Snyk has created this PR to upgrade tweetnacl-util from 0.15.0 to 0.15.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 2 months ago, on 2020-01-29.
Added validation of base64-encoded input: decodeBase64 will throw if the string contains invalid characters. If you want to ignore whitespace, you should remove it before passing to decoder. (Previously only browser version would throw in this case. Turns out Node.js Buffer doesn't validate encoding at all, for "performance" reasons — that is, it returns some kind of output even for invalid input — for example Buffer.from("бред", "base64") results in <Buffer d7 9e> — which is ridiculous.)
Buffer.from is now used on modern Node.js versions (versions that don't have from will continue using the deprecated constructor.)
This is the last version to be published on Bower: for simplicity, newer versions will only be published on NPM.
Snyk has created this PR to upgrade tweetnacl-util from 0.15.0 to 0.15.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: tweetnacl-util
-
0.15.1 - 2020-01-29
-
0.15.0 - 2017-03-19
- Added validation of base64-encoded input:
from tweetnacl-util GitHub release notes0.15.1
decodeBase64will throw if the string contains invalid characters. If you want to ignore whitespace, you should remove it before passing to decoder. (Previously only browser version would throw in this case. Turns out Node.jsBufferdoesn't validate encoding at all, for "performance" reasons — that is, it returns some kind of output even for invalid input — for exampleBuffer.from("бред", "base64")results in<Buffer d7 9e>— which is ridiculous.)Buffer.fromis now used on modern Node.js versions (versions that don't havefromwill continue using the deprecated constructor.)This is the last version to be published on Bower: for simplicity, newer versions will only be published on NPM.
Commit messages
Package name: tweetnacl-util
- 3f4e483 0.15.1
- 2765406 Rebuild
- 1a1cb93 Update dev deps
- fd997b1 Remove bower.json
- b0471ef Merge pull request #13 from jamilservicos/patch-1
- 7661fc5 Update nacl-util.js
- 7be17e4 README: add link to StableLib repo
- 05224d8 Add notice to README
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs