From c243ab2ad335d03e0342db92fd8db4ba61992f77 Mon Sep 17 00:00:00 2001
From: Rob Allen <rob@akrabat.com>
Date: Mon, 22 Jan 2024 09:31:42 +0000
Subject: [PATCH 1/4] Update Changelog

---
 CHANGELOG.md | 64 ++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 50 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c577ad7..5e0b034 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,22 +1,58 @@
 # Change Log
 
-## 2016-08-14
+See https://github.com/slimphp/Slim-Csrf/releases for a full list
 
-Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:
+## 1.4.0
 
-- `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
-- `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
-- `public setPersistentTokenMode`
-- `public getPersistentTokenMode`
+- Added: Allow to set token name and value in header
 
-Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.
+## 1.3.0
 
-The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.
+- Added: Support for PSR-12
+- Added: Add XOR to token to avoid BREACH attack
+- Change: PHP 7.3 is no longer supported
 
-### Tests added:
+## 1.2.1
+
+- Added: Implement iterator support for getLastKeyPair
+
+## 1.2.0
+
+- Added: Support PHP 8
+- Changed: Remove support for PHP 7.1 and 7.2
+
+## 1.1.0
+
+- Changed: `remoteTokenFromStorage()` is now public
+- Changed: Don't allow token in the body of a GET request
+- Fixed: Prevent replay attack by removing token on valdiation
+
+## 1.0.0
+
+- Added: PSR-15 support
+
+## 0.8.3
+
+ - Fixed: Widen random_compat constraint in composer.json
+
+## 0.8.2
+
+- Fixed: Attach token name and value to request when persist mode is on
+
+## 0.8.1
+
+- Fixed: Default stroageis now $_SESSION again
+
+## 0.8.0
+
+- Added: Now supports "persistence mode", to persist a single CSRF name/value pair throughout the life of a user's session.  Added the following methods:
+
+  - `protected getLastKeyPair` - gets the most recently generated key/value pair from storage.
+  - `protected loadLastKeyPair` - gets the most recently generated key/value pair from storage, and assign it to `$this->keyPair`.
+  - `public setPersistentTokenMode`
+  - `public getPersistentTokenMode`
+
+  Note that if CSRF token validation fails, then the token should be renewed regardless of the persistence setting.
+    
+  The methods `getTokenName` and `getTokenValue` now return `null` if `$this->keyPair` has not yet been set.
 
-- `testPersistenceModeTrueBetweenRequestsArray` - Token should persist between requests after initial creation, when stored in an array.
-- `testPersistenceModeTrueBetweenRequestsArrayAccess` - Token should persist between requests after initial creation, when stored in an ArrayObject.
-- `testPersistenceModeFalseBetweenRequestsArray` - Token should be changed between requests, when stored in an array.
-- `testPersistenceModeFalseBetweenRequestsArrayAccess` - Token should be changed between requests, when stored in an ArrayObject.
-- `testUpdateAfterInvalidTokenWithPersistenceModeTrue` - New token should be generated after an invalid request, even if persistence mode is enabled.
\ No newline at end of file

From 7d1c2a34c7be452ffd9dbed38ea348c4a816228c Mon Sep 17 00:00:00 2001
From: Daniel Opitz <d.opitz@outlook.com>
Date: Sat, 8 Jun 2024 17:13:14 +0200
Subject: [PATCH 2/4] Bump psr/http-message requirement from '^1.0' to '^1.0 ||
 ^2.0'

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 48c1a6a..9deb2e0 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": "^7.4 || ^8.0",
         "psr/http-factory": "^1.0",
-        "psr/http-message": "^1.0",
+        "psr/http-message": "^1.0 || ^2.0",
         "psr/http-server-handler": "^1.0",
         "psr/http-server-middleware": "^1.0"
     },

From bee523e2a56a9241d00d17f67fbf0287ef2c9706 Mon Sep 17 00:00:00 2001
From: Rob Allen <rob@akrabat.com>
Date: Mon, 22 Jan 2024 09:34:23 +0000
Subject: [PATCH 3/4] Support PHP 8.2 and 8.3

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index cf02450..781e9da 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                php: [7.4, 8.0, 8.1]
+                php: [7.4, 8.0, 8.1, 8.2, 8.3]
 
         steps:
             - name: Checkout

From 15c77c73612b214e3b14a4869971bbdd57878b55 Mon Sep 17 00:00:00 2001
From: Rob Allen <rob@akrabat.com>
Date: Mon, 22 Jan 2024 09:36:00 +0000
Subject: [PATCH 4/4] Update CHANGELOG

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e0b034..1d19067 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 See https://github.com/slimphp/Slim-Csrf/releases for a full list
 
+## Next
+
+- Added: Support for PHP 8.2 and 8.3
+
 ## 1.4.0
 
 - Added: Allow to set token name and value in header