You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

11 KiB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

8.0.1 (2021-01-27)

Bug Fixes

  • simplify regex for strict mode, add tests (76e2233)

8.0.0 (2020-02-18)

⚠ BREAKING CHANGES

  • SRI values with ../ in the algorithm name now throw as invalid (which they always probably should have!)
  • adds a new error that will be thrown. Empty SRIs are no longer considered valid for checking, only when using integrityStream to calculate the SRI value.

PR-URL: https://github.com/npm/ssri/pull/12 Credit: @claudiahdz

Features

Bug Fixes

  • harden SRI parsing against ../ funny business (4062735)
  • IntegrityStream responds to mutating opts object mid-stream (4a963e5)
  • throw null when sri is empty or bad (a6811cb), closes #12

7.1.0 (2019-10-24)

Bug Fixes

  • Do not blow up if the opts object is mutated (806e8c8)

Features

  • Add Integrity#merge method (0572c1d), closes #4

7.0.1 (2019-09-30)

7.0.0 (2019-09-18)

⚠ BREAKING CHANGES

  • ssri no longer accepts a Promise option, and does not use, return, or rely on Bluebird promises.
  • drop support for Node.js v6.

We knew this was coming, and the Stream changes are breaking anyway. May as well do this now.

  • streams: this replaces the Node.js stream with a Minipass stream. See http://npm.im/minipass for documentation.

Bug Fixes

  • return super.write() return value (55b055d)

  • Use native promises only (6d13165)

  • update tap, standard, standard-version, travis (2e54956)

  • streams: replace transform streams with minipass (363995e)

6.0.1 (2018-08-27)

Bug Fixes

  • opts: use figgy-pudding to specify consumed opts (cf86553)

6.0.0 (2018-04-09)

Bug Fixes

meta

  • drop support for node@4 (d9bf359)

BREAKING CHANGES

  • node@4 is no longer supported

5.3.0 (2018-03-13)

Features

  • checkData: optionally throw when checkData fails (bf26b84)

5.2.4 (2018-02-16)

5.2.3 (2018-02-16)

Bug Fixes

  • hashes: filter hash priority list by available hashes (2fa30b8)
  • integrityStream: dedupe algorithms to generate (d56c654)

5.2.2 (2018-02-14)

Bug Fixes

  • security: tweak strict SRI regex (#10) (d0ebcdc)

5.2.1 (2018-02-06)

5.2.0 (2018-02-06)

Features

  • match: add integrity.match() (3c49cc4)

5.1.0 (2018-01-18)

Bug Fixes

  • checkStream: integrityStream now takes opts.integrity algos into account (d262910)

Features

  • sha3: do some guesswork about upcoming sha3 (7fdd9df)

5.0.0 (2017-10-23)

Features

BREAKING CHANGES

  • license: the license has been changed from CC0-1.0 to ISC.

4.1.6 (2017-06-07)

Bug Fixes

  • checkStream: make sure to pass all opts through (0b1bcbe)

4.1.5 (2017-06-05)

Bug Fixes

  • integrityStream: stop crashing if opts.algorithms and opts.integrity have an algo mismatch (fb1293e)

4.1.4 (2017-05-31)

Bug Fixes

  • node: older versions of node@4 do not support base64buffer string parsing (513df4e)

4.1.3 (2017-05-24)

Bug Fixes

  • check: handle various bad hash corner cases better (c2c262b)

4.1.2 (2017-04-18)

Bug Fixes

  • stream: _flush can be called multiple times. use on("end") (b1c4805)

4.1.1 (2017-04-12)

Bug Fixes

  • pickAlgorithm: error if pickAlgorithm() is used in an empty Integrity (fab470e)

4.1.0 (2017-04-07)

Features

  • adding ssri.create for a crypto style interface (#2) (96f52ad)

4.0.0 (2017-04-03)

Bug Fixes

  • integrity: should have changed the error code before. oops (8381afa)

BREAKING CHANGES

  • integrity: EBADCHECKSUM -> EINTEGRITY for verification errors

3.0.2 (2017-04-03)

3.0.1 (2017-04-03)

Bug Fixes

  • package.json: really should have these in the keywords because search (a6ac6d0)

3.0.0 (2017-04-03)

Bug Fixes

  • hashes: IntegrityMetadata -> Hash (d04aa1f)

Features

  • check: return IntegrityMetadata on check success (2301e74)
  • fromHex: ssri.fromHex to make it easier to generate them from hex valus (049b89e)
  • hex: utility function for getting hex version of digest (a9f021c)
  • hexDigest: added hexDigest method to Integrity objects too (85208ba)
  • integrity: add .isIntegrity and .isIntegrityMetadata (1b29e6f)
  • integrityStream: new stream that can both generate and check streamed data (fd23e1b)
  • parse: allow parsing straight into a single IntegrityMetadata object (c8ddf48)
  • pickAlgorithm: Intergrity#pickAlgorithm() added (b97a796)
  • size: calculate and update stream sizes (02ed1ad)

BREAKING CHANGES

  • hashes: .isIntegrityMetadata is now .isHash. Also, any references to IntegrityMetadata now refer to Hash.
  • integrityStream: createCheckerStream has been removed and replaced with a general-purpose integrityStream.

To convert existing createCheckerStream code, move the sri argument into opts.integrity in integrityStream. All other options should be the same.

  • check: checkData, checkStream, and createCheckerStream now yield a whole IntegrityMetadata instance representing the first successful hash match.

2.0.0 (2017-03-24)

Bug Fixes

  • strict-mode: make regexes more rigid (122a32c)

Features

  • api: added serialize alias for unparse (999b421)
  • concat: add Integrity#concat() (cae12c7)
  • pickAlgo: pick the strongest algorithm provided, by default (58c18f7)
  • strict-mode: strict SRI support (3f0b64c)
  • stringify: replaced unparse/serialize with stringify (4acad30)
  • verification: add opts.pickAlgorithm (f72e658)

BREAKING CHANGES

  • pickAlgo: ssri will prioritize specific hashes now
  • stringify: serialize and unparse have been removed. Use ssri.stringify instead.
  • strict-mode: functions that accepted an optional sep argument now expect opts.sep.

1.0.0 (2017-03-23)

Features

  • api: implemented initial api (4fbb16b)

BREAKING CHANGES

  • api: Initial API established.