walletconnect-utils icon indicating copy to clipboard operation
walletconnect-utils copied to clipboard
verified publisher icon WalletConnect

fix(deps): update dependency @noble/ed25519 to v2

Open renovate[bot] opened this issue 2 years ago • 0 comments

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@noble/ed25519 (source) ^1.7.1 -> ^2.0.0 age adoption passing confidence
@noble/ed25519 (source) 1.7.3 -> 2.2.3 age adoption passing confidence

Release Notes

paulmillr/noble-ed25519 (@​noble/ed25519)

v2.2.3

Compare Source

  • Revert requirement for crypto.subtle, introduced in 2.2.0. This ensures synchronous environments work correctly without it. Closes #​108.

Note: JSR was published from different commit a2d9484, which failed to publish on NPM.

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/2.2.2...2.2.3

v2.2.2

Compare Source

  • Improve documentation for public methods. This ensures efficient auto-generated docs on JSR.

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/2.2.1...2.2.2

v2.2.1

Compare Source

Same as 2.2.0, but now publishing to JSR without slow-types option.

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/2.2.0...2.2.1

v2.2.0

Compare Source

What's Changed
  • Improve hex and bytes conversion
  • Improve types: use isolatedDeclarations option
New Contributors

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/2.1.0...2.2.0

v2.1.0

Compare Source

This release comes one year after v2.0.0, following rare update schedule for easy auditability.

  • verify: accept { zip215: false } option that forces FIPS verification behavior
  • verify: throw less direct errors, return false instead
  • Point.fromHex: accept second optional argument zip215: boolean
  • Point#toAffine: convert ZERO points properly
  • au8: improve Uint8Array check to work in extension context
  • signAsync: Prohibit passing objects, which were incorrectly mangled to Uint8Array
    • This could have produced incorrect signatures for object-based messages
New Contributors

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/2.0.0...2.1.0

v2.0.0

Compare Source

v2 features improved security and smaller attack surface. The goal of v2 is to provide minimum possible JS library which is safe and fast.

That means the library was reduced 4x, to just over 300 lines. Library size is now less than 4KB. In order to achieve the goal, some features were moved to noble-curves, which is even safer and faster drop-in replacement library with same API. Switch to curves if you intend to keep using these features:

  • x25519 / curve25519 / getSharedSecret
  • ristretto255 / RistrettoPoint
  • Using utils.precompute() for non-base point
  • Support for environments which don't support bigint literals
  • Common.js support
  • Support for node.js 18 and older without shim

Other changes for upgrading from @​noble/ed25519 1.7 to 2.0:

  • Methods are now sync by default; use getPublicKeyAsync, signAsync, verifyAsync for async versions
  • bigint is no longer allowed in getPublicKey, sign, verify. Reason: ed25519 is LE, can lead to bugs
  • Point (2d xy) has been changed to ExtendedPoint (xyzt)
  • Signature was removed: just use raw bytes or hex now
  • utils were split into utils (same api as in noble-curves) and etc (sha512Sync and others)

Pull request: https://github.com/paulmillr/noble-ed25519/pull/76

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/1.7.3...2.0.0

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Mar 28 '23 00:03 renovate[bot]