Skip to content

iota-stronghold v2.0.0-rc.0
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Jul 13:01
iota-stronghold-v2.0.0-rc.0
87d0ae0
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Updating crates.io index

Cargo Audit

\`
Fetching advisory database from https://github.com/RustSec/advisory-db.git
Loaded 553 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (258 crate dependencies)
Crate: json
Version: 0.12.4
Warning: unmaintained
Title: json is unmaintained
Date: 2022-02-01
ID: RUSTSEC-2022-0081
URL: https://rustsec.org/advisories/RUSTSEC-2022-0081
Dependency tree:
json 0.12.4
└── stronghold_engine 2.0.0-rc.0
├── stronghold_native 0.1.0
└── iota_stronghold 2.0.0-rc.0
├── stronghold_native 0.1.0
└── stronghold-derive 1.0.0
├── stronghold-utils 1.0.0
│ ├── stronghold_engine 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── iota_stronghold 2.0.0-rc.0

Crate: atty
Version: 0.2.14
Warning: unsound
Title: Potential unaligned read
Date: 2021-07-04
ID: RUSTSEC-2021-0145
URL: https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
├── env_logger 0.9.3
│ ├── stronghold_native 0.1.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ │ └── stronghold_engine 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── stronghold-derive 1.0.0
│ │ ├── stronghold-utils 1.0.0
│ │ │ ├── stronghold_engine 2.0.0-rc.0
│ │ │ └── iota_stronghold 2.0.0-rc.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
├── criterion 0.4.0
│ ├── stronghold_engine 2.0.0-rc.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── clap 3.2.25
├── iota_stronghold 2.0.0-rc.0
└── criterion 0.4.0

warning: 2 allowed warnings found
\`

[2.0.0-rc.0]

  • 12ce12fe Secp256k1 ECDSA + SLIP-10 support added.
    Bump iota-crypto version to 0.21.2.
  • 1e72f00f(#474) Upgraded snapshot format to age-encryption.org/v1 with password-based recipient stanza. This resolves the issue with the previous snapshot format encryption being insecure if used with weak passwords. Snapshot encryption doesn't use associated data.
    Added sensitive data zeroization which would otherwise leak in stack and heap memory in plaintext after use.
    KeyProvider unsafe constructors with_passphrase_truncated, with_passphrase_hashed_argon2 were removed, with_passphrase_hashed constructor should be used instead.

Cargo Publish

\`
Updating crates.io index
Packaging iota_stronghold v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/client)
Updating crates.io index
Packaged 44 files, 347.0KiB (75.4KiB compressed)
Uploading iota_stronghold v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/client)
warning: the following are not valid category slugs and were ignored: security. Please see https://crates.io/category_slugs for the list of all category slugs.
Uploaded iota_stronghold v2.0.0-rc.0 to registry crates-io
note: Waiting for iota_stronghold v2.0.0-rc.0 to be available at registry crates-io.
You may press ctrl-c to skip waiting; the crate should be available shortly.
Published iota_stronghold v2.0.0-rc.0 at registry crates-io
\`

Assets 2
Loading