hackathon-starter

Breaking Changes

• Express 5.x upgrade — review middleware compatibility and error handling changes
• axios → Node.js fetch — update any direct axios imports or interceptor logic; verify request/response handling

Security

• CVE-2025-29036: Fixed Host-header injection in password reset & email verification
• Replaced MD5 with SHA256 for Gravatar generation
• Added Multer upload s...

Security Enhancements

• Added URL validation for redirects through session.returnTo (CWE-601).
• Fixed OAuth state parameter generation and handling to address CSRF attack vectors in the OAuth workflow.
• Added additional sanitization for user input in database queries using $eq in MongoDB.

API and Integration:

• Unified formatting for authentication parameters in route definitions and pass...

8.0.0 (July 28, 2023)

• Security: Renamed the cookie and set secure attribute for cookie transmission when https is present
• Security: Migrated off known deprecated, vulnerable or unmaintained dependencies
• Security: Added express rate limiter
• Added additional sanitization and validation for external inputs. Lusca provides input protection. The additional sanitization and validation...

• Dropped support for Node.js <16
• Switched to Bootstrap 5
• Removed older Bootstrap 4 themes
• Updated dependencies

6.0.0 (January 2, 2020)

• Dropped support for NodeJS 8.x, due to its EOL
• Use HTML5 native client form validation (thanks to @peterblazejewicz)
• Fix navbar rendering issues when using themes (thanks to @peterblazejewicz)
• Fix button formatting issues when applying themes (thanks to @peterblazejewicz)
• Fixed drop down menu to show correct formatting from the theme (thanks to @jonasrosl...

5.2.0 (July 28, 2019)

• Added API example: Google Drive (thanks to @tanaydin)
• Added Google Sheets API example (thanks to @clarkngo)
• Added HERE Maps API example
• Added support for Intuit Quickbooks API
• Improved Lob.com API example
• Added support for email verification
• Added support for refreshing OAuth tokens
• Fixed bug when users attempt to login by email for accounts that a...

Re-release of 5.1.4 since the original released missed to include "Adding Node.js 12 to the Travis build"

5.1.4 (May 14, 2019)

• Migrate from requestjs to axios (thanks to @FX-Wood)
• Enable page templates to add items to the HTML head element
• Fix bold font issue on macs (thanks to @neighlyd)
• Use BASE_URL for github
• Update min node engine to require Feb 2019 NodeJS security release
• Add Node.js 12 to the travis build
• Update dependencies
• Update documentation (thanks in part to @a...

5.1.3 (April 7, 2019)

• Update Steam API Integration
• Upgrade flatly theme files to 4.3.1
• Migrate from bcrypt-nodejs to bcrypt
• Use BASE_URL for twitter and facebook callbacks
• Add a ChartJS example in combination with Alpha Vantage API usage (thanks to @T-travis)
• Improve Github integration – use the user’s private email address if there is no public email listed (thanks to @danie...

5.1.2 (January 13, 2019)

• Added Login by Snapchat (thanks to @nicholasgonzalezsc)
• Migrate the Foursquare API example to use Axios calls instead of the npm library.
• Fixed minor visual issue in the web scraping example.
• Fixed issue with Popper.js integration (thanks to @binarymax and @Furchin)
• Fixed wrapping issues in the navbar and logo indentation (thanks to @estevanmaito)
• Fix...