Skip to content

Update @noble/ciphers 0.5.1 → 1.3.0 (major) #3376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update @noble/ciphers 0.5.1 → 1.3.0 (major) #3376

wants to merge 1 commit into from

Conversation

depfu[bot]
Copy link
Contributor

@depfu depfu bot commented May 22, 2025

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ @​noble/ciphers (0.5.1 → 1.3.0) · Repo

Release Notes

1.3.0

  • Modules are now available with .js extension
    • Old: @noble/ciphers/chacha
    • New: @noble/ciphers/chacha.js
    • Old path is still available
    • This simplifies working in browsers natively without transpilers
  • utils: use built-in Uint8Array toHex / fromHex when available. Gives 13x speed-up on 256b arrays, 20x speed-up on 32kb arrays
  • utils.randomBytes: ensure same return type Uint8Array in old nodejs
  • Move _assert into utils
  • Rename siv to gcmsiv
  • Standalone build files are now attested in CI. Check out README for verification guide
  • Typescript source can now be used without compilation in node.js v24, due to erasableSyntaxOnly

Full Changelog: 1.2.1...1.3.0

1.2.1

  • Use typescript verbatimModuleSyntax to support future node.js type stripping

Full Changelog: 1.2.0...1.2.1

1.2.0

  • The package is now available on JSR.
  • Use isolatedDeclarations typescript option, which massively simplifies documentation auto-gen, and more
    • Check out JSR page for one example
  • Add tons of comments everywhere to improve autocompletion, LLM code gen, and basic code understanding.
  • Remove some exports from internal _assert

Full Changelog: 1.1.3...1.2.0

1.1.3

  • Harden input / output buffer checks
    • Ensure all ciphers prohibit overlaps
    • Ensure salsapoly supports overlapping input / output
    • Ensure chachapoly also supports it. This brings v1.0.0 behavior

Full Changelog: 1.1.2...1.1.3

1.1.2

  • Prohibit input and output overlaps
    • Reusing same buffer still works when indexes do not overlap with each other

Full Changelog: 1.1.1...1.1.2

1.1.1

  • Fix usage with unaligned output. Closes gh-47
  • Ensure output is zeroized before usage

Full Changelog: 1.1.0...1.1.1

1.1.0

  • Improve input validation logic: move key, nonce & input validation into wrapCipher
    • Explicitly prohibit calling cipher more than once
  • Speed-up byte array checks
  • Decrease bundle size, improve tree-shaking

New Contributors

Full Changelog: 1.0.0...1.1.0

1.0.0

  • Prohibit AES-GCM nonces smaller than 8 bytes
  • Hide unnecessary data exposure in AES errors
  • Improve FF1 type checks
  • Add support for node.js v14

Full Changelog: 0.6.0...1.0.0

0.6.0

  • Implement AESKW, AESKWP from RFC 3394 / RFC 5649
  • Add support for unaligned byte arrays
  • Improve typescript compatibility with different module resolutions

Full Changelog: 0.5.3...0.6.0

0.5.3

  • arx: Remove hard-dependency on TextEncoder
  • arx: Export sigma variable for hsalsa
  • Include default value for AAD argument in webcrypto aes-gcm algorithm

New Contributors

Full Changelog: 0.5.2...0.5.3

0.5.2

  • Add AES-CFB
  • Adjust tsconfig

New Contributors

Full Changelog: 0.5.1...0.5.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu cancel merge
Cancels automatic merging of this PR
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

@depfu depfu bot added the dependencies Pull requests that update a dependency file label May 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants