.3.0 immediately. 1.2.x has been deprecated

Version 1.2.0 replaced a dependency for hashing passwords with a web-API friendly version. However, due to miss on my part (broken tests), the new hashing function could not validate hashes generated from the old function, nor could it generate hashes that could be validated in the old function. I do not believe it was a security issue, though a major one nonetheless.

It was such a stupid mistake and I'm embarrassed that it was not caught much earlier.

Moving forward, I'm planning to add some basic tests to the package:

• Validate hashing function against native crypto version
• Check if package builds properly before merge

I want to stress that a major components of the library, the adapters, which does all the querying against your database, has always been tested with our testing package. I hope similar extensive tests can be added to the library, especially since it has started to mature.

Update to adapter specifications

I've updated the docs to be much more clear on what each method is expected to do and not to do. I've removed the requirement to use transactions, and the weird shouldDataBeRemoved() has been marked for deprecation. The testing package includes more tests as well.

All adapters marked as compatible with lucia-auth@^1.0.0 will continue to work. Both @lucia-auth/[email protected] and @lucia-auth/[email protected] requires lucia-auth@^1.3.0.

See all the changes in #526 - Thanks!