Release JavaScript SDK v17.4.1

.github/workflows/test.js.yml

@@ -3,20 +3,32 @@ name: Test-JS
 on:
   pull_request:
     branches: [ master ]
+    paths:
+      - 'sdk/javascript/packages/core/**'
+      - '.github/workflows/test.js.yml'
+
+permissions:
+  contents: read
 
 jobs:
   test-js:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [ '22', '24' ]
+    name: KSM test with Node.js ${{ matrix.node-version }}
     defaults:
       run:
         working-directory: ./sdk/javascript/packages/core
     steps:
-      - uses: actions/checkout@v4
-
-      - name: Use Node.js 20
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          node-version: 20
+          node-version: ${{ matrix.node-version }}
 
       - run: npm install
         env:

sdk/javascript/packages/core/CHANGELOG.md

@@ -0,0 +1,67 @@
+# Change Log
+
+## 17.4.1
+- KSM-901 - Add IL5 (DoD Impact Level 5) region mapping (`IL5` → `il5.keepersecurity.us`)
+- KSM-758 - Replace deprecated `rollup-plugin-sourcemaps@0.6.3` with `rollup-plugin-sourcemaps2@0.5.4` — resolves peer dependency warnings with Rollup 4.x
+- Security: Bump `rollup` devDependency from `^4.52.3` to `^4.60.1` — fixes HIGH severity arbitrary file write via path traversal (CVE affects 4.0.0–4.58.0)
+
+## 17.4.0
+- KSM-669 - Crypto issues when using getFolders() on Cloudflare workers with JS SDK
+- KSM-697 - Fix file permissions for config files (write with 0600 permissions for security)
+- KSM-731 - Fix notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)
+- KSM-739 - Added transmission public key #18 for Gov Cloud Dev support
+- Security: Updated transitive dependencies (glob 10.5.0, js-yaml 3.14.2)
+
+## 17.3.0
+- KSM-534 - Added proxy support
+- KSM-575 - Resolve DOM Clobbering CVE-2024-43788
+- KSM-657 - Added custom caching example
+- KSM-661 - Handle broken records, files, and folders
+
+## 17.2.0
+- KSM-581: Added GraphSync library to read GraphSync links
+
+## 17.1.0
+- KSM-588: Enhance JS SDK to enable editing of external shares
+
+## 17.0.0
+- KSM-574 - Replace Node.js Buffer with Browser-Compatible Alternative
+
+## 16.6.3
+- KSM-489 - Added transaction support for updateSecret
+- KSM-521 - Dependencies upgrade
+- KSM-549 - Stop generating UIDs that start with "-"
+- KSM-556 - Added new field types and updated PAM field types
+
+## 16.6.2
+- KSM-487 - Dependencies upgrade
+
+## 16.6.1
+- KSM-438 - include enterprise logo in KSM response, `extra` field. (related to KA-5546)
+- Bump dependencies
+
+## 16.6.0
+- KSM-412 - Added support for Folders
+- KSM-432 - Improved support for Passkey field type
+- Dependencies upgrade
+
+## 16.5.2
+- KSM-407 - New field type: Passkey
+- KSM-402 - New filed type: script and modification to record types
+- KSM-377 - Added support for PAM record types
+
+## 16.5.1
+- Adding back missing methods for the Notation improvements
+
+## 16.5.0
+- Notation improvements - new parser, notation URIs using record title, new escape characters
+- Creation of the custom fields
+- Logging improvement
+
+## 16.4.0
+- KSM-310 - Improved password generation entropy
+- Record deletion
+
+## 16.3.3
+- KSM-273 - Avoid reliance on external package for file upload with Node
+- Added support to Japan `JP` and Canada `CA` regions

sdk/javascript/packages/core/README.md

@@ -2,66 +2,4 @@
 
 For more information see our official documentation page https://docs.keeper.io/secrets-manager/secrets-manager/developer-sdk-library/javascript-sdk
 
-# Change Log
-
-## 17.4.0
-- KSM-669 - Crypto issues when using getFolders() on Cloudflare workers with JS SDK
-- KSM-697 - Fix file permissions for config files (write with 0600 permissions for security)
-- KSM-731 - Fix notation lookup with record shortcuts (handles duplicate UIDs from shortcuts)
-- KSM-739 - Added transmission public key #18 for Gov Cloud Dev support
-- Security: Updated transitive dependencies (glob 10.5.0, js-yaml 3.14.2)
-
-## 17.3.0
-- KSM-534 - Added proxy support
-- KSM-575 - Resolve DOM Clobbering CVE-2024-43788
-- KSM-657 - Added custom caching example
-- KSM-661 - Handle broken records, files, and folders
-
-## 17.2.0
-- KSM-581: Added GraphSync library to read GraphSync links
-
-## 17.1.0
-- KSM-588: Enhance JS SDK to enable editing of external shares
-
-## 17.0.0
-- KSM-574 - Replace Node.js Buffer with Browser-Compatible Alternative
-
-## 16.6.3
-- KSM-489 - Added transaction support for updateSecret
-- KSM-521 - Dependencies upgrade
-- KSM-549 - Stop generating UIDs that start with "-"
-- KSM-556 - Added new field types and updated PAM field types
-
-## 16.6.2
-- KSM-487 - Dependencies upgrade
-
-## 16.6.1
-- KSM-438 - include enterprise logo in KSM response, `extra` field. (related to KA-5546)
-- Bump dependencies
-
-## 16.6.0
-- KSM-412 - Added support for Folders
-- KSM-432 - Improved support for Passkey field type
-- Dependencies upgrade
-
-## 16.5.2
-- KSM-407 - New field type: Passkey
-- KSM-402 - New filed type: script and modification to record types
-- KSM-377 - Added support for PAM record types
-
-## 16.5.1
-- Adding back missing methods for the Notation improvements
-
-## 16.5.0
-- Notation improvements - new parser, notation URIs using record title, new escape characters
-- Creation of the custom fields
-- Logging improvement
-
-## 16.4.0
-- KSM-310 - Improved password generation entropy
-- Record deletion
-
-## 16.3.3
-
-- KSM-273 - Avoid reliance on external package for file upload with Node
-- Added support to Japan `JP` and Canada `CA` regions
+See [CHANGELOG.md](CHANGELOG.md) for version history.