1.9.0

• Pass invalid csrf token error to next() instead of throwing
• Pass misconfigured error to next() instead of throwing
• Provide misconfigured error when using cookies without cookie-parser
• deps: [email protected]
  • Add sameSite option
  • Fix cookie Max-Age to never be a floating point number
  • Improve error message when expires is not a Date
  • Throw better error for invalid argument to parse
  • Throw on invalid values provided to serialize
  • perf: enable strict mode
  • perf: hoist regular expression
  • perf: use for loop in parse
  • perf: use string concatination for serialization
• deps: csrf@~3.0.3
  • Use tsscmp module for timing-safe token verification
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: http-errors@~1.5.0
  • Add HttpError export, for err instanceof createError.HttpError
  • Support new code 421 Misdirected Request
  • Use setprototypeof module to replace __proto__ setting
  • deps: [email protected]
  • deps: statuses@'>= 1.3.0 < 2'
  • perf: enable strict mode
• perf: enable strict mode
• perf: remove argument reassignment