[MIRROR] Digi-ID TypeScript Integration Demo https://git.zelu.dev/digiid-ts-demo/atom?h=dev 2026-05-23T09:11:53Z 2026-05-23T09:11:53Z Pawel Zelawski pawel@pzelawski.com 2026-05-23T09:11:53Z urn:sha1:04d93d7d235d328ef40c9dae4e1f56dc8a5e893f 2026-05-23T08:50:04Z Pawel Zelawski pawel@pzelawski.com 2026-05-23T08:50:04Z urn:sha1:b4369d9d0f700869fd82f64bdc3af012a1ce5bd9 2026-05-23T08:33:53Z Pawel Zelawski pawel@pzelawski.com 2026-05-23T08:33:53Z urn:sha1:376feecb280c28504788c9677c6cb3cc455f00b6 2026-05-15T17:10:00Z Pawel Zelawski pawel@pzelawski.com 2026-05-15T17:10:00Z urn:sha1:eafdcd8290700fdeaa6b069c4d52e50a9db6ad94 2026-04-18T14:58:37Z Pawel Zelawski pawel@pzelawski.com 2026-04-18T14:58:37Z urn:sha1:3fc37e6338bb6c6054739578088ca638f08fceca - Bump digiid-ts from 2.0.2 to 2.0.3 (security patch release) - Fix 5 vulnerabilities via npm audit fix: - brace-expansion (moderate): ReDoS / process hang - flatted (high): prototype pollution + unbounded recursion DoS - path-to-regexp (high): ReDoS via route parameters - picomatch (high): ReDoS + method injection - vite (high): path traversal + arbitrary file read via dev server 2026-03-01T12:41:23Z Pawel Zelawski pawel.zelawski@outlook.com 2026-03-01T12:41:23Z urn:sha1:00e7e4fbf5a6fc41b88631fd34e98e48eeb9fc6a Security Updates: - digiid-ts: 2.0.1-beta.2 → 2.0.2 (fixes internal dependency vulnerability) - rollup: 4.58.0 → 4.59.0 (fixes arbitrary file write via path traversal - GHSA-mw96-cpmx-2vgc) - qs: 6.14.1 → 6.14.2 (fixes arrayLimit bypass in comma parsing DoS - GHSA-w7fw-mjwx-w883) - express: 4.21.2 → 4.22.1 (updated with qs dependency) - minimatch: multiple updates (fixes ReDoS vulnerabilities) - ajv: updated to 6.14.0+ (fixes ReDoS with $data option) Impact: - Rollup: Prevented arbitrary file write through path traversal sequences - qs: Fixed denial-of-service via comma-separated array limit bypass - digiid-ts: Resolved vulnerability in @noble/curves dependency Result: 0 vulnerabilities (npm audit clean) 2026-01-23T11:25:08Z Pawel Zelawski pawel.zelawski@outlook.com 2026-01-23T11:25:08Z urn:sha1:31bf3e64ce084b5410ce90a36039009bf9258e15 - Fixed hashMessage removing extra length byte encoding before message prefix - Message prefix '\x19DigiByte Signed Message:\n' now used correctly - Enhanced public key recovery to try all 4 recovery IDs - Returns both compressed/uncompressed public keys for better compatibility - Should fix 'Invalid signature' errors with DigiBytes wallet 2026-01-23T11:00:38Z Pawel Zelawski pawel.zelawski@outlook.com 2026-01-23T11:00:38Z urn:sha1:88f6391e87c2fdfb427f23564f5a83e351d04cd5 - Fixed "Invalid signature" error for bech32 addresses (dgb1q...) - Added automatic compression of public keys for bech32 P2WPKH verification - Bech32 now correctly uses hash160(compressed_pubkey) - Should fix authentication with DigiBytes mobile wallet using bech32 addresses 2026-01-23T10:43:33Z Pawel Zelawski pawel.zelawski@outlook.com 2026-01-23T10:43:33Z urn:sha1:30136dafc868e6e06d5e762a50d1c646d9f5bb3e - Install digiid-ts@2.0.1-beta.0 for testing signature verification fix - Fixed point.toRawBytes() -> point.toBytes() API change - Added .addRecoveryBit() for proper ECDSA public key recovery - Testing with real DigiBytes mobile wallet required 2026-01-23T10:08:47Z Pawel Zelawski pawel.zelawski@outlook.com 2026-01-23T10:08:47Z urn:sha1:4cc77ab44157764e003e0db242962384945dc2ad - Upgraded digiid-ts from v1.1.1 to v2.0.0 - Resolved critical vulnerability in elliptic package (CVE for ECDSA signature cryptanalysis) - Library now uses @noble/curves instead of bitcoinjs-message (removed elliptic dependency) - Fixed additional low severity vulnerability in diff package - All npm audit vulnerabilities now resolved (0 vulnerabilities) - API unchanged, all existing code continues to work