@atproto/repo 0.3.3 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # @atproto/repo
2
2
 
3
+ ## 0.3.4
4
+
5
+ ### Patch Changes
6
+
7
+ - [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
8
+
9
+ - Updated dependencies [[`ce49743d`](https://github.com/bluesky-social/atproto/commit/ce49743d7f8800d33116b88001d7b512553c2c89), [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
10
+ - @atproto/lexicon@0.3.0
11
+ - @atproto/common-web@0.2.3
12
+ - @atproto/identity@0.3.1
13
+ - @atproto/common@0.3.3
14
+ - @atproto/crypto@0.2.3
15
+ - @atproto/syntax@0.1.4
16
+
3
17
  ## 0.3.3
4
18
 
5
19
  ### Patch Changes
package/LICENSE.txt ADDED
@@ -0,0 +1,7 @@
1
+ Dual MIT/Apache-2.0 License
2
+
3
+ Copyright (c) 2022-2023 Bluesky PBC, and Contributors
4
+
5
+ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
+
7
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
package/README.md CHANGED
@@ -9,4 +9,9 @@ Repositories in atproto are signed key/value stores containing CBOR-encoded data
9
9
 
10
10
  ## License
11
11
 
12
- MIT License
12
+ This project is dual-licensed under MIT and Apache 2.0 terms:
13
+
14
+ - MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
15
+ - Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
16
+
17
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
package/dist/index.js CHANGED
@@ -24537,16 +24537,18 @@ var decompressPubkey2 = (compressed) => {
24537
24537
  };
24538
24538
 
24539
24539
  // ../crypto/src/p256/operations.ts
24540
- var verifyDidSig = async (did2, data, sig) => {
24540
+ var verifyDidSig = async (did2, data, sig, opts) => {
24541
24541
  const { jwtAlg, keyBytes } = parseDidKey(did2);
24542
24542
  if (jwtAlg !== P256_JWT_ALG) {
24543
24543
  throw new Error(`Not a P-256 did:key: ${did2}`);
24544
24544
  }
24545
- return verifySig(keyBytes, data, sig);
24545
+ return verifySig(keyBytes, data, sig, opts);
24546
24546
  };
24547
- var verifySig = async (publicKey, data, sig) => {
24547
+ var verifySig = async (publicKey, data, sig, opts) => {
24548
24548
  const msgHash = await sha2562(data);
24549
- return p256.verify(sig, msgHash, publicKey, { lowS: true });
24549
+ return p256.verify(sig, msgHash, publicKey, {
24550
+ lowS: opts?.lowS ?? true
24551
+ });
24550
24552
  };
24551
24553
 
24552
24554
  // ../crypto/src/p256/plugin.ts
@@ -24558,16 +24560,18 @@ var p256Plugin = {
24558
24560
  var plugin_default = p256Plugin;
24559
24561
 
24560
24562
  // ../crypto/src/secp256k1/operations.ts
24561
- var verifyDidSig2 = async (did2, data, sig) => {
24563
+ var verifyDidSig2 = async (did2, data, sig, opts) => {
24562
24564
  const { jwtAlg, keyBytes } = parseDidKey(did2);
24563
24565
  if (jwtAlg !== SECP256K1_JWT_ALG) {
24564
24566
  throw new Error(`Not a secp256k1 did:key: ${did2}`);
24565
24567
  }
24566
- return verifySig2(keyBytes, data, sig);
24568
+ return verifySig2(keyBytes, data, sig, opts);
24567
24569
  };
24568
- var verifySig2 = async (publicKey, data, sig) => {
24570
+ var verifySig2 = async (publicKey, data, sig, opts) => {
24569
24571
  const msgHash = await sha2562(data);
24570
- return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
24572
+ return secp256k1.verify(sig, msgHash, publicKey, {
24573
+ lowS: opts?.lowS ?? true
24574
+ });
24571
24575
  };
24572
24576
 
24573
24577
  // ../crypto/src/secp256k1/plugin.ts
@@ -24620,13 +24624,13 @@ var sha2563 = async (input) => {
24620
24624
  };
24621
24625
 
24622
24626
  // ../crypto/src/verify.ts
24623
- var verifySignature = (didKey, data, sig) => {
24627
+ var verifySignature = (didKey, data, sig, opts) => {
24624
24628
  const parsed = parseDidKey(didKey);
24625
24629
  const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
24626
24630
  if (!plugin) {
24627
- throw new Error(`Unsupported signature alg: :${parsed.jwtAlg}`);
24631
+ throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
24628
24632
  }
24629
- return plugin.verifySignature(didKey, data, sig);
24633
+ return plugin.verifySignature(didKey, data, sig, opts);
24630
24634
  };
24631
24635
 
24632
24636
  // src/mst/util.ts