blob: ed0c4951e82118e6cfd350e803ab0e4f1254ad4a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.0.3] - 2026-04-18
### Security
- Upgraded `vite` dev dependency to `^6.4.2` to address two CVEs:
- Arbitrary file read via Vite dev server WebSocket (`fetchModule` bypass of `server.fs` checks).
- Path traversal in optimized deps `.map` handling.
- Added/updated `overrides` for transitive dependencies to address additional CVEs:
- `lodash` pinned to `^4.18.0`: code injection via `_.template` imports key names and prototype pollution via array path bypass in `_.unset`/`_.omit`.
- `brace-expansion` pinned to `^2.0.3`: zero-step sequence causes process hang and memory exhaustion.
- `flatted` pinned to `^3.4.2`: unbounded recursion DoS and prototype pollution in `parse()`.
- `picomatch` pinned to `^4.0.4`: method injection via POSIX character classes and ReDoS via extglob quantifiers.
## [1.1.0] - YYYY-MM-DD
### Fixed
- Corrected signature verification for DigiByte Bech32 addresses (starting with `dgb1...`). Signatures from these addresses were previously unverifiable due to issues in the underlying `digibyte-message` dependency.
### Changed
- Replaced internal `digibyte-message` dependency with `bitcoinjs-message` to enable correct verification across all address types (Legacy, SegWit P2SH, Bech32).
## [1.0.1] - 2024-07-25
### Fixed
- Correct type exports for CJS/UMD builds.
## [1.0.0] - 2024-07-25
### Added
- Initial release of `digiid-ts`.
- Core functionality for generating Digi-ID URIs (`generateDigiIDUri`).
- Core functionality for verifying Digi-ID callbacks (`verifyDigiIDCallback`).
- Comprehensive TypeScript types.
- Unit tests.
- Usage examples.
[Unreleased]: https://github.com/pawelzelawski/digiid-ts/compare/v1.0.1...HEAD
[1.0.1]: https://github.com/pawelzelawski/digiid-ts/compare/v1.0.0...v1.0.1
[1.0.0]: https://github.com/pawelzelawski/digiid-ts/releases/tag/v1.0.0
|
