juice-shop/juice-shop v5.0.0

on GitHub

Incompatible Changes

• Official node.js version compatibility has been reduced to 6.x and 8.x while dropping 4.x
• #361: Docker images have been reduced to the following tags running on node.js 6.x:
  • latest for current official release (from master branch)
  • snapshot for upcoming release preview (from develop branch)

Features

• #328: Added Product Reviews to the product details dialog and introduced a separate MongoDB storage for those (kudos to @J12934)

Challenges

• #328: Added two new NoSQL Injection challenges (both 3-star)
• #368, #369: Added two new Typosquatting challenges (3-star and 4-star)
• Introduced new challenge category Known Vulnerable Components which contains the challenges
  • Typosquatting and
  • Vulnerable Library (formerly named Vulnerable Component)

Bugfixes

• Corrected key for Quantity label on Recycling section of admin page

Miscellaneous

• #362: increased user immersion in customized themes by removing all leftover direct references to juice or the OWASP Juice Shop project itself

Refactoring

• ES6ified server side code & tests using lebab (let, for-of, for-each and arrow transforms)
• #164: Migrated all API tests to frisby.js 2.x and and Jest as test runner
• #372: Migrated API suite from deprecated istanbul to nyc coverage tool