[Snyk] Upgrade @noble/ed25519 from 1.7.3 to 2.1.0

[OKEAMAH]

Snyk has created this PR to upgrade @noble/ed25519 from 1.7.3 to 2.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 2 versions ahead of your current version.

• The recommended version was released on 5 months ago.

Release notes

Package name: @noble/ed25519

• 2.1.0 - 2024-03-24
  

  This release comes one year after v2.0.0, following rare update schedule for easy auditability.

  • verify: accept { zip215: false } option that forces FIPS verification behavior
  • verify: throw less direct errors, return false instead
  • Point.fromHex: accept second optional argument zip215: boolean
  • Point#toAffine: convert ZERO points properly
  • au8: improve Uint8Array check to work in extension context

  New Contributors

  • @ quentinadam made their first contribution in #82
  • @ mahnunchik made their first contribution in #95
  • @ sangaman made their first contribution in #97
  • @ LeJamon made their first contribution in #99

  Full Changelog: 2.0.0...2.1.0

• 2.0.0 - 2023-03-24
  

  v2 features improved security and smaller attack surface.
  The goal of v2 is to provide minimum possible JS library which is safe and fast.

  That means the library was reduced 4x, to just over 300 lines. Library size is now less than 4KB.
  In order to achieve the goal, some features were moved to noble-curves,
  which is even safer and faster drop-in replacement library with same API.
  Switch to curves if you intend to keep using these features:

  • x25519 / curve25519 / getSharedSecret
  • ristretto255 / RistrettoPoint
  • Using utils.precompute() for non-base point
  • Support for environments which don't support bigint literals
  • Common.js support
  • Support for node.js 18 and older without shim

  Other changes for upgrading from @ noble/ed25519 1.7 to 2.0:

  • Methods are now sync by default; use getPublicKeyAsync, signAsync, verifyAsync for async versions
  • bigint is no longer allowed in getPublicKey, sign, verify. Reason: ed25519 is LE, can lead to bugs
  • Point (2d xy) has been changed to ExtendedPoint (xyzt)
  • Signature was removed: just use raw bytes or hex now
  • utils were split into utils (same api as in noble-curves) and
    etc (sha512Sync and others)

  Pull request: #76

  Full Changelog: 1.7.3...2.0.0

• 1.7.3 - 2023-02-07
  

  Don't use bigint literals for bad engines

from @noble/ed25519 GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/[email protected]	None	0	7.8 kB	types
npm/@types/[email protected]	None	0	3.77 kB	types
npm/[email protected]	None	0	1.64 MB	vitaly

🚮 Removed packages: npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎