doc: mention that csurf is deprecated. (#152)

mhdawson · web-flow · commit 0424fd7861c5 · 2023-07-10T09:27:27.000-04:00
* doc: mention that csurf is deprecated.

* Update docs/development/secure-development-process.md
diff --git a/docs/development/secure-development-process.md b/docs/development/secure-development-process.md
@@ -123,7 +123,8 @@ Harden external http endpoints by:
   * Protect against Cross site scripting (XSS). For example by using a package like [xss]
     (https://www.npmjs.com/package/xss).
   * Protect against cross site forgery requests
-    * Use Anti-CSRF tokens through packages like [csurf](https://www.npmjs.com/package/csurf)
+ Use Anti-CSRF tokens. Note that [csurf](https://www.npmjs.com/package/csurf) is deprecated
+      and not recommended for use.
 
 **Avoid leaking info through errors**
 
