K 10
svn:author
V 8
bdrewery
K 8
svn:date
V 27
2014-04-08T14:08:12.598238Z
K 7
svn:log
V 1183
MFH: r350191

- Update to 0.2.18 [1]
- Remove need for npm at install time [2]
- No longer bundle deps [2]
- Add big warning on how little this project should be trusted

4 versions since previous 0.2.0 had security fixes, some of which were
regresions from the chain. Non-security-marked fixes not listed here, see
changelog [1].

  0.2.4 (2014-03-29)
    SECURITY NOTICE
    This release was flawed since it did not pull it dependencies with it.
  0.2.7 (2014-03-29)
    SECURITY BUGFIX
    The previous releases, v0.2.5 and v0.2.6, had broken verification for
    website proofs. Fixed with an upgrade to proofs v0.0.15
  0.2.13 (2014-04-01)
    SECURITY BUGFIX
    Don't show the GPG script used to generated keys when specifying -d, since
    it contains the users's password
  0.2.14 (2014-04-02)
    SECURITY BUGFIX
    Sanity-check the server's proof text, in case it's cheating. Check to make
    sure that the only plausible proof is the one that we made, and that others
    aren't coming along for the ride. This check comes via keybase-proofs
    @v0.0.20.

Changelog [1]:	https://github.com/keybase/node-client/compare/v0.2.0...v0.2.18#diff-2
Submitted by:	thierry [2]

END