Releases: matthewhartstonge/argon2
Releases · matthewhartstonge/argon2
v1.0.2
v1.0.1
v1.0.0
1.0.0 (2023-12-03)
Versioning Strategy
The API is stable and has been running in production for many years now, therefore won't be changing.
This library has a single dependency on golang.org/x/crypto
. This means that as the version of Go is updated there, this library will roll up it's version to a new minor.
Any CVEs/security patches that come through via dependabot, without a resulting Go version update, will become a patch release.
For example:
- If a version of
/x/crypto
now requires[email protected]
,argon2
will go fromv1.0.0
->v1.1.0
. - If
x/crypto
releases a version that resolves CVEs with no requirement to upgrade Go, thenargon2
will go fromv1.0.0
->v1.0.1
.
⚠ BREAKING CHANGES
- deps: bump golang.org/x/crypto from 0.13.0 to 0.16.0 now requires
[email protected]
as a minimum.
Features
- deps: bump golang.org/x/crypto from 0.13.0 to 0.16.0 (8dbc527)
v0.3.4
v0.3.3
0.3.3 (2023-07-04)
Build
- deps: updates to
golang.org/x/[email protected]
. (d9c0208)
Bug Fixes
- .github/dependabot: fixes branch targets in dependabot configuration. (64ab947)
v0.3.2
v0.3.2 - 2022-11-18
Changed
- deps: updates to
golang.org/x/[email protected]
. - .github: adjusts dependabot to file version updates against development.
Full Changelog: v0.3.1...v0.3.2
v0.3.1
v0.3.1 - 2022-11-10
Changed
- deps: updates to
golang.org/x/[email protected]
.
Full Changelog: v0.3.0...v0.3.1
v0.3.0
v0.3.0 - 2022-11-05
Added
- .github: adds support for github actions, codeowners and dependabot.
Changed
- deps: updates to
[email protected]
andgolang.org/x/[email protected]
. - readme: update badges and remove references to travis ci.
- *: update project licensing.
Fixed
- argon2: fixes grammar and comment line length.
Removed
- dep: removes support for dep.
- travis: removes travis configuration.
Full Changelog: v0.2.1...v0.3.0
v0.2.1
v0.2.1 - 2022-02-22
GPG signed release of v0.2.0
.
Added
- tests: adds benchmarks to compare the default recommendations.
Changed
- travis: updates to test against
[email protected]
. - deps: updates
go.mod
to[email protected]
andx/crypto
to latest. (Thanks @ricochet! 🎉) - explicitly ignores returned error values under benchmarks (errcheck).
- argon2: updates recommended defaults as described by RFC9106.
v0.1.5
v0.1.5 - 2021-08-06
Changed
- travis: require go >= v1.9
- deps: bumps to the latest version of
golang.org/x/crypto
.- Upgrades to mitigate users importing a vulnerable version of
golang.org/x/crypto/ssh
that contains CVE-2020-9283. - Upgrades to mitigate users importing a vulnerable version of
golang.org/x/text
that contains CVE-2020-14040.
- Upgrades to mitigate users importing a vulnerable version of
- travis: updated to test against go 1.12+, migrates to go mod for dependency management.
- travis: forces use of go modules under ci.
- travis: sets
[email protected]
as the lowest supportedgo mod
version due to a change in go build.