search

queicherius / asymmetric-crypto

Encryption and signing using public-key cryptography (via tweetnacl)
MIT License
16 stars 1 forks source link

Update tweetnacl to the latest version πŸš€ #5

Closed greenkeeper[bot] closed 7 years ago

greenkeeper[bot] commented 7 years ago

Version 1.0.0 of tweetnacl just got published.

Dependency tweetnacl
Current Version 0.14.5
Type dependency

The version 1.0.0 is not covered by your current version range.

Without accepting this pull request your project will work just like it did before. There might be a bunch of new features, fixes and perf improvements that the maintainers worked on for you though.

I recommend you look into these changes and try to get onto the latest version of tweetnacl. Given that you have a decent test suite, a passing build is a strong indicator that you can take advantage of these changes by merging the proposed change into your project. Otherwise this branch is a great starting point for you to work on the update.

Release Notes v1.0.0

πŸ— πŸŽ‰ πŸ”

Changes since v1.0.0-rc.1

No code changes

Changes since v0.14.5:

  • IMPORTANT! In previous versions, nacl.secretbox.open, nacl.box.open, and nacl.box.after returned false when opening failed (for example, when using incorrect key, nonce, or when input was maliciously or accidentally modified after encryption). This version instead returns null.

    The usual way to check for this condition:

    if (!result) { ... }

    is correct and will continue to work.

    However, direct comparison with false:

    if (result == false) { ... }

    it will no longer work and will not detect failure. Please check your code for this condition.

    (nacl.sign.open always returned null, so it is not affected.)

  • Arguments type check now uses instanceof Uint8Array instead of Object.prototype.toString.

  • Removed deprecation checks for nacl.util (moved to a
    separate package in v0.14.0).

  • Removed deprecation checks for the old signature API (changed in v0.10.0).

  • Improved benchmarking.

Commits

The new version differs by 21 commits.

  • 988c419 v1.0.0
  • 3c2c6a7 Sort AUTHORS by number of commits
  • b883191 Remove bower
  • 76c5679 Add Peerio to notable users and sort
  • 342d66d Benchmark: add forgotten continue
  • 09b3d2f Improve benchmarking
  • 88b8ea4 v1.0.0-rc.1
  • fa1a877 README: rename curve25519 to x25519
  • 3f145df README: add Yarn instructions
  • 8e3e89b Add yarn.lock to .npmignore
  • 8626b70 Make secretbox.open, box.open, box.after return null instead of false for failure
  • f0346ed Remove deprecation checks
  • c74f296 benchmark: use best times instead of average; use more precise time when available
  • 3908735 Use instanceof Uint8Array instead of toString to check for correct type
  • b392b02 README: publish information about audit

There are 21 commits in total.

See the full diff

Not sure how things should work exactly? There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html) and of course you may always [ask my humans](https://github.com/greenkeeperio/greenkeeper/issues/new).

Your Greenkeeper Bot :palm_tree:

codecov-io commented 7 years ago

Codecov Report

Merging #5 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##           master     #5   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           1      1           
  Lines          28     28           
=====================================
  Hits           28     28

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 1d0d923...7f652bb. Read the comment docs.