Updating migration guide for 4.0.0

mikenicholson · Mar 13, 2018 · f381cea · f381cea
1 parent 5497660
commit f381cea
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/docs/migrating.md b/docs/migrating.md
@@ -3,6 +3,21 @@
 The following instructions should help in migrating to a new major version of
 passport-jwt.
 
+## Migrating from 3.x.x to 4.x.x
+
+Version 4.0.0 was released to update [jsonwebtoken's](https://github.com/auth0/node-jsonwebtoken)
+major version from v7 to v8 in order to fix a security issue (see
+[#147](https://github.com/themikenicholson/passport-jwt/issues/147)).
+
+Users of `passport-jwt` are exposed to the API of `jsonwebtoken` through the `jsonWebTokenOptions`
+constructor option.  Therefore, a major version rev of `jsonwebtoken` triggered a major version rev
+of `passport-jwt`.
+
+See the
+[jsonwebtoken v7-v8 Migration Notes](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)
+for the full details. The change in units for the `maxAge` attribute of `jsonWebTokenOptions` is
+likely to impact the greatest number of `passport-jwt` users.
+
 ## Migrating from 2.x.x to 3.x.x
 
 Version 3.0.0 removes the `ExtractJwt.fromAuthHeader()` extractor function that would extract