UNPKG

10.8 kBMarkdownView Raw
1# Changelog
2
3All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
5### [8.0.1](https://github.com/npm/ssri/compare/v8.0.0...v8.0.1) (2021-01-27)
6
7
8### Bug Fixes
9
10* simplify regex for strict mode, add tests ([76e2233](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2))
11
12## [8.0.0](https://github.com/npm/ssri/compare/v7.1.0...v8.0.0) (2020-02-18)
13
14
15### ⚠ BREAKING CHANGES
16
17* SRI values with `../` in the algorithm name now throw
18as invalid (which they always probably should have!)
19* adds a new error that will be thrown. Empty SRIs are
20no longer considered valid for checking, only when using integrityStream
21to calculate the SRI value.
22
23PR-URL: https://github.com/npm/ssri/pull/12
24Credit: @claudiahdz
25
26### Features
27
28* remove figgy-pudding ([0e78fd7](https://github.com/npm/ssri/commit/0e78fd7b754e2d098875eb4c57238709d96d7c27))
29
30
31### Bug Fixes
32
33* harden SRI parsing against ../ funny business ([4062735](https://github.com/npm/ssri/commit/4062735d1281941fd32ac4320b9f9965fcec278b))
34* IntegrityStream responds to mutating opts object mid-stream ([4a963e5](https://github.com/npm/ssri/commit/4a963e5982478c6b07f86848cdb72d142c765195))
35* throw null when sri is empty or bad ([a6811cb](https://github.com/npm/ssri/commit/a6811cba71e20ea1fdefa6e50c9ea3c67efc2500)), closes [#12](https://github.com/npm/ssri/issues/12)
36
37## [7.1.0](https://github.com/npm/ssri/compare/v7.0.1...v7.1.0) (2019-10-24)
38
39
40### Bug Fixes
41
42* Do not blow up if the opts object is mutated ([806e8c8](https://github.com/npm/ssri/commit/806e8c8))
43
44
45### Features
46
47* Add Integrity#merge method ([0572c1d](https://github.com/npm/ssri/commit/0572c1d)), closes [#4](https://github.com/npm/ssri/issues/4)
48
49### [7.0.1](https://github.com/npm/ssri/compare/v7.0.0...v7.0.1) (2019-09-30)
50
51## [7.0.0](https://github.com/npm/ssri/compare/v6.0.1...v7.0.0) (2019-09-18)
52
53
54### ⚠ BREAKING CHANGES
55
56* ssri no longer accepts a Promise option, and does not
57use, return, or rely on Bluebird promises.
58* drop support for Node.js v6.
59
60We knew this was coming, and the Stream changes are breaking anyway.
61May as well do this now.
62* **streams:** this replaces the Node.js stream with a Minipass
63stream. See http://npm.im/minipass for documentation.
64
65### Bug Fixes
66
67* return super.write() return value ([55b055d](https://github.com/npm/ssri/commit/55b055d))
68
69
70* Use native promises only ([6d13165](https://github.com/npm/ssri/commit/6d13165))
71* update tap, standard, standard-version, travis ([2e54956](https://github.com/npm/ssri/commit/2e54956))
72* **streams:** replace transform streams with minipass ([363995e](https://github.com/npm/ssri/commit/363995e))
73
74<a name="6.0.1"></a>
75## [6.0.1](https://github.com/npm/ssri/compare/v6.0.0...v6.0.1) (2018-08-27)
76
77
78### Bug Fixes
79
80* **opts:** use figgy-pudding to specify consumed opts ([cf86553](https://github.com/npm/ssri/commit/cf86553))
81
82
83
84<a name="6.0.0"></a>
85# [6.0.0](https://github.com/npm/ssri/compare/v5.3.0...v6.0.0) (2018-04-09)
86
87
88### Bug Fixes
89
90* **docs:** minor typo ([b71ef17](https://github.com/npm/ssri/commit/b71ef17))
91
92
93### meta
94
95* drop support for node@4 ([d9bf359](https://github.com/npm/ssri/commit/d9bf359))
96
97
98### BREAKING CHANGES
99
100* node@4 is no longer supported
101
102
103
104<a name="5.3.0"></a>
105# [5.3.0](https://github.com/npm/ssri/compare/v5.2.4...v5.3.0) (2018-03-13)
106
107
108### Features
109
110* **checkData:** optionally throw when checkData fails ([bf26b84](https://github.com/npm/ssri/commit/bf26b84))
111
112
113
114<a name="5.2.4"></a>
115## [5.2.4](https://github.com/npm/ssri/compare/v5.2.3...v5.2.4) (2018-02-16)
116
117
118
119<a name="5.2.3"></a>
120## [5.2.3](https://github.com/npm/ssri/compare/v5.2.2...v5.2.3) (2018-02-16)
121
122
123### Bug Fixes
124
125* **hashes:** filter hash priority list by available hashes ([2fa30b8](https://github.com/npm/ssri/commit/2fa30b8))
126* **integrityStream:** dedupe algorithms to generate ([d56c654](https://github.com/npm/ssri/commit/d56c654))
127
128
129
130<a name="5.2.2"></a>
131## [5.2.2](https://github.com/npm/ssri/compare/v5.2.1...v5.2.2) (2018-02-14)
132
133
134### Bug Fixes
135
136* **security:** tweak strict SRI regex ([#10](https://github.com/npm/ssri/issues/10)) ([d0ebcdc](https://github.com/npm/ssri/commit/d0ebcdc))
137
138
139
140<a name="5.2.1"></a>
141## [5.2.1](https://github.com/npm/ssri/compare/v5.2.0...v5.2.1) (2018-02-06)
142
143
144
145<a name="5.2.0"></a>
146# [5.2.0](https://github.com/npm/ssri/compare/v5.1.0...v5.2.0) (2018-02-06)
147
148
149### Features
150
151* **match:** add integrity.match() ([3c49cc4](https://github.com/npm/ssri/commit/3c49cc4))
152
153
154
155<a name="5.1.0"></a>
156# [5.1.0](https://github.com/npm/ssri/compare/v5.0.0...v5.1.0) (2018-01-18)
157
158
159### Bug Fixes
160
161* **checkStream:** integrityStream now takes opts.integrity algos into account ([d262910](https://github.com/npm/ssri/commit/d262910))
162
163
164### Features
165
166* **sha3:** do some guesswork about upcoming sha3 ([7fdd9df](https://github.com/npm/ssri/commit/7fdd9df))
167
168
169
170<a name="5.0.0"></a>
171# [5.0.0](https://github.com/npm/ssri/compare/v4.1.6...v5.0.0) (2017-10-23)
172
173
174### Features
175
176* **license:** relicense to ISC (#9) ([c82983a](https://github.com/npm/ssri/commit/c82983a))
177
178
179### BREAKING CHANGES
180
181* **license:** the license has been changed from CC0-1.0 to ISC.
182
183
184
185<a name="4.1.6"></a>
186## [4.1.6](https://github.com/npm/ssri/compare/v4.1.5...v4.1.6) (2017-06-07)
187
188
189### Bug Fixes
190
191* **checkStream:** make sure to pass all opts through ([0b1bcbe](https://github.com/npm/ssri/commit/0b1bcbe))
192
193
194
195<a name="4.1.5"></a>
196## [4.1.5](https://github.com/npm/ssri/compare/v4.1.4...v4.1.5) (2017-06-05)
197
198
199### Bug Fixes
200
201* **integrityStream:** stop crashing if opts.algorithms and opts.integrity have an algo mismatch ([fb1293e](https://github.com/npm/ssri/commit/fb1293e))
202
203
204
205<a name="4.1.4"></a>
206## [4.1.4](https://github.com/npm/ssri/compare/v4.1.3...v4.1.4) (2017-05-31)
207
208
209### Bug Fixes
210
211* **node:** older versions of node[@4](https://github.com/4) do not support base64buffer string parsing ([513df4e](https://github.com/npm/ssri/commit/513df4e))
212
213
214
215<a name="4.1.3"></a>
216## [4.1.3](https://github.com/npm/ssri/compare/v4.1.2...v4.1.3) (2017-05-24)
217
218
219### Bug Fixes
220
221* **check:** handle various bad hash corner cases better ([c2c262b](https://github.com/npm/ssri/commit/c2c262b))
222
223
224
225<a name="4.1.2"></a>
226## [4.1.2](https://github.com/npm/ssri/compare/v4.1.1...v4.1.2) (2017-04-18)
227
228
229### Bug Fixes
230
231* **stream:** _flush can be called multiple times. use on("end") ([b1c4805](https://github.com/npm/ssri/commit/b1c4805))
232
233
234
235<a name="4.1.1"></a>
236## [4.1.1](https://github.com/npm/ssri/compare/v4.1.0...v4.1.1) (2017-04-12)
237
238
239### Bug Fixes
240
241* **pickAlgorithm:** error if pickAlgorithm() is used in an empty Integrity ([fab470e](https://github.com/npm/ssri/commit/fab470e))
242
243
244
245<a name="4.1.0"></a>
246# [4.1.0](https://github.com/npm/ssri/compare/v4.0.0...v4.1.0) (2017-04-07)
247
248
249### Features
250
251* adding ssri.create for a crypto style interface (#2) ([96f52ad](https://github.com/npm/ssri/commit/96f52ad))
252
253
254
255<a name="4.0.0"></a>
256# [4.0.0](https://github.com/npm/ssri/compare/v3.0.2...v4.0.0) (2017-04-03)
257
258
259### Bug Fixes
260
261* **integrity:** should have changed the error code before. oops ([8381afa](https://github.com/npm/ssri/commit/8381afa))
262
263
264### BREAKING CHANGES
265
266* **integrity:** EBADCHECKSUM -> EINTEGRITY for verification errors
267
268
269
270<a name="3.0.2"></a>
271## [3.0.2](https://github.com/npm/ssri/compare/v3.0.1...v3.0.2) (2017-04-03)
272
273
274
275<a name="3.0.1"></a>
276## [3.0.1](https://github.com/npm/ssri/compare/v3.0.0...v3.0.1) (2017-04-03)
277
278
279### Bug Fixes
280
281* **package.json:** really should have these in the keywords because search ([a6ac6d0](https://github.com/npm/ssri/commit/a6ac6d0))
282
283
284
285<a name="3.0.0"></a>
286# [3.0.0](https://github.com/npm/ssri/compare/v2.0.0...v3.0.0) (2017-04-03)
287
288
289### Bug Fixes
290
291* **hashes:** IntegrityMetadata -> Hash ([d04aa1f](https://github.com/npm/ssri/commit/d04aa1f))
292
293
294### Features
295
296* **check:** return IntegrityMetadata on check success ([2301e74](https://github.com/npm/ssri/commit/2301e74))
297* **fromHex:** ssri.fromHex to make it easier to generate them from hex valus ([049b89e](https://github.com/npm/ssri/commit/049b89e))
298* **hex:** utility function for getting hex version of digest ([a9f021c](https://github.com/npm/ssri/commit/a9f021c))
299* **hexDigest:** added hexDigest method to Integrity objects too ([85208ba](https://github.com/npm/ssri/commit/85208ba))
300* **integrity:** add .isIntegrity and .isIntegrityMetadata ([1b29e6f](https://github.com/npm/ssri/commit/1b29e6f))
301* **integrityStream:** new stream that can both generate and check streamed data ([fd23e1b](https://github.com/npm/ssri/commit/fd23e1b))
302* **parse:** allow parsing straight into a single IntegrityMetadata object ([c8ddf48](https://github.com/npm/ssri/commit/c8ddf48))
303* **pickAlgorithm:** Intergrity#pickAlgorithm() added ([b97a796](https://github.com/npm/ssri/commit/b97a796))
304* **size:** calculate and update stream sizes ([02ed1ad](https://github.com/npm/ssri/commit/02ed1ad))
305
306
307### BREAKING CHANGES
308
309* **hashes:** `.isIntegrityMetadata` is now `.isHash`. Also, any references to `IntegrityMetadata` now refer to `Hash`.
310* **integrityStream:** createCheckerStream has been removed and replaced with a general-purpose integrityStream.
311
312To convert existing createCheckerStream code, move the `sri` argument into `opts.integrity` in integrityStream. All other options should be the same.
313* **check:** `checkData`, `checkStream`, and `createCheckerStream` now yield a whole IntegrityMetadata instance representing the first successful hash match.
314
315
316
317<a name="2.0.0"></a>
318# [2.0.0](https://github.com/npm/ssri/compare/v1.0.0...v2.0.0) (2017-03-24)
319
320
321### Bug Fixes
322
323* **strict-mode:** make regexes more rigid ([122a32c](https://github.com/npm/ssri/commit/122a32c))
324
325
326### Features
327
328* **api:** added serialize alias for unparse ([999b421](https://github.com/npm/ssri/commit/999b421))
329* **concat:** add Integrity#concat() ([cae12c7](https://github.com/npm/ssri/commit/cae12c7))
330* **pickAlgo:** pick the strongest algorithm provided, by default ([58c18f7](https://github.com/npm/ssri/commit/58c18f7))
331* **strict-mode:** strict SRI support ([3f0b64c](https://github.com/npm/ssri/commit/3f0b64c))
332* **stringify:** replaced unparse/serialize with stringify ([4acad30](https://github.com/npm/ssri/commit/4acad30))
333* **verification:** add opts.pickAlgorithm ([f72e658](https://github.com/npm/ssri/commit/f72e658))
334
335
336### BREAKING CHANGES
337
338* **pickAlgo:** ssri will prioritize specific hashes now
339* **stringify:** serialize and unparse have been removed. Use ssri.stringify instead.
340* **strict-mode:** functions that accepted an optional `sep` argument now expect `opts.sep`.
341
342
343
344<a name="1.0.0"></a>
345# 1.0.0 (2017-03-23)
346
347
348### Features
349
350* **api:** implemented initial api ([4fbb16b](https://github.com/npm/ssri/commit/4fbb16b))
351
352
353### BREAKING CHANGES
354
355* **api:** Initial API established.