Verdaccio - Package Updates

Package Updates

[1.71.0]

• Update verdaccio-openid to 0.15.0
• Treat logged users who cannot be authenticated by authorized-groups as not logged in
• feat: use verdaccio's remote user for better compatibility
• feat: optimize and update allow actions

Package Updates

[1.71.1]

• Update verdaccio-openid to 0.15.1

Package Updates

[1.71.2]

• Update verdaccio to 6.1.6
• Full Changelog
• fix(deps): update dependency @cypress/request to v3.0.9 (6.x) by @renovate[bot] in https://github.com/verdaccio/verdaccio/pull/5336
• fix(deps): update dependency compression to v1.8.1 (6.x) by @renovate[bot] in https://github.com/verdaccio/verdaccio/pull/5337

Package Updates

[1.72.0]

• Update verdaccio to 6.2.0
• Full Changelog
• feat: 6.x refactor test and deps by @​juanpicado in #​5315
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5327
• fix: remove unused dependencies by @​juanpicado in #​5349
• fix: filter plugins not loading by @​monholm in #​5382
• fix(deps): update dependency debug to v4.4.3 (6.x) by @​renovate[bot] in #​5387
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5388
• fix: #​5281 view packages logged in by @​juanpicado in #​5399

Package Updates

[1.72.1]

• Update verdaccio-openid to 0.15.2

Package Updates

[1.72.2]

• Update verdaccio to 6.2.1
• Full Changelog
• fix(deps): update core verdaccio dependencies (6.x) by @renovate[bot] in #5440

Package Updates

[1.72.3]

• Update verdaccio to 6.2.2
• Full Changelog
• fix: running without auth plugin (#5466) @mbtools
• fix: notification packages bug #5439 @juanpicado
• fix(proxy): proxy protocol check (#5474) @mbtools

Package Updates

[1.72.4]

• Update verdaccio to 6.2.3
• Full Changelog
• fix(deps): update core verdaccio dependencies (6.x) by @renovate[bot] in #5497
• fix(middleware): dist-tags with scoped packages #5495 https://github.com/orgs/verdaccio/discussions/5483 @mbtools and @stgbmpi

Package Updates

[1.72.5]

• Update verdaccio to 6.2.4
• Full Changelog
• fix: allow docker listen address to be configured (6.x) by @markormesher in #5503

Package Updates

[1.73.1]

• Update verdaccio to 6.2.7
• Full Changelog
• fix(deps): update dependency lodash to v4.17.23 (6.x) by @​renovate[bot] in #​5577
• fix(deps): update dependency cors to v2.8.6 (6.x) by @​renovate[bot] in #​5576
• fix(deps): update dependency semver to v7.7.4 (6.x) by @​renovate[bot] in #​5578
• fix(deps): update dependency @​cypress/request to v3.0.10 (6.x) by @​renovate[bot] in #​5580

Package Updates

[1.73.3]

• Update verdaccio to 6.2.9
• Full Changelog
• Fixed docker publish build wasn't correctly pushing the latest and semantic version tags

Package Updates

[1.74.0]

• Update verdaccio to 6.3.1
• Full Changelog
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5587
• fix(deps): update dependency envinfo to v7.21.0 (6.x) by @​renovate[bot] in #​5590
• fix(deps): update core verdaccio dependencies (6.x) by @​renovate[bot] in #​5613
• fix: error checking storage directory #​5447
• fix(api): remove unnecessary allow check #​5599

Package Updates

[1.75.0]

• Update verdaccio to 6.4.0
• Full Changelog

• Package Filter Plugins (#​5786, #​5548) by @​vsugrob, @​pyhp2017 @​juanpicado @​juanpicado

• Block a compromised package version

• Block an entire malicious scope

• Quarantine recently published versions

• Freeze registry to a point in time

• Whitelist trusted packages within blocked rules

• fix(deps): Updated lodash to v4.18.1 (#​5777)
• fix(deps): Updated core @​verdaccio/* dependencies (#​5674, #​5780)
• fix(middleware): stream is not readable (http 500) #​5655 @​mbtools
• fix: handle missing host header in URL basename resolution eabde8c @​juanpicado

Package Updates

[1.76.0]

• Update verdaccio-openid to 0.17.0
• Full Changelog
• Update verdaccio packages by @​esadakcam in #​19
• Implement atomic WebAuthn token retrieval (61a1ead)
• Improve OpenID configuration discovery (7da942c)
• Enhance plugin access control (0ba2974)
• Remove sensitive token logging (8d9f1d2)
• Refactor CLI token execution (5d7006b)

Package Updates

[1.77.0]

• Update verdaccio to 6.5.2
• Full Changelog
• update ui to major (#5794) (b957c6f) @juanpicado
• Big UI refactoring #5563
• package-filter: fix O(n) complexity in cleanupDistFiles (b15f622) #5797 by @plottodev
• ui search returns no output #5798 (3edd3ee) @juanpicado

Package Updates

[1.78.0]

• Update verdaccio to 6.6.0
• Full Changelog
• feat: update core dependencies by @juanpicado in #5832
• fix(deps): update core verdaccio dependencies (6.x) by @renovate[bot] in #5865
• fix: migrate to run server internally by @juanpicado in #5868
• fix: tarball might fail #5829 by @juanpicado in #5869
• fix(deps): update dependency semver to v7.8.0 (6.x) by @renovate[bot] in #5867

Package Updates

[1.78.1]

• Update verdaccio to 6.6.2
• Full Changelog

Package Updates

[1.79.0]

• Update verdaccio to 6.7.1
• Full Changelog
• feat: update Node.js to 24
• Bumps the project's Node.js baseline to 24 across runtime and container, and adds a startup warning for users still on an older (but supported) Node.
• Node 24 bump: .nvmrc 22 24; Dockerfile base image node:22.22.1-alpine node:24.15.0-alpine (builder + runtime).
• Soft-deprecation warning: new RECOMMENDED_NODE_VERSION = '22' and isVersionRecommended() in src/lib/cli/utils.ts; the init command logs a warn at startup when Node is below the recommendation. MIN_NODE_VERSION stays at '18' no hard break.
• Tests: unit tests for isVersionRecommended and the init warning path.
• Compatibility: minimum supported Node remains 18 (warning only); recommended is 22+; Docker images ship Node 24.

Package Updates

[1.79.1]

• Update verdaccio to 6.7.2
• Full Changelog
• a28cf71: chore: add missing types #5889 by @mbtools