Snyk has created this PR to upgrade tweetnacl from 1.0.1 to 1.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released a month ago, on 2020-02-10.
IMPORTANT BUG FIX. Due to a bug in calculating carry in
modulo reduction that used bit operations on integers larger than
32 bits, nacl.sign or nacl.sign.detached could have created
incorrect signatures.
This only affects signing, not verification.
Thanks to @valerini on GitHub for finding and reporting the bug.
Exported more internal undocumented functions for
third-party projects that rely on low-level interface,
(something users of TweetNaCl shouldn't care about).
Snyk has created this PR to upgrade tweetnacl from 1.0.1 to 1.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: tweetnacl
IMPORTANT BUG FIX. Due to a bug in calculating carry in
modulo reduction that used bit operations on integers larger than
32 bits,
nacl.sign
ornacl.sign.detached
could have createdincorrect signatures.
This only affects signing, not verification.
Thanks to @valerini on GitHub for finding and reporting the bug.
Exported more internal undocumented functions for
third-party projects that rely on low-level interface,
(something users of TweetNaCl shouldn't care about).
Commit messages
Package name: tweetnacl
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs