[Snyk] Upgrade ethereumjs-util from 6.1.0 to 6.2.0 #1

snyk-bot · 2020-06-01T21:43:53Z

Snyk has created this PR to upgrade ethereumjs-util from 6.1.0 to 6.2.0.

✨What is Merge Advice?

We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 7 months ago, on 2019-11-07.

Release notes

Package name: ethereumjs-util

6.2.0 - 2019-11-07
This release comes with a new file structure, related functionality is now broken down into separate files (like account.js) allowing for more oversight and modular integration. All functionality is additionally exposed through an aggregating index.js file, so this version remains backwards-compatible.

Overview on the new structure:
- account: Private/public key and address-related functionality (creation, validation, conversion)
- byte: Byte-related helper and conversion functions
- constants: Exposed constants (e.g. KECCAK256_NULL_S for the string representation of the Keccak-256 hash of null)
- hash: Hash functions
- object: Helper function for creating a binary object (DEPRECATED)
- signature: Signing, signature validation, conversion, recovery
See associated PRs #182 and #179.

Features
- account: Added EIP-1191 address checksum algorithm support for toChecksumAddress(),
  PR #204
Bug Fixes
- bytes: toBuffer() conversion function now throws if strings aren't 0x-prefixed hex values making the behavior of toBuffer() more predictable respectively less error-prone (you might generally want to check cases in your code where you eventually allowed non-0x-prefixed input before), PR #197
Dependencies / Environment
- Dropped Node 6, added Node 11 and 12 to officially supported Node versions,
  PR #207
- Dropped safe-buffer dependency,
  PR #182
- Updated rlp dependency from v2.0.0 to v2.2.3 (TypeScript improvements
  for RLP hash functionality),
  PR #187
- Made @types/bn.js a dependency instead of a devDependency,
  PR #205
- Updated keccak256 dependency from v1.4.0 to v2.0.0, PR #168
6.1.0 - 2019-02-12
First TypeScript based release of the library, now also including a
type declaration file distributed along with the package published,
see PR #170.

Bug Fixes
- Fixed a bug in isValidSignature() not correctly returning false
  if passed an s-value greater than secp256k1n/2 on homestead or later.
  If you use the method signature with more than three arguments (so not just
  passing in v, r, s and use it like isValidSignature(v, r, s) and omit
  the optional args) please read the thread from
  PR #171 carefully
  and check your code.
Development
- Updated @types/node to Node 11 types,
  PR #175
- Changed browser from Chrome to ChromeHeadless,
  PR #156