Snyk has created this PR to upgrade tweetnacl from 1.0.1 to 1.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released a month ago, on 2020-02-10.
IMPORTANT BUG FIX. Due to a bug in calculating carry in
modulo reduction that used bit operations on integers larger than
32 bits, nacl.sign or nacl.sign.detached could have created
incorrect signatures.
This only affects signing, not verification.
Thanks to @valerini on GitHub for finding and reporting the bug.
Exported more internal undocumented functions for
third-party projects that rely on low-level interface,
(something users of TweetNaCl shouldn't care about).
Snyk has created this PR to upgrade tweetnacl from 1.0.1 to 1.0.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: tweetnacl
-
1.0.3 - 2020-02-10
-
1.0.2 - 2020-01-16
-
1.0.1 - 2019-01-24
- Fixed TypeScript typings (#157)
- Rebuilt using newer version of Uglify-js.
from tweetnacl GitHub release notesIMPORTANT BUG FIX. Due to a bug in calculating carry in
modulo reduction that used bit operations on integers larger than
32 bits,
nacl.signornacl.sign.detachedcould have createdincorrect signatures.
This only affects signing, not verification.
Thanks to @valerini on GitHub for finding and reporting the bug.
Exported more internal undocumented functions for
third-party projects that rely on low-level interface,
(something users of TweetNaCl shouldn't care about).
Commit messages
Package name: tweetnacl
- 5bf1ff5 1.0.3
- a9299eb Update changelog
- af1919c Merge pull request #188 from dchest/modl-fix
- 71df1d6 Fix modL
- 73a94a2 1.0.2
- 1b61c87 Update changelog for 1.0.1 and 1.0.2
- eedab65 Rebuild minified versions
- 4203331 Update dev deps
- d501368 Merge pull request #185 from kevinlewi/expose_lowlevel_functions
- 8252787 Expose more nacl.lowlevel functions
- da75d9e crypto_sign_open: remove useless variable
- 60316da Merge pull request #176 from DanielRuf/fix/remove-useless-assignment
- d6f64d2 Merge branch 'master' of github.com:dchest/tweetnacl-js
- 57fe3c4 Update dev dependencies
- b2c2954 Merge pull request #178 from mvasilkov/patch-1
- db1954d README: Fix dead link
- 41a4afe Remove useless assignment
- 7d86aff README: removed Peerio from notable users
- 65bc6e9 Merge pull request #173 from Alexendoo/patch-1
- 32d8cc7 Add GitHub to notable users
- 3e4e6ac Update dev deps
- 7d88326 Fix linting issues
- 0b07a6e Update dev dependencies
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs