Release 4.0.1

[skip ci]

## [4.0.1](v4.0.0...v4.0.1) (2025-02-02)

### Bug Fixes

* ignore duplicate identifier ([#104](#104)) ([2d1a44b](2d1a44b))

Release 3.8.0

[skip ci]

## [3.8.0](v3.7.0...v3.8.0) (2025-01-22)

### Features

* support custom pathToRegexpModule ([#102](#102)) ([8e12a8e](8e12a8e))

Release 4.0.0

[skip ci]

## [4.0.0](v3.7.0...v4.0.0) (2025-01-17)

### ⚠ BREAKING CHANGES

* drop Node.js < 18.19.0 support

part of eggjs/egg#3644

eggjs/egg#5257

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

Based on the comprehensive changes, here are the updated release notes:

- **New Features**
	- Migrated security plugin to TypeScript.
	- Enhanced type safety for security configurations.
	- Improved middleware and helper utilities.
- Introduced new middleware for handling `Strict-Transport-Security`,
`X-Frame-Options`, and `X-XSS-Protection` headers.
	- Added support for new security configurations and helper functions.

- **Breaking Changes**
	- Renamed package from `egg-security` to `@eggjs/security`.
	- Dropped support for Node.js versions below 18.19.0.
	- Restructured module exports and configurations.
	- Removed several deprecated middleware and utility functions.

- **Security Improvements**
	- Updated CSRF, XSS, and SSRF protection mechanisms.
	- Enhanced middleware for handling security headers.
	- Refined configuration options for various security features.

- **Performance**
	- Modernized codebase with ES module syntax.
	- Improved type definitions and module structure.
- Enhanced test suite with TypeScript support and better resource
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

### Features

* support cjs and esm both by tshy ([#101](#101)) ([a11661f](a11661f))

Release 3.7.0

[skip ci]

## [3.7.0](v3.6.0...v3.7.0) (2025-01-13)

### Features

* csrf support check origin header with referer type ([#69](#69)) ([2c950d3](2c950d3))

Release 3.6.0

[skip ci]

## [3.6.0](v3.5.0...v3.6.0) (2024-07-08)

### Features

* add hostnameExceptionList for ssrf ([#100](#100)) ([92a34f3](92a34f3))

Release 3.5.0

[skip ci]

## [3.5.0](v3.4.0...v3.5.0) (2024-07-03)

### Features

* add rotateWhenInvalid option for CSRF token ([#98](#98)) ([ae37c8f](ae37c8f))

Release 3.4.0

[skip ci]

## [3.4.0](v3.3.1...v3.4.0) (2024-07-01)

### Features

* support SSRF check on useHttpClientNext = true ([#96](#96)) ([1d6bfff](1d6bfff))

Release 3.3.1

[skip ci]

## [3.3.1](v3.3.0...v3.3.1) (2024-06-12)

### Bug Fixes

* use @eggjs/ip instead of ip ([#95](#95)) ([5e3ee95](5e3ee95))

Release 3.3.0

[skip ci]

## [3.3.0](v3.2.0...v3.3.0) (2024-05-29)

### Features

* use ip@v2 ([#93](#93)) ([ffb761d](ffb761d))

Release 3.2.0

[skip ci]

## [3.2.0](v3.1.0...v3.2.0) (2024-01-04)

### Features

* CSRF cookies allow the use of signatures ([#88](#88)) ([da1b532](da1b532))