v2.2.0

Added

• New config option:
  • allowDots boolean: if set, allows dots in the user-supplied data #41

Fixed

• Prevent null pointer exception when using dryRun option #88

v2.1.0

Added

• New config options:
  • onSanitize callback: this will be called after the request's value was sanitized, with two named parameters: the key that was sanitized, and the raw req object.
  • dryRun boolean: if set, sanitization will not take place. Useful when combined with onSanitize to report on the keys which would have been sanitized.
• TypeScript types
• Official support for node v16.

v2.0.2

Fixed

• Fixed a prototype pollution security vulnerability. #34

Updated

• Update dependencies.

v2.0.1

Updated

• Update dependencies and test against node 14.

Changed

• Use ESLint instead of JSHint for code linting.
• Use GitHub Actions for CI instead of Travis.

v2.0.0

Added / Breaking

• Support sanitization of headers. #5

Note that if you weren't previously expecting headers to be sanitized, this is considered a breaking change.

Breaking

• Drop support for node versions < 10.

v1.3.2

Fixed

• Fixed an issue when using the sanitizer in the node REPL. #3

v1.3.1

Fixed

• Fixed an issue with objects containing prohibited keys nested inside other objects with prohibited keys. #2
• Added a more robust check for plain objects.

v1.3.0

Added

• A new function has, which checks whether a passed object/array contains any keys with prohibited characters.

v1.2.0

Added

• A new option replaceWith which can be used to replace offending characters in a key. This is an alternative to removing the data from the payload.

v1.1.0

Added

• The middleware also now sanitizes keys with a .. This is in line with Mongo's reserved operators.