Prevent [email protected] from mutating internal values #39
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
junderw
approved these changes
May 30, 2020
|
after publishing v2.0.1, I would consider depublishing v2.0.0 even... |
|
I think there's a small window of time to unpublish a version, which probably has closed. I think npm does exceptions if you contact their support channels though. |
|
Published in 2.0.1 |
|
Deprecated hdkey v2.0.0, anyone attempting to install it (even as a sub-dependency) will get this logged in the console: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
We discovered a small bug in this library when integrating it into ethereumjs-wallet. You can read more about it here: ethereumjs/ethereumjs-wallet#127
The problem was that
secp256k1v4 mutates some values in place. v3 didn't. When upgrading this library, these method calls weren't updated so deriving a child key was sometimes modifying the private/public keys.This PR fixes this bug, and adds some tests to prevent it from happening again.