walletconnect-utils
walletconnect-utils copied to clipboard
WalletConnect
fix(deps): update dependency @noble/curves to v1.9.7
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| @noble/curves (source) | 1.8.1 -> 1.9.7 |
Release Notes
paulmillr/noble-curves (@noble/curves)
v1.9.7
- edwards: rename newly introduced / experimental
toMontgomeryPriv=>toMontgomerySecret - weierstrass: Add back SignatureConstructor
- More deprecations and preparations for v2
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.6...1.9.7
v1.9.6
- edwards: expose nBitLength, nByteLength
- Experimental CurveLengths interface: rename secret, public to secretKey, publicKey
- Point precomputes: initialize calculation earlier, within
weierstrass()method (still lazy, waits for first call) - bls: new internal
towerfrom v2 - ed448: Ensure there are two different Fn fields with different BITS length for ed448 /
decaf44
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.5...1.9.6
v1.9.5
- Fix rollup warnings from gh-205
- add back aliases for secp256r1 / secp384r1 / secp521r1 from gh-203
- bring back CURVE.nByteLength from gh-202
- More preparations and deprecations for future v2 release
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.4...1.9.5
v1.9.4
- Fix gh-201: invalid renaming of ProjConstructor
- Add more deprecations for the upcoming v2
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.3...1.9.4
v1.9.3
The release contains bugfixes and a few improvements which pave the way for upcoming v2.0.
There are lots of renamings and API adjustments; but all old code would work as-is. The code would visually flagged as "deprecated" (using jsdoc flag) in typescript-supported code environments, which makes it easy to upgrade to new versions.
- Rename
*privateKeyto*secretKeyeverywhere for consistency with post-quantum and non-noble libraries - Add
keygenmethod to curves which creates both secret and public keys - weierstrass: make endomorphism generic and work for all Koblitz curves
- weierstrass: add fromBytes and toBytes to Signature, deprecate fromDER, fromCompact, toDERRawBytes, toCompactRawBytes
- edwards: move edwardsToMontgomery into utils.toMontgomery
- decaf, ristretto: new interface which makes it more similar to other Points
- ed448: add ED448_TORSION_GROUP
- curve: add curve.info interface to all curves for better interop.
- curve: change public wNAF API
- modular: add sqrt9mod16
- hash-to-curve: move all hashers into _hasher props. E.g.
secp256k1_hasher - test: Add ACVP test vectors
Sensitive code changes
- wNAF: mostly renamings
- Field bound validation: for scalars (Fn) and curve fields (Fp)
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.2...1.9.3
v1.9.2
The release contains bugfixes and a few improvements which pave the way for upcoming v2.0.
- edwards, weierstrass: big refactor, implement much simpler ECDSA / EdDSA API. #192
- Old code is still working until v2
- New API is experimental until next patch release
- toRawBytes => toBytes
- ExtendedPoint, ProjectivePoint => Point
- Point now has
FpandFnstatic properties which are its fields
- weierstrass: add support for ECDSA with cofactor>1 curves
- weierstrass: add support for points having x:0
- bls: big refactor, improve types, add new
bls.longSignaturesandbls.shortSignaturesAPIs- Old code is still working until v2
- New API is experimental until next patch release
- utils: reuse noble-hashes utils
- Use randomBytes and hmac from noble-hashes by default
Sensitive code changes
- edwards, weierstrass: refactor logic for range checks
- weierstrass: improve
sign()logic for k generation - weierstrass: harden multiplyUnsafe, stop using multiplyAndAddUnsafe
New contributors
- Add a test that BLS12-381 augmented signatures can be verified by @randombit in #191
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.1...1.9.2
v1.9.1
- abstract/fft - new experimental implementation of FFT (Fast Fourier Transform) / NTT
- abstract/edwards: verify curve parameters (equation) on initialization
- abstract/weierstrass: verify curve parameters (discriminant) on initialization
- abstract/weierstrass: improve getSharedSecret arg validation for rare curves
- abstract/weierstrass: fix invalid sig recovery decoding length for rare curves
- abstract/modular: improve sqrt calculation
- x25519, x448: accept more valid inputs for priv / pub keys
- secp256k1: improve tree-shaking
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.9.0...1.9.1
v1.9.0
The release contains bugfixes and a few improvements which pave the way for upcoming v2.0.
- Modules are now available with
.jsextension- Old:
@noble/curves/ed25519 - New:
@noble/curves/ed25519.js - Old path is still available
- This simplifies working in browsers natively without transpilers
- Old:
- poseidon: add support for sponge, grain LFSR
- p256, p384, p521: merge into new "nist" module
- weierstrass: prohibit y=0 when initializing
- hash-to-curve: use inv0 everywhere to ensure ZERO elements are returned in exceptional cases
- modular: improve sqrt logic (tonelliShanks, legendre)
- modular: fix FpInvertBatch creating arrays with holes instead of arrays with undefined
- pasta: deprecate curves
- update noble-hashes to 1.8.0
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.8.2...1.9.0
v1.8.2
- Important: this release adjusts wNAF scalar multiplication logic
- The adjustment is small (deduplication), but wNAF is sensitive code handling private keys
- Verify the change yourself #184
- edwards: (
ed25519, ed448) always use complete formula in add() - edwards: (
ed25519, ed448) ban points with z=0 (zero points have z=1) ed25519: use slower, but more precise CURVE.a definition- weierstrass: freeze Signature on creation
- weierstrass: Fix curve in Palemoon browser #176
- hash-to-curve: throw better error for 0 in mapToCurve
- tower: fix wrong
Fp12fields type - misc: new module. Contains jubjub and babyjubjub.
- utils: use built-in Uint8Array toHex / fromHex when available. Gives 13x speed-up on 256b arrays, 20x speed-up on 32kb arrays
Other changes
- Update noble-hashes to 1.7.2
- Reduce standalone file build size by 0.5kb
- Standalone build files are now attested in CI. Check out README for verification guide
- Typescript source can now be used without compilation in node.js v24, due to erasableSyntaxOnly
New Contributors
- @tuantran-genetica made their first contribution in #181
- @kigawas made their first contribution in #183
Acknowledgments
Thanks to @ChALkeR for spotting edwards bug.
Full Changelog: https://github.com/paulmillr/noble-curves/compare/1.8.1...1.8.2
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | @noble/curves@1.8.1 ⏵ 1.9.7 |  | | |  | |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}