-
Notifications
You must be signed in to change notification settings - Fork 274
fix(package): update secp256k1 to 3.8.0 #237
Conversation
This version uses elliptic with fixed circular dependency. Because of that circular dependency it wasn't possible to use ethereumjs-util with rollup build tool Reference: indutny/elliptic#180
@michaelsbradleyjr @alcuadrado With this now trickling in and the updates from #228 still some time (hopefully weeks) away I now have a tendency to merge here and do a first minor release with the updated Just wanted to reach back to you guys to have some feedback, does this make sense? Especially a bit unsure about this "Remove prebuild" part in the v3.4.0 version of the library. |
I don't understand this PR. This is a caret dependency, so you'd get the latest |
Yes, when doing But in a project with a lockfile (e.g. |
But won't they have to do the exact same thing if we release a new version of this library? |
Yes, you're completely correct. My apologies, I forgot to include in my earlier comment something to the effect of...
|
No problem. I just thought I was confused about how npm works 😅 |
oh, you are right. It is totally unnecessary. Btw, what is the reason for ethereumjs-util not to have lock file in git? |
As per my understanding of npm, you have to check in the lockfile so that builds are deterministic. Otherwise, people may work on the same base version of the lib (e.g. 6.2.0) and yet have different dependencies and thus possibly different behavior of the package. |
This article approximately describes our current position with package locks: https://www.twilio.com/blog/lockfiles-nodejs |
secp256k1@3.8.0 uses version of
elliptic
with fixed circular dependency. This circular dependency breaks Rollup builds.Reference: indutny/elliptic#180