v1.0.0

• First stable release 🎉
• No changes from v0.9.0, but now that v1 has been reached, the caveat for pre-1.0 versions in the stability policy no longer applies: v1.x versions may contain internal breaking changes, while breaking changes to the public interface will not happen before v2.

v0.9.0

• The new accessToken option can be used to set the Authorization header more easily. The previous authorization option is kept for compatibility, but deprecated, demoted to the internal interface, and will be removed in a future minor version.
• m3api now includes TypeScript .d.ts declaration files in the types/ directory. Hopefully these will be useful to some users of the library.
• Clarified DEFAULT_OPTIONS conventions a bit (adding errorHandlers is fine).
• Added usage recommendations to the README.
• Updated dependencies.

v0.8.4

crossorigin parameter support.

• Added experimental support for the upcoming crossorigin API parameter (added in Gerrit change I41200852ee for T322944). This may be reverted in a future release if the MediaWiki change is not merged after all.
• Updated dependencies.

v0.8.3

Mainly a fix for m3api-oauth2 after changes in MediaWiki.

• Updated the link to the User-Agent policy after it was moved from metawiki to foundationwiki.
• Optimized the internal encoding of POST requests; this also fixes m3api-oauth2 when targeting wikis running MediaWiki 1.43 or later.
• Updated dependencies.

v0.8.2

• Error responses with non-200 HTTP status codes are now supported, as long as the MediaWiki-API-Error response header is present to indicate that the response represents a regular error and not an internal error. (The status code is ignored; the response body is expected to contain a response with one or more regular errors.)
• Updated dependencies.

v0.8.1

• Updated undici, avoiding CVE-2023-45143. The potential impact of this security vulnerability should have been very low: when using the fetch-node backend and a cookie-based session type, an attacker with the ability to create an open redirect on the target API could potentially have obtained session cookies for the API. (I see no reason to expect an open redirect vulnerability to exist in the action API: I’m not aware of any API action that issues HTTP-level redirects at all.)
• Updated dependencies.

v0.8.0

More modern Node requirement, file upload support.

• BREAKING CHANGE: m3api now requires at least Node.js version 18.2.0, up from Node 12.22.0 or Node 14.17.0 previously. The internal breaking changes below are also related to this.
• Internal Breaking Change: The file add-performance-global.js has been removed, as it is no longer needed.
• Internal Breaking Change: The file axios.js has been removed, as axios is no longer used. Its role has been taken over by fetch-node.js.
• Internal Breaking Change: The file fetch.js is no longer suitable for use in Chrome-like browsers. The functionality of renaming the user-agent request header to api-user-agent has been moved to fetch-browser.js.
• m3api now uses fetch() on all supported platforms. The public interface, browser.js and node.js, can be used as before. The internal interface has been rearranged, with fetch.js now used for both backends, augmented by fetch-browser.js and fetch-node.js.
• m3api now supports Blob and File parameters in POST requests. This can be used to upload files.
• Improved README.md formatting for npmjs.com.
• Updated dependencies.

v0.7.3

Custom error handler support for m3api-oauth2.

• The new errorHandlers option can be used to customize error handling. It is only part of the internal interface, not of the stable, public interface. Using this options, extension packages or end users can register handlers for certain API error codes; the handlers can e.g. perform necessary cleanup actions and/or retry the request. The existing support for retrying after maxlag, readonly or badtoken errors is now also internally implemented in terms of this new option.
• Updated dependencies.

v0.7.2

• Internal Breaking Change: The signature of the internalGet() and internalPost() methods has changed; an apiUrl string has been addded as the first parameter, and the last parameter is now a headers object instead of a userAgent string. The apiUrl should always be used instead of this.apiUrl. In headers, the header names are always in all-lowercase, so you can safely get the userAgent value as headers['user-agent'].
• m3api now has a stable interface policy, see README.md § stability. Internal breaking changes, such as the one above, do not require bumping the major version number.
• The new authorization request option can be used to set an Authorization: request header. This will be used by the upcoming m3api-oauth2 package to support OAuth 2.0; you can also use it directly using the access token of an owner-only client.
• The apiUrl member of a Session is now public. This will be used by m3api-oauth2.
• A new protected method, getUserAgent(), can be used to get the user agent for a request. This will be used by m3api-oauth2.
• The dropTruncatedResultWarning didn’t work properly when using the default errorformat on current MediaWiki versions; this has been fixed. (It’s still a good idea to set a non-bc error format in general.)
• Exclude axios 1.2.0, which should not be used due to a bug.
• Updated other dependencies.

v0.7.1

Documentation-only release.

• Publish documentation on GitHub pages: latest version, v0.7.1.
• Add a @typedef for Options, the request options; this may help if you are using m3api with TypeScript or in an IDE.
• Updated dependencies.