From ff8b7c8664c6015f68931812a0a031acb6224225 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 15:39:01 +0000 Subject: [PATCH] chore: update version and changelog --- .changeset/registration-rate-limit.md | 9 --------- CHANGELOG.md | 10 ++++++++++ package.json | 2 +- 3 files changed, 11 insertions(+), 10 deletions(-) delete mode 100644 .changeset/registration-rate-limit.md diff --git a/.changeset/registration-rate-limit.md b/.changeset/registration-rate-limit.md deleted file mode 100644 index c761d64..0000000 --- a/.changeset/registration-rate-limit.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -'seamless-auth-api': patch ---- - -Rate limit the `POST /registration/register` endpoint. - -Registration now applies the same per-IP and per-identity limiters already used by -the OTP and phone-registration routes. This closes an unthrottled path that allowed -registration/OTP spam and account enumeration against the endpoint. diff --git a/CHANGELOG.md b/CHANGELOG.md index 9199b1d..2b0707a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # seamless-auth-api +## 0.2.3 + +### Patch Changes + +- a236888: Rate limit the `POST /registration/register` endpoint. + + Registration now applies the same per-IP and per-identity limiters already used by + the OTP and phone-registration routes. This closes an unthrottled path that allowed + registration/OTP spam and account enumeration against the endpoint. + ## 0.2.2 ### Patch Changes diff --git a/package.json b/package.json index ff420af..26cf8ff 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "seamless-auth-api", - "version": "0.2.2", + "version": "0.2.3", "description": "Seamless Auth API - A web application server for supporting a Seamless Auth server instance.", "main": "index.js", "type": "module",