Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @noble/hashes from 1.0.0 to 1.4.0 #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @noble/hashes from 1.0.0 to 1.4.0 #6

wants to merge 1 commit into from

Conversation

OKEAMAH
Copy link
Member

@OKEAMAH OKEAMAH commented Aug 18, 2024

snyk-top-banner

Snyk has created this PR to upgrade @noble/hashes from 1.0.0 to 1.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 12 versions ahead of your current version.

  • The recommended version was released on 5 months ago.

Release notes
Package name: @noble/hashes
  • 1.4.0 - 2024-03-14
    • Add support for big endian platforms by @ jonathan-albrecht-ibm in #81
    • Use XOF constructor wrapper for cShake by @ stknob in #82
    • Rename _sha2 to _md
    • utils, _assert: reduce code duplication
    • tsconfig: change module to Node16

    Full Changelog: 1.3.3...1.4.0

  • 1.3.3 - 2023-12-11
    • Add module sha2, an alias to already-existing sha256 and sha512
    • sha3-addons: Implement TurboSHAKE (https://eprint.iacr.org/2023/342)
    • utils improvements
      • hexToBytes: speed-up 6x, improve error formatting
      • isBytes: improve reliability in bad environments such as jsdom
      • concatBytes: improve safety by early-checking the type
    • Bump typescript version used to build the package to 5.3.2

    Full Changelog: 1.3.2...1.3.3

  • 1.3.2 - 2023-08-23
    • Tree shaking improvements:
      • annotate top-level incovations as pure
      • use const enums
      • decrease wildcard imports of _assert and _u64
      • declare package side-effects free
    • argon2: fix checks for parallelism and iterations parameters
    • utils: fix isPlainObject in serverless environments, used in scrypt and pbkdf2
    • typescript: Disable moduleResolution config setting, since it is viral

    New Contributors

    Full Changelog: 1.3.1...1.3.2

  • 1.3.1 - 2023-06-03

    What's Changed

    • Fix utf8ToBytes in firefox extension context (https://bugzil.la/1681809)
    • Ensure blake3 inputs are immutable by @ libitx in #51
    • sha3-addons: add PURE annotations to reduce bundle size
    • utils: harmonize with noble-curves
    • Type fixes
      • sha3, blake3: Fix XOF type issue, closes #55
      • hmac: export HMAC type, fix #52
      • cryptoNode: remove dependency on @ types/node

    New Contributors

    Full Changelog: 1.3.0...1.3.1

  • 1.3.0 - 2023-03-16

    Changed logic for importing native cryptography. Built-in crypto (webcrypto) is now used through all platforms, including node.js.

    Full Changelog: 1.2.0...1.3.0

  • 1.2.0 - 2023-02-02

    Full Changelog: 1.1.5...1.2.0

  • 1.1.5 - 2022-12-15

    Add two additional SHA2 functions: SHA224 and SHA512-224

    Full Changelog: 1.1.4...1.1.5

  • 1.1.4 - 2022-12-04

    Bugfix for SHA2

    Full Changelog: 1.1.3...1.1.4

  • 1.1.3 - 2022-09-30

    What's Changed

    • HMAC: improved type check in worker contexts
    • Add TS types field to exports map by @ jacogr in #36

    New Contributors

    Full Changelog: 1.1.2...1.1.3

  • 1.1.2 - 2022-06-18

    Add support for SHA1

  • 1.1.1 - 2022-06-11
  • 1.1.0 - 2022-06-11
  • 1.0.0 - 2022-01-17
from @noble/hashes GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @noble/hashes from 1.0.0 to 1.4.0
a3cce91 
Snyk has created this PR to upgrade @noble/hashes from 1.0.0 to 1.4.0.

See this package in npm:
@noble/hashes

See this project in Snyk:
https://app.snyk.io/org/okeamah/project/1c8f597b-d4cf-4383-b44f-fd54d30b6680?utm_source=github&utm_medium=referral&page=upgrade-pr
sourcery-ai[bot]
sourcery-ai bot reviewed Aug 18, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@noble/[email protected] None 0 773 kB paulmillr
npm/@types/[email protected] None 0 13.9 kB types
npm/@types/[email protected] None 0 4.44 kB types
npm/@types/[email protected] None 0 3.06 kB types
npm/@types/[email protected] None 0 60.4 kB types
npm/@types/[email protected] None 0 446 kB types
npm/@types/[email protected] None 0 2.8 kB types
npm/[email protected] None 0 430 kB evanvosberg
npm/[email protected] None 0 886 kB kjur

🚮 Removed packages: npm/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai Sourcery AI Sourcery AI left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Can't use shake256 as Keccak without casting Can't seem to use hmac.create() as return type
2 participants
@OKEAMAH @snyk-bot