[Snyk] Upgrade @noble/hashes from 1.0.0 to 1.4.0

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @noble/hashes from 1.0.0 to 1.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.

• The recommended version was released 2 months ago, on 2024-03-14.

Release notes

Package name: @noble/hashes

• 1.4.0 - 2024-03-14
  
  • Add support for big endian platforms by @ jonathan-albrecht-ibm in #81
  • Use XOF constructor wrapper for cShake by @ stknob in #82
  • Rename _sha2 to _md
  • utils, _assert: reduce code duplication
  • tsconfig: change module to Node16

  Full Changelog: 1.3.3...1.4.0

• 1.3.3 - 2023-12-11
  
  • Add module sha2, an alias to already-existing sha256 and sha512
  • sha3-addons: Implement TurboSHAKE (https://eprint.iacr.org/2023/342)
  • utils improvements
    • hexToBytes: speed-up 6x, improve error formatting
    • isBytes: improve reliability in bad environments such as jsdom
    • concatBytes: improve safety by early-checking the type
  • Bump typescript version used to build the package to 5.3.2

  Full Changelog: 1.3.2...1.3.3

• 1.3.2 - 2023-08-23
  
  • Tree shaking improvements:
    • annotate top-level incovations as pure
    • use const enums
    • decrease wildcard imports of _assert and _u64
    • declare package side-effects free
  • argon2: fix checks for parallelism and iterations parameters
  • utils: fix isPlainObject in serverless environments, used in scrypt and pbkdf2
  • typescript: Disable moduleResolution config setting, since it is viral

  New Contributors

  • @ jeetiss made their first contribution in #65
  • @ Systemcluster made their first contribution in #69

  Full Changelog: 1.3.1...1.3.2

• 1.3.1 - 2023-06-03
  

  What's Changed

  • Fix utf8ToBytes in firefox extension context (https://bugzil.la/1681809)
  • Ensure blake3 inputs are immutable by @ libitx in #51
  • sha3-addons: add PURE annotations to reduce bundle size
  • utils: harmonize with noble-curves
  • Type fixes
    • sha3, blake3: Fix XOF type issue, closes #55
    • hmac: export HMAC type, fix #52
    • cryptoNode: remove dependency on @ types/node

  New Contributors

  • @ pkieltyka made their first contribution in #47
  • @ libitx made their first contribution in #51
  • @ janek26 made their contribution

  Full Changelog: 1.3.0...1.3.1

• 1.3.0 - 2023-03-16
  

  Changed logic for importing native cryptography. Built-in crypto (webcrypto) is now used through all platforms, including node.js.

  Full Changelog: 1.2.0...1.3.0

• 1.2.0 - 2023-02-02
  
  • Add experimental Argon2 implementation from RFC9106.
  • Source maps are now included in the package
  • Fixes import "_assert" issue

  Full Changelog: 1.1.5...1.2.0

• 1.1.5 - 2022-12-15
  

  Add two additional SHA2 functions: SHA224 and SHA512-224

  Full Changelog: 1.1.4...1.1.5

• 1.1.4 - 2022-12-04
  

  Bugfix for SHA2

  Full Changelog: 1.1.3...1.1.4

• 1.1.3 - 2022-09-30
  

  What's Changed

  • HMAC: improved type check in worker contexts
  • Add TS types field to exports map by @ jacogr in #36

  New Contributors

  • @ neil-yoga-crypto made their first contribution in #35

  Full Changelog: 1.1.2...1.1.3

• 1.1.2 - 2022-06-18
  

  Add support for SHA1

• 1.1.1 - 2022-06-11
• 1.1.0 - 2022-06-11
• 1.0.0 - 2022-01-17

from @noble/hashes GitHub release notes

Commit messages

Package name: @noble/hashes

• 531daab Release 1.4.0.
• 396da92 utils: fix big performance issue due to re-export
• 89dcae6 assert: adjust var name
• 6ae82e7 readme: new noble library
• f4e131b Update build deps
• 8c44ba5 ci: add upload-release action
• a441a61 Merge pull request Auth issue okx/js-wallet-sdk#82 from stknob/pr/fix-cshake-xof
• ba9d2df readme
• 0d26f5a utils, _assert: reduce code duplication with abytes function
• 342fe48 Use XOF constructor wrapper for cShake
• cf7e01c Update github workflows
• 4c73254 tsconfig: change module to Node16, copy noble-ciphers change
• fa8a7c4 Merge pull request Add Rune test assert okx/js-wallet-sdk#81 from linux-on-ibm-z/big-endian-port
• 4beb199 Use byteSwapIfBE when copying to out32 in digestInto
• c03a557 Fix code formatting with prettier
• 550c2fc Add some basic tests for the byteSwap* functions
• 584975f Add byte swapping where needed so that all hash functions run
• 31a962b Remove the big-endian check
• f209f44 readme: Add link to gh discussions
• c446127 README, gitignore, build adjustments
• f3a5496 Argon, ripemd: rename tmp buffer vars
• 651d09a Rename _sha2 to _md, move rotl to utils, refactor
• af631de Blake: rename base file, rename some variables
• 8a82493 Refactor tsconfig: use inheritance

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@noble/hashes@1.4.0	None	0	773 kB	paulmillr
npm/@types/bn.js@4.11.6	None	0	13.9 kB	types
npm/@types/create-hash@1.2.2	None	0	4.44 kB	types
npm/@types/create-hmac@1.1.0	None	0	3.06 kB	types
npm/@types/crypto-js@4.2.2	None	0	60.4 kB	types
npm/@types/jsrsasign@10.5.14	None	0	446 kB	types
npm/@types/randombytes@2.0.0	None	0	2.8 kB	types

View full report↗︎