| Age | Commit message (Collapse) | Author |
|---|
|
- Fixed signature verification by correcting message hash calculation
- Removed extra length byte before DigiBytes message prefix
- Enhanced public key recovery with all 4 recovery IDs
- Resolved all security vulnerabilities (removed elliptic dependency)
- All tests passing
|
|
|
|
- Fixed hashMessage function to not add extra length byte before message prefix
- The prefix '\x19DigiByte Signed Message:\n' already contains the length indicator
- Enhanced public key recovery to try all 4 recovery IDs for better compatibility
- Verified with both beta.0 and beta.1 test data
- All tests passing
|
|
|
|
BREAKING CHANGE: Replace bitcoinjs-message with @noble/curves for signature verification
- Remove elliptic vulnerability (all versions <= 6.6.1 affected)
- Implement Bitcoin message signing using @noble/curves and @noble/hashes
- Support for Legacy (D/S) and Bech32 (dgb1) addresses
- Update all dev dependencies to latest stable versions
- Remove unnecessary overrides for elliptic and lodash
This is a major version update due to dependency changes, though the public API remains unchanged.
|
|
|
|
- Add glob ^10.5.0 override to fix command injection vulnerability (CVE-2024-XXXXX)
- Add brace-expansion ^2.0.2 override to fix ReDoS vulnerability
- Upgrade vite to 6.4.1 and other dependencies via npm audit fix
- All tests passing, build successful, 0 vulnerabilities remaining
|
|
- Replaced faulty 'digibyte-message' dependency with 'bitcoinjs-message'.
- This resolves a critical bug where signatures from DigiByte Bech32 addresses (dgb1...) could not be verified due to issues in the old dependency chain.
- digiid-ts now correctly handles Legacy (D...), SegWit (S...), and Bech32 (dgb1...) address signature verification.
- Updated build configurations and addressed related linting issues revealed during testing.
|
|
- Add npm overrides for elliptic (^6.6.1) and lodash (^4.17.21) in package.json.
- This resolves multiple security vulnerabilities reported by GitHub Dependabot in these transitive dependencies, inherited via digibyte-message.
- Updates package-lock.json to reflect the overridden versions.
|
|
- Add `vite-plugin-dts` dev dependency.
- Create `vite.config.ts` specifically for library build mode:
- Configure ESM and UMD outputs (`dist/digiid-ts.es.js`, `dist/digiid-ts.umd.js`).
- Set up `vite-plugin-dts` for generating `dist/index.d.ts`.
- Externalize Node.js built-ins and 'digibyte-message' dependency.
- Update `package.json`:
- Change `scripts.build` to `vite build`.
- Point `main`, `module`, and `types` fields to the correct files in `dist/`.
- Run and verify the build process successfully generates the expected distribution files.
|
|
Initialize the DigiID-TS project with basic tooling and configuration.
- Create package.json with project metadata and scripts.
- Configure TypeScript (tsconfig.json) for strict compilation.
- Set up ESLint and Prettier for code linting and formatting.
- Configure Vitest for unit testing and coverage.
- Add a standard Node.js .gitignore file.
- Install development dependencies (TypeScript, Vite, Vitest, ESLint, Prettier).
- Install core runtime dependency 'digibyte-message' from the original library's Git source.
|
