Skip to content

CHANGELOG.md

Latest commit

 

History

History
182 lines (108 loc) · 21.7 KB

CHANGELOG.md

File metadata and controls

182 lines (108 loc) · 21.7 KB

nostream

3.0.0

Major Changes

  • #524 b3effd1 Thanks @vikashsiwach! - Use exact pubkey matching for fee-schedule whitelists and event pubkey whitelist/blacklist checks.

  • #574 f1c1118 Thanks @Mahmoud-s-Khedr! - Add a brand-new unified nostream CLI/TUI that replaces the legacy scripts/* shell wrappers for lifecycle, setup, info, config, data, and development workflows.

    Fixes - fixed some consistnacy issues after the migration from npm to pnpm

Minor Changes

  • #522 7edd6c3 Thanks @a-khushal! - added NIP-45 COUNT support with end-to-end handling (validation, handler routing, DB counting, and tests).

  • #629 36f8bad Thanks @Anshumancanrock! - feat: NIP-42 AUTH handler and WebSocket session wiring

  • #534 a07b0f6 Thanks @archief2910! - Add hot-path PostgreSQL indexes for subscription, vanish, retention, and invoice queries; add db:benchmark and db:verify-index-impact tooling; document index rationale and benchmarking. Closes #68.

  • #556 d8f62b4 Thanks @saniddhyaDubey! - perf: added k6 performance tests for connection and message rate limiting

  • #623 54139ed Thanks @saniddhyaDubey! - new user-facing config field

  • #476 49322a9 Thanks @saniddhyaDubey! - Add EWMA rate limiter with configurable strategy support

  • #602 d3ba328 Thanks @CKodidela! - Add relay support for the Marmot Protocol (E2EE group messaging over Nostr).

    Supported MIPs: 00 (KeyPackages), 01 (Group Construction), 02 (Welcome Events), 03 (Group Messages).

    • kind 443 (legacy KeyPackage): stored as a regular event
    • kind 10051 (KeyPackage relay list): stored as a replaceable event
    • kind 30443 (KeyPackage): stored as a parameterized-replaceable event with d-tag deduplication
    • kind 444 (Welcome rumor): blocked from direct publishing; must travel inside a kind 1059 gift wrap
    • kind 445 (Group Event): dedicated strategy validates the required h tag (nostr_group_id) before storing; #h tag subscriptions work via the existing generic tag index
    • NIP-11 relay info now advertises supported_mips: [0, 1, 2, 3]

  • #515 5c12f36 Thanks @archief2910! - Add NIP-03 OpenTimestamps support for kind 1040 events: structural .ots validation, Bitcoin attestation requirement, digest match to the referenced e tag, and relay metadata updates (#105).

  • #589 25d5405 Thanks @CKodidela! - Add NIP-25 Reactions support for kind 7 and kind 17 events: reaction utility helpers (isReactionEvent, isExternalContentReactionEvent, isLikeReaction, isDislikeReaction, parseReaction), schema validation enforcing required e tag on kind 7 and required k/i tags on kind 17, unit tests, and integration tests.

  • #585 ce59383 Thanks @CKodidela! - Add NIP-65 Relay List Metadata support for kind 10002 events: relay list utility with isRelayListEvent and parseRelayList helpers, unit tests, and relay information document updated to advertise NIP-65 (#577).

  • #514 214bef5 Thanks @Anshumancanrock! - Add gzip and xz compression support to event import/export flows.

    • Export supports --compress/-z with --format gzip|gz|xz.
    • Import auto-detects compressed input by extension and magic bytes and decompresses in a stream pipeline.
    • Includes docs updates and unit/integration test coverage for compression paths.

  • #628 ce7b838 Thanks @Ferryx349! - refactor(http): remove deprecated network.remote_ip_header fallback and rely on network.remoteIpHeader

  • #539 bdd4f6b Thanks @Justxd22! - Add NWC (NIP-47) as a payments processor for admission invoices, including configurable invoice expiry and reply timeout handling, compatibility for legacy NWC URI schemes, and docs/env updates.

  • #497 e1a7bfb Thanks @phoenix-server! - Release highlights:

    Features

    • NIP-05 verification support (#463)
    • NIP-17 & NIP-44 v2 Modern Direct Messages (#458)
    • NIP-62 vanish event support (#418)
    • Vanish optimization (#446)
    • Export events to JSON Lines format (#451)
    • Import .jsonl events into events table (#414)
    • Opt-in event retention purge (#359, #412)
    • Wipe events table script (#450)
    • Nginx reverse proxy in docker-compose (#423)
    • Docker DNS pre-flight check for connectivity verification (#398)
    • Strict validation for payment callbacks (#426)
    • Real home page with templated pages (#409)

    Bug Fixes

    • NIP-01 compliance: deterministic event ordering by event_id
    • NIP-01 compliance: correct dedup keys for parametrized replaceable events (#480)
    • NIP-01 replaceable event tiebreaker (#416)
    • NIP-11 served only on root path instead of relay path (#399)
    • Dockerfile: run database migrations in CMD (#422)
    • Added expired_at filter to message pipeline (#403)
    • Removed unsafe-inline and implemented script nonces for CSP hardening (#394)
    • Axios upgraded to fix CVE-2025-62718 (#466)

    Refactors & Chores

    • Migrated validation from Joi to Zod (#484)
    • Migrated linting and formatting to Biome (#452)
    • Converted user admission to PostgreSQL stored function (#428)
    • Upgraded to Node.js 24 LTS (#419)
    • Updated dependencies (express, body-parser, js-yaml, axios)

  • #622 6a0a5fa Thanks @Anshumancanrock! - feat: add NIP-42 types, schemas and constants

Patch Changes

  • #555 ddc811d Thanks @Anshumancanrock! - Migrate project tooling from npm to pnpm across CI workflows, Docker setup, hooks, and contributor commands.

  • #600 dfa2838 Thanks @saniddhyaDubey! - fix: maxLimit checks added to subscription message handler

  • #572 b718036 Thanks @dependabot! - Bump dev dependency uuid from 8.3.2 to 14.0.0

  • #616 f9f6d64 Thanks @Anshumancanrock! - fix: check payments.enabled in callback route middleware

  • #597 7da1b9a Thanks @Anshumancanrock! - refactor: only register OpenNode, LNbits, and Zebedee callback routes when their processor is active

  • #438 f5ba023 Thanks @tharu-jwd! - fix: close dead connections even if they have active subscriptions

  • #546 faa7ed2 Thanks @Justxd22! - Fix root HTML negotiation and subpath-aware template links behind trusted proxies.

  • #613 36e5af8 Thanks @dependabot! - chore(deps): bump axios from 1.15.1 to 1.15.2

  • #617 50822b9 Thanks @dependabot! - chore(deps): bump fast-uri from 3.1.0 to 3.1.2

  • #618 c6368db Thanks @dependabot! - chore(deps): bump ws from 8.20.0 to 8.20.1

  • #620 dac92b4 Thanks @dependabot! - chore(deps): bump uuid from 8.3.2 to 14.0.0

  • #630 1295272 Thanks @dependabot! - chore(deps): bump axios from 1.15.2 to 1.16.0

  • #575 b7324a6 Thanks @kanishka0411! - Expire stale pending invoices when LNbits no longer has the invoice or reports it as unpaid past its expiry time.

  • #592 0119c74 Thanks @Anshumancanrock! - Security: override serialize-javascript to >=7.0.3 (CVE RCE, GHSA-5c6j-r48x-rmvq)

  • #553 3c78e61 Thanks @Anshumancanrock! - Fix replaceable batch upserts to apply NIP-01 tie-breaker semantics when timestamps are equal by comparing event IDs.

  • #583 321a9cc Thanks @kanishka0411! - Allow generic tag filters to match empty string tag values.

  • #586 2418209 Thanks @kanishka0411! - Implement geohash wildcard/prefix behavior for #g filters (closes #265): a criterion ending in * matches any event g tag whose value starts with the prefix before *; exact matching (no *) is unchanged. Only normal geohash prefixes are intended as input. This is a Nostream extension, not part of NIP-12.

  • #584 a6d32b1 Thanks @Anshumancanrock! - Use timingSafeEqual for Nodeless webhook HMAC verification and guard against missing NODELESS_WEBHOOK_SECRET

  • #591 f31be1c Thanks @Priyanshubhartistm! - fix: add husky install fallback for non-dev environments

  • #551 7fc0552 Thanks @CKodidela! - Add unit tests for InvoiceRepository and UserRepository with sinon-stubbed DB client

  • #538 9496685 Thanks @saniddhyaDubey! - Fix: Restore CONFIGURATION.md with proper settings and remove duplicate changesets created during recovery

  • #557 32a1ec5 Thanks @a-khushal! - update NIP-11 relay info fields and CORS, with test and docs updates

  • #593 f599b1d Thanks @YashIIT0909! - fix: resolve TOCTOU race condition and key collisions in SlidingWindowRateLimiter

  • #511 a38d402 Thanks @Priyanshubhartistm! - Migrate runtime logging to pino across adapters, services, workers, and controllers, and stabilize CI-related fixes for coverage and integration workflows after rebasing.

  • #552 25f9637 Thanks @vikashsiwach! - Add integration tests for NIP-02 contact lists (Kind 3)

  • #527 4d030c7 Thanks @kanishka0411! - Add NIP-11 integration tests and fix max_filters mapping in relay information document.

  • #547 664168a Thanks @Priyanshubhartistm! - Improve NIP-22 created_at limit handling coverage and boundary reliability.

    This adds integration coverage for accepted and rejected events across configured positive and negative created_at deltas, and keeps rejection semantics consistent (rejected) for out-of-range timestamps.

  • #537 a89a95e Thanks @vikashsiwach! - Add NIP-62 integration tests for Request to Vanish

  • #643 faf55f1 Thanks @Anshumancanrock! - feat: add NIP-70 protected event detection utility

  • #596 250c767 Thanks @CKodidela! - Normalize runCommandWithOutput to return a CommandResult discriminated union instead of rejecting on spawn errors, fixing a crash in info --json when Docker is not installed.

  • #625 69d6187 Thanks @Ferryx349! - Refactor EventRepository query construction to reduce method complexity.

  • #497 e1a7bfb Thanks @phoenix-server! - Replace semantic-release with changesets for explicit PR-level version management. Contributors now add a changeset file per PR; the Changesets Release workflow handles version bumps and GitHub releases.

  • #627 c87dd03 Thanks @Ferryx349! - test(integration): verify response content-type across core HTTP paths

  • #562 de14f3c Thanks @Priyanshubhartistm! - Add integration test coverage for NIP-04 encrypted direct messages (kind 4).

  • #525 b09e23a Thanks @kushagra0902! - Dedup keys were taking multiple tags, that was not according to NIP-01 behaviour.

  • #568 c0c1c35 Thanks @tharu-jwd! - fix: static mirroring silently drops events when mirror has no limits configured

  • #604 40abf66 Thanks @phoenix-server! - Add unit tests for maintenance service factory instantiation and dependency wiring.

  • #493 5bf1a58 Thanks @kanishka0411! - Fix IP spoofing via unconditional trust of x-forwarded-for header

  • #606 47a9f4e Thanks @phoenix-server! - Add unit tests for maintenance-worker-factory with 100% code coverage

  • #545 a9ae0cd Thanks @Justxd22! - Fix Redis cache connection config to skip AUTH when REDIS_PASSWORD is unset

  • #548 00240a9 Thanks @CKodidela! - Support uppercase tag filters (#A-Z) in filter schema validation

  • #566 8eee70f Thanks @a-khushal! - add support for NIP-14 subject tags in text notes, with units tests to validate parsing and repository behavior