From c40eb64743d828894653262689147a58f46b3e15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Oct 2025 15:48:21 +0000 Subject: [PATCH] Bump @noble/hashes to v2 --- package-lock.json | 17 +------- package.json | 2 +- src/crypto/hash/md5.ts | 77 --------------------------------- src/crypto/hash/noble_hashes.js | 9 ++-- 4 files changed, 6 insertions(+), 99 deletions(-) delete mode 100644 src/crypto/hash/md5.ts diff --git a/package-lock.json b/package-lock.json index 912facf2..1a7dd67f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@eslint/js": "^9.37.0", "@noble/ciphers": "^1.3.0", "@noble/curves": "^2.0.1", - "@noble/hashes": "^1.8.0", + "@noble/hashes": "^2.0.1", "@openpgp/jsdoc": "^3.6.11", "@openpgp/seek-bzip": "^1.0.5-git", "@openpgp/tweetnacl": "^1.0.4-2", @@ -1056,7 +1056,7 @@ "url": "https://paulmillr.com/funding/" } }, - "node_modules/@noble/curves/node_modules/@noble/hashes": { + "node_modules/@noble/hashes": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.0.1.tgz", "integrity": "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==", @@ -1069,19 +1069,6 @@ "url": "https://paulmillr.com/funding/" } }, - "node_modules/@noble/hashes": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz", - "integrity": "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==", - "dev": true, - "license": "MIT", - "engines": { - "node": "^14.21.3 || >=16" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", diff --git a/package.json b/package.json index 8dc52723..3a72bb22 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "@eslint/js": "^9.37.0", "@noble/ciphers": "^1.3.0", "@noble/curves": "^2.0.1", - "@noble/hashes": "^1.8.0", + "@noble/hashes": "^2.0.1", "@openpgp/jsdoc": "^3.6.11", "@openpgp/seek-bzip": "^1.0.5-git", "@openpgp/tweetnacl": "^1.0.4-2", diff --git a/src/crypto/hash/md5.ts b/src/crypto/hash/md5.ts deleted file mode 100644 index 80f0261c..00000000 --- a/src/crypto/hash/md5.ts +++ /dev/null @@ -1,77 +0,0 @@ -// Copied from https://github.com/paulmillr/noble-hashes/blob/main/test/misc/md5.ts - -import { HashMD } from '@noble/hashes/_md'; -import { rotl, wrapConstructor } from '@noble/hashes/utils'; - -// Per-round constants -const K = Array.from({ length: 64 }, (_, i) => Math.floor(2 ** 32 * Math.abs(Math.sin(i + 1)))); -// Choice: a ? b : c -const Chi = (a: number, b: number, c: number) => (a & b) ^ (~a & c); -// Initial state (same as sha1, but 4 u32 instead of 5) -const IV = /* @__PURE__ */ new Uint32Array([0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476]); -// Temporary buffer, not used to store anything between runs -// Named this way for SHA1 compat -const MD5_W = /* @__PURE__ */ new Uint32Array(16); -class MD5 extends HashMD { - private A = IV[0] | 0; - private B = IV[1] | 0; - private C = IV[2] | 0; - private D = IV[3] | 0; - constructor() { - super(64, 16, 8, true); - } - protected get(): [number, number, number, number] { - const { A, B, C, D } = this; - return [A, B, C, D]; - } - protected set(A: number, B: number, C: number, D: number) { - this.A = A | 0; - this.B = B | 0; - this.C = C | 0; - this.D = D | 0; - } - protected process(view: DataView, offset: number): void { - for (let i = 0; i < 16; i++, offset += 4) MD5_W[i] = view.getUint32(offset, true); - // Compression function main loop, 64 rounds - let { A, B, C, D } = this; - for (let i = 0; i < 64; i++) { - let F, g, s; - if (i < 16) { - F = Chi(B, C, D); - g = i; - s = [7, 12, 17, 22]; - } else if (i < 32) { - F = Chi(D, B, C); - g = (5 * i + 1) % 16; - s = [5, 9, 14, 20]; - } else if (i < 48) { - F = B ^ C ^ D; - g = (3 * i + 5) % 16; - s = [4, 11, 16, 23]; - } else { - F = C ^ (B | ~D); - g = (7 * i) % 16; - s = [6, 10, 15, 21]; - } - F = F + A + K[i] + MD5_W[g]; - A = D; - D = C; - C = B; - B = B + rotl(F, s[i % 4]); - } - // Add the compressed chunk to the current hash value - A = (A + this.A) | 0; - B = (B + this.B) | 0; - C = (C + this.C) | 0; - D = (D + this.D) | 0; - this.set(A, B, C, D); - } - protected roundClean() { - MD5_W.fill(0); - } - destroy() { - this.set(0, 0, 0, 0); - this.buffer.fill(0); - } -} -export const md5 = /* @__PURE__ */ wrapConstructor(() => new MD5()); diff --git a/src/crypto/hash/noble_hashes.js b/src/crypto/hash/noble_hashes.js index 605afa29..3c0cff91 100644 --- a/src/crypto/hash/noble_hashes.js +++ b/src/crypto/hash/noble_hashes.js @@ -4,12 +4,9 @@ * which share a lot of code anyway. */ -import { sha1 } from '@noble/hashes/sha1'; -import { sha224, sha256 } from '@noble/hashes/sha256'; -import { sha384, sha512 } from '@noble/hashes/sha512'; -import { sha3_256, sha3_512 } from '@noble/hashes/sha3'; -import { ripemd160 } from '@noble/hashes/ripemd160'; -import { md5 } from './md5'; +import { sha224, sha256, sha384, sha512 } from '@noble/hashes/sha2.js'; +import { sha3_256, sha3_512 } from '@noble/hashes/sha3.js'; +import { md5, ripemd160, sha1 } from '@noble/hashes/legacy.js'; export const nobleHashes = new Map(Object.entries({ md5,