Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to secure Base58 library #1433

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Switch to secure Base58 library #1433

wants to merge 3 commits into from
+29 −19

Conversation

r-near
Copy link

@r-near r-near commented Nov 23, 2024
edited
Loading

Pre-flight checklist

  • I have read the Contributing Guidelines on pull requests.
  • Commit messages follow the conventional commits spec
  • If this is a code change: I have written unit tests.
  • If this changes code in a published package: I have run pnpm changeset to create a changeset JSON document appropriate for this change.
  • If this is a new API or substantial change: the PR has an accompanying issue (closes #0000) and the maintainers have approved on my working plan.

Motivation

This PR switches the Base58 implementation to a secure, audited & 0-deps implementation. The existing bs58 library is old, poorly maintained, and incompatible with Vite due to its use of Node.js primitives (Buffer).

This PR should resolve the following:

Test Plan

Related issues/PRs

Note

This project still indirectly relies on bs58 through near-workspaces:

near-workspaces 3.5.0
├─┬ borsh 0.5.0
│ └── bs58 4.0.0
├── bs58 4.0.1

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Nov 23, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 41ccacf

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages
Name Type
@near-js/accounts Minor
near-api-js Minor
@near-js/utils Minor
@near-js/wallet-account Patch
@near-js/biometric-ed25519 Patch
@near-js/client Patch
@near-js/crypto Patch
@near-js/providers Patch
@near-js/transactions Patch
@near-js/keystores-browser Patch
@near-js/keystores-node Patch
@near-js/keystores Patch
@near-js/signers Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@r-near r-near marked this pull request as draft November 23, 2024 03:27
@r-near
Copy link
Author

r-near commented Nov 23, 2024

We'll need to do this in parts:

  1. First, we need to release new packages for these libraries
  2. Then, we need to update near-workspace to use the new libraries that don't depend on bs58, along with stripping the existing bs58 dependency
  3. Release a new version of near-workspace with 0 dependency on bs58
  4. Bump near-workspace version in near-api-js and make a new release

@r-near r-near marked this pull request as ready for review November 23, 2024 03:54
@r-near r-near mentioned this pull request Nov 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andy-haynes andy-haynes Awaiting requested review from andy-haynes

@thisisjoshford thisisjoshford Awaiting requested review from thisisjoshford

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
DevTools
Status: NEW❗
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@r-near