Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade ethereumjs-util from 5.2.0 to 6.2.0 #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade ethereumjs-util from 5.2.0 to 6.2.0 #12

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade ethereumjs-util from 5.2.0 to 6.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 18 days ago, on 2019-11-07.
Release notes
  • Package name: ethereumjs-util
    • 6.2.0 - 2019-11-07

      This release comes with a new file structure, related functionality is now broken down into separate files (like account.js) allowing for more oversight and modular integration. All functionality is additionally exposed through an aggregating index.js file, so this version remains backwards-compatible.

      Overview on the new structure:

      • account: Private/public key and address-related functionality (creation, validation, conversion)
      • byte: Byte-related helper and conversion functions
      • constants: Exposed constants (e.g. KECCAK256_NULL_S for the string representation of the Keccak-256 hash of null)
      • hash: Hash functions
      • object: Helper function for creating a binary object (DEPRECATED)
      • signature: Signing, signature validation, conversion, recovery

      See associated PRs #182 and #179.

      Features

      • account: Added EIP-1191 address checksum algorithm support for toChecksumAddress(),
        PR #204

      Bug Fixes

      • bytes: toBuffer() conversion function now throws if strings aren't 0x-prefixed hex values making the behavior of toBuffer() more predictable respectively less error-prone (you might generally want to check cases in your code where you eventually allowed non-0x-prefixed input before), PR #197

      Dependencies / Environment

      • Dropped Node 6, added Node 11 and 12 to officially supported Node versions,
        PR #207
      • Dropped safe-buffer dependency,
        PR #182
      • Updated rlp dependency from v2.0.0 to v2.2.3 (TypeScript improvements
        for RLP hash functionality),
        PR #187
      • Made @types/bn.js a dependency instead of a devDependency,
        PR #205
      • Updated keccak256 dependency from v1.4.0 to v2.0.0, PR #168
    • 6.1.0 - 2019-02-12

      First TypeScript based release of the library, now also including a
      type declaration file distributed along with the package published,
      see PR #170.

      Bug Fixes

      • Fixed a bug in isValidSignature() not correctly returning false
        if passed an s-value greater than secp256k1n/2 on homestead or later.
        If you use the method signature with more than three arguments (so not just
        passing in v, r, s and use it like isValidSignature(v, r, s) and omit
        the optional args) please read the thread from
        PR #171 carefully
        and check your code.

      Development

      • Updated @types/node to Node 11 types,
        PR #175
      • Changed browser from Chrome to ChromeHeadless,
        PR #156
    • 6.0.0 - 2018-10-10
      • Support for EIP-155 replay protection by adding an optional chainId parameter
        to ecsign(), ecrecover(), toRpcSig() and isValidSignature(), if present the
        new signature format relying on the chainId is used, see PR #143
      • New generateAddress2() for CREATE2 opcode (EIP-1014) address creation
        (Constantinople HF), see PR #146
      • [BREAKING] Fixed signature to comply with Geth and Parity in toRpcSig() changing
        v from 0/1 to 27/28, this changes the resulting signature buffer, see PR #139
      • [BREAKING] Remove deprecated sha3-named constants and methods (see v5.2.0 release),
        see PR #154
    • 5.2.0 - 2018-04-27
      • Rename all sha3 hash related constants and functions to keccak, see
        this EIP discussion for context
        (tl;dr: Ethereum uses a slightly different hash algorithm then in the official
        SHA-3 standard)
      • Renamed constants:
        • SHA3_NULL_S -> KECCAK256_NULL_S
        • SHA3_NULL -> KECCAK256_NULL
        • SHA3_RLP_ARRAY_S -> KECCAK256_RLP_ARRAY_S
        • SHA3_RLP_ARRAY -> KECCAK256_RLP_ARRAY
        • SHA3_RLP_S -> KECCAK256_RLP_S
        • SHA3_RLP -> KECCAK256_RLP
      • Renamed functions:
        • sha3() -> keccak() (number of bits determined in arguments)
      • New keccak256() alias function for keccak(a, 256)
      • The usage of the sha-named versions is now DEPRECATED and the related
        constants and functions will be removed on the next major release v6.0.0
    • from ethereumjs-util GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot