Update dependency ethereumjs-util to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ethereumjs-util	5.2.1 -> 7.0.10

---

Release Notes

ethereumjs/ethereumjs-util

v7.0.9

Compare Source

This release adds support for very high chainId numbers exceeding MAX_SAFE_INTEGER (an example is the chain ID 34180983699157880 used for the ephemeral Yolov3 testnet preparing for the berlin hardfork, but high chain IDs might be used for things like private test networks and the like as well).

Function signatures for methods in address and signature are therefore expanded to allow for a BNLike input type (BN | PrefixedHexString | number | Buffer) for chain ID related parameters.

All function signatures are still taking in a number input for backwards-compatibility reasons. If you use one of the following functions to implement generic use cases in your library where the chain ID is not yet known it is recommended to updated to one of the other input types (with plain Buffer likely be the most future-proof). Note that on some functions this changes the return value as well.

• account: toChecksumAddresss(hexAddress: string, eip1191ChainId?: number): string
  • -> toChecksumAddress = function(hexAddress: string, eip1191ChainId?: BNLike): string
• account: isValidChecksumAddress(hexAddress: string, eip1191ChainId?: number)
  • -> isValidChecksumAddress(hexAddress: string, eip1191ChainId?: BNLike)
• signature: ecsign(msgHash: Buffer, privateKey: Buffer, chainId?: number): ECDSASignature
  • -> ecsign(msgHash: Buffer, privateKey: Buffer, chainId?: number): ECDSASignature (return value stays the same on number input)
  • -> ecsign(msgHash: Buffer, privateKey: Buffer, chainId: BNLike): ECDSASignatureBuffer (changed return value for other type inputs)
• signature: ecrecover(msgHash: Buffer, v: number, r: Buffer, s: Buffer, chainId?: number): Buffer
  • -> ecrecover(msgHash: Buffer, v: BNLike, r: Buffer, s: Buffer, chainId?: BNLike): Buffer
• signature: toRpcSig(v: number, r: Buffer, s: Buffer, chainId?: number): string
  • -> toRpcSig(v: BNLike, r: Buffer, s: Buffer, chainId?: BNLike): string
• signature: isValidSignature(v: number, r: Buffer, s: Buffer, homesteadOrLater: boolean = true, chainId?: number)
  • -> isValidSignature(v: BNLike, r: Buffer, s: Buffer, homesteadOrLater: boolean = true, chainId?: BNLike)

v7.0.8

Compare Source

• New Address.equals(address: Address) function for easier address equality comparions, PR #​285
• Fixed a bug in fromRpcSig() in the signature module not working correctly for chain IDs greater than 110, PR #​287

v7.0.7

Compare Source

• Removed stateRoot check for Account.isEmpty() to make emptiness check EIP-161 compliant, PR #​279
• Added type AddressLike and helper bnToHex(), PR #​279
• Added account.raw() which returns a Buffer Array of the raw Buffers for the account in order, PR #​279

v7.0.6

Compare Source

New Account class

This release adds a new Account class intended as a modern replacement for ethereumjs-account. It has a shape of Account(nonce?: BN, balance?: BN, stateRoot?: Buffer, codeHash?: Buffer).

Instantiation

The static factory methods assist in creating an Account object from varying data types: Object: fromAccountData, RLP: fromRlpSerializedAccount, and Array: fromValuesArray.

Methods: isEmpty(): boolean, isContract(): boolean, serialize(): Buffer

Example usage:

import { Account, BN } from 'ethereumjs-util'

const account = new Account(
  new BN(0), // nonce, default: 0
  new BN(10).pow(new BN(18)), // balance, default: 0
  undefined, // stateRoot, default: KECCAK256_RLP (hash of RLP of null)
  undefined, // codeHash, default: KECCAK256_NULL (hash of null)
)

For more info see the documentation, examples of usage in test/account.spec.ts or
PR #​275.

New export: TypeScript types

A new file with helpful TypeScript types has been added to the exports of this project,
see PR #​275.

In this release it contains BNLike, BufferLike, and TransformableToBuffer.

Address.toBuffer()

The Address class has as a new method address.toBuffer() that will give you a copy of the underlying address.buf
(PR #​277).

toBuffer() now converts TransformableToBuffer

The toBuffer() exported function now additionally converts any object with a toBuffer() method
(PR #​277).

v7.0.5

Compare Source

This release adds a new module address - see README -
with a new Address class and type which can be used for creating and representing Ethereum addresses.

Example usage:

import { Address } from 'ethereumjs-util'

const pubKey = Buffer.from(
  '3a443d8381a6798a70c6ff9304bdc8cb0163c23211d11628fae52ef9e0dca11a001cf066d56a8156fc201cd5df8a36ef694eecd258903fca7086c1fae7441e1d',
  'hex',
)
const address = Address.fromPublicKey(pubKey)

In TypeScript the associated Address type can be used to more strictly enforce type checks
(e.g. on the length of an address) on function parameters expecting an address input.
So you can declare a function like the following: myAddressRelatedFunction(Address: address)
to get more assurance that the address input is correct.

See PR #​186

v7.0.4

Compare Source

• Fixed BN.js and RLP re-export failures from TypeScript,
  PR #​270
• Fixed an issue along large-value input due to a string copy inconsistency
  within the assertIs* helper functions, issue affects most methods of the
  library,
  PR #​269

v7.0.3

Compare Source

This release replaces the keccak and secp256k1 dependencies
(PR #​257)
and instead uses the
ethereum-cryptography
package that uses native JS implementations for cryptographic primitives
and makes use of modern and forward-compatible N-API implementations in Node
wherever possible.

This is part of a larger initiative led by Nomic Labs to improve the developer
experience within the Ethereum developer ecosystem,
see ethereum/js-team-organization#18 for context.

Other Changes:

• Added TypeScript definitions for ethjs-util methods,
  PR #​248 and
  PR #​260

v7.0.2

Compare Source

This patch release re-establishes the state of v7.0.0 release and upgrades
the BN.js re-export version back to v5 since quick patches for both
the v5 (v5.1.2) and
the v4 branch (v4.11.9)
have been released to fix interoperability issues between the BN.js versions.

This now makes it possible to move to the latest BN.js v5 version and profit
from future upgrades and patches.

An upgrade is highly recommended, the v7.0.1 release will be marked as
deprecated along this release.

See: Issue #​250

v7.0.1

Compare Source

[DEPRECATED in favour of v7.0.2]

This patch release downgrades the re-exported BN.js version from v5 to
v4 (so a continuation of what has being used within the v6.x versions).
This is due to some unexpected interoperability problems in libraries using
the older v4 BN.js branch in their some of their respective dependencies.

An upgrade is highly recommended, the v7.0.0 release will be marked as
deprecated along this release.

See: Issue #​250

v7.0.0

Compare Source

[DEPRECATED in favour of v7.0.1]

This release comes with significant changes to the API, updated versions of
the core crypto libraries and substantial developer improvements in the form
of a refactored test suite and API documentation.

API Changes

Changes to the API have been discussed in Issue
#​172 and are
guided by the principles of:

• Make the API more typestrict
• Be less ambiguous regarding accepted values
• Avoid implicit type conversions
• Be more explicit on wrong input (just: throw)

While the implemented changes come with some additional need for manual type
conversions depending on the usage context, they should finally lead to
cleaner usage patterns on the cosuming side and a more predictable, robust and
less error-prone control flow.

Some note: for methods where Buffer usage is now enforced you can use the
Bytes.toBuffer() method for conversion.

Account Module

Enforced Hex Prefixing for Address Strings

PR: #​241

Hex prefixing is now enforced for all address string inputs and functions
will throw if a non-hex string is provided:

• Account.isValidAddress()
• Account.isZeroAddress()
• Account.toChecksumAddress()
• Account.isValidChecksumAddress()

The Account.isPrecompile() method was removed from the code base,
PR #​242

Enforce Buffer Inputs for Account Methods

PR: #​245

Implicit Buffer conversions for the following methods have been removed
and Buffer inputs are now enforced:

• Account.generateAddress()
• Account.generateAddress2()
• Account.pubToAddress()
• AccountprivateToPublic()
• AccountimportPublic()

Bytes Module

Typestrict Methods and Type-Explicit Method Split-Up

PR: #​244

• Enforced Buffer input for Bytes.setLengthLeft(), Bytes.setLengthRight()
• Bytes.setLength() has been removed (alias for Bytes.setLengthLeft())
• Bytes.stripZeros() has been removed (alias for Bytes.unPad())
• Bytes.unpad has been split up into:
  • Bytes.unpadBuffer()
  • Bytes.unpadHexString()
  • Bytes.unpadArray()

Hash Module

Typestrict Methods and Type-Explicit Method Split-Up

PR #​247

The following methods are now Buffer-only:

• Hash.keccak()
• Hash.keccak256()
• Hash.sha256()
• Hash.ripemd160()

Hash.keccak() gets the following additional convenience methods:

• Hash.keccakFromString()
• Hash.keccakFromHexString() (hex string enforced)
  Hash.keccakFromArray()

Hash.sha256() gets the following additional convenience methods:

• Hash.sha256FromString()
• Hash.sha256FromArray()

Hash.ripemd160() gets the following additional convenience methods:

• Hash.ripemd160FromString()
• Hash.ripemd160FromArray()

Other Breaking Changes

• Added support for Node 14,
  PR #​249
• Dropped support for Node 8 along
  PR #​228
• Updated BN.js library re-export from 4.x to 5.x,
  PR [#​249], New release v7.0.0 ethereumjs/ethereumjs-util#249
• Removed secp2561 re-export (use methods provided or import directly),
  PR #​228

Cryto Library Updates: Keccak, secp2561

Keccak dependency has been updated from 2.1.0 to 3.0.0. This version
comes with prebuilds for Linux, MacOS and Windows so most users won't need
to have node-gyp run on installation.

The version update also brings in feature compatibility with newer Node.js
versions.

The secp2561 ECDSA dependency has been updated from 3.0.1 to 4.0.1.

Developer Improvements

• Refactored test suite (module split-up, headless Firefox and Chrome),
  PR #​231
• Moved CI from Travis to GitHub Actions,
  PR #​231
• Improved and updated TypeDoc API documentation,
  PR #​232 and
  PR #​236
• Basic API tests for re-exports (BN.js, RLP, ethjsUtil),
  PR #​235

v6.2.1

Compare Source

This release replaces the native secp256k1 and keccak dependencies with ethereum-cryptopgraphy which doesn't need native compilation.

v6.2.0

Compare Source

This release comes with a new file structure, related functionality is now broken
down into separate files (like account.js) allowing for more oversight and
modular integration. All functionality is additionally exposed through an
aggregating index.js file, so this version remains backwards-compatible.

Overview on the new structure:

• account: Private/public key and address-related functionality
  (creation, validation, conversion)
• byte: Byte-related helper and conversion functions
• constants: Exposed constants (e.g. KECCAK256_NULL_S for the string
  representation of the Keccak-256 hash of null)
• hash: Hash functions
• object: Helper function for creating a binary object (DEPRECATED)
• signature: Signing, signature validation, conversion, recovery

See associated PRs #​182
and #​179.

Features

• account: Added EIP-1191 address checksum algorithm support for
  toChecksumAddress(),
  PR #​204

Bug Fixes

• bytes: toBuffer() conversion function now throws if strings aren't
  0x-prefixed hex values making the behavior of toBuffer() more predictable
  respectively less error-prone (you might generally want to check cases in your
  code where you eventually allowed non-0x-prefixed input before),
  PR #​197

Dependencies / Environment

• Dropped Node 6, added Node 11 and 12 to officially supported Node versions,
  PR #​207
• Dropped safe-buffer dependency,
  PR #​182
• Updated rlp dependency from v2.0.0 to v2.2.3 (TypeScript improvements
  for RLP hash functionality),
  PR #​187
• Made @types/bn.js a dependency instead of a devDependency,
  PR #​205
• Updated keccak256 dependency from v1.4.0 to v2.0.0, PR #​168

v6.1.0

Compare Source

First TypeScript based release of the library, now also including a
type declaration file distributed along with the package published,
see PR #​170.

Bug Fixes

• Fixed a bug in isValidSignature() not correctly returning false
  if passed an s-value greater than secp256k1n/2 on homestead or later.
  If you use the method signature with more than three arguments (so not just
  passing in v, r, s and use it like isValidSignature(v, r, s) and omit
  the optional args) please read the thread from
  PR #​171 carefully
  and check your code.

Development

• Updated @types/node to Node 11 types,
  PR #​175
• Changed browser from Chrome to ChromeHeadless,
  PR #​156

v6.0.0

Compare Source

• Support for EIP-155 replay protection by adding an optional chainId parameter
  to ecsign(), ecrecover(), toRpcSig() and isValidSignature(), if present the
  new signature format relying on the chainId is used, see PR #​143
• New generateAddress2() for CREATE2 opcode (EIP-1014) address creation
  (Constantinople HF), see PR #​146
• [BREAKING] Fixed signature to comply with Geth and Parity in toRpcSig() changing
  v from 0/1 to 27/28, this changes the resulting signature buffer, see PR #​139
• [BREAKING] Remove deprecated sha3-named constants and methods (see v5.2.0 release),
  see PR #​154

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.