[Snyk] Upgrade @noble/ed25519 from 1.7.3 to 2.1.0 #8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @noble/ed25519 from 1.7.3 to 2.1.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released on 5 months ago.
Release notes
Package name: @noble/ed25519
This release comes one year after v2.0.0, following rare update schedule for easy auditability.
false
insteadzip215: boolean
New Contributors
Full Changelog: 2.0.0...2.1.0
v2 features improved security and smaller attack surface.
The goal of v2 is to provide minimum possible JS library which is safe and fast.
That means the library was reduced 4x, to just over 300 lines. Library size is now less than 4KB.
In order to achieve the goal, some features were moved to noble-curves,
which is even safer and faster drop-in replacement library with same API.
Switch to curves if you intend to keep using these features:
utils.precompute()
for non-base pointOther changes for upgrading from @ noble/ed25519 1.7 to 2.0:
getPublicKeyAsync
,signAsync
,verifyAsync
for async versionsbigint
is no longer allowed ingetPublicKey
,sign
,verify
. Reason: ed25519 is LE, can lead to bugsPoint
(2d xy) has been changed toExtendedPoint
(xyzt)Signature
was removed: just use raw bytes or hex nowutils
were split intoutils
(same api as in noble-curves) andetc
(sha512Sync
and others)Pull request: #76
Full Changelog: 1.7.3...2.0.0
Don't use bigint literals for bad engines
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: