minimal-xec-wallet 2.1.1 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGES.md +85 -0
  2. package/dist/minimal-xec-wallet.esm.js +64886 -0
  3. package/dist/minimal-xec-wallet.js +64851 -71163
  4. package/dist/minimal-xec-wallet.min.js +49 -52
  5. package/examples/validation/comprehensive-infrastructure-test.js +0 -4
  6. package/package.json +36 -32
  7. package/rollup.config.mjs +62 -0
package/CHANGES.md ADDED
@@ -0,0 +1,85 @@
1
+ # Changelog
2
+
3
+ ## [2.1.2] - 2025-02-05
4
+
5
+ ### Security
6
+
7
+ This release eliminates all 59 npm audit vulnerabilities (7 critical, 33 high, 13 moderate, 6 low).
8
+
9
+ #### Build System Replacement
10
+
11
+ Replaced browserify + babel build chain with Rollup to fix critical arbitrary code execution vulnerability in babel-traverse (GHSA-67hx-6x53-jw92).
12
+
13
+ **Removed:**
14
+ - `@babel/core`, `@babel/plugin-syntax-import-meta`, `@babel/plugin-transform-modules-commonjs`, `@babel/preset-env`
15
+ - `babel-plugin-transform-import-meta`, `babelify`
16
+ - `browserify`, `browser-resolve`, `esmify`, `tinyify`, `through2`
17
+
18
+ **Added:**
19
+ - `rollup` ^4.30.0
20
+ - `@rollup/plugin-node-resolve` ^16.0.0
21
+ - `@rollup/plugin-commonjs` ^28.0.0
22
+ - `@rollup/plugin-json` ^6.1.0
23
+ - `@rollup/plugin-replace` ^6.0.0
24
+ - `@rollup/plugin-terser` ^0.4.4
25
+ - `rollup-plugin-polyfill-node` ^0.13.0
26
+
27
+ #### Dependency Updates
28
+
29
+ | Package | Previous | Updated | Severity Fixed |
30
+ |---------|----------|---------|----------------|
31
+ | `crypto-js` | 4.0.0 | ^4.2.0 | CRITICAL (PBKDF2 weakness) |
32
+ | `mocha` | 9.2.1 | ^11.0.0 | HIGH (diff, js-yaml, minimatch, nanoid, serialize-javascript) |
33
+ | `sinon` | 9.2.0 | ^17.0.0 | HIGH (diff) |
34
+ | `chai` | 4.2.0 | ^5.0.0 | Compatibility |
35
+ | `semantic-release` | 19.0.3 | ^25.0.0 | HIGH (tar, @octokit/*, npm-related) |
36
+ | `eslint` | 7.17.0 | ^8.57.0 | Compatibility |
37
+ | `eslint-config-prettier` | 7.1.0 | ^9.1.0 | Compatibility |
38
+ | `eslint-config-standard` | 16.0.2 | ^17.1.0 | Compatibility |
39
+ | `eslint-plugin-prettier` | 3.3.1 | ^5.0.0 | Compatibility |
40
+ | `eslint-plugin-standard` | 4.0.1 | ^5.0.0 | Compatibility |
41
+
42
+ #### Removed Packages
43
+
44
+ | Package | Reason |
45
+ |---------|--------|
46
+ | `coveralls` | CRITICAL form-data vulnerability, MODERATE tough-cookie (no fix available) |
47
+ | `terser` | Moved to devDependency via @rollup/plugin-terser |
48
+ | `uglifyify` | Browserify plugin with vulnerable terser |
49
+
50
+ #### Added Packages
51
+
52
+ | Package | Purpose |
53
+ |---------|---------|
54
+ | `c8` ^10.0.0 | Modern coverage tool (replaces coveralls) |
55
+
56
+ #### Transitive Dependency Overrides
57
+
58
+ Added `overrides` section to force secure versions of transitive dependencies:
59
+
60
+ ```json
61
+ "overrides": {
62
+ "elliptic": "^6.6.1",
63
+ "semver": "^7.6.0",
64
+ "diff": "^8.0.3"
65
+ }
66
+ ```
67
+
68
+ ### Changed
69
+
70
+ - Build system migrated from browserify to Rollup
71
+ - Build output now includes three formats: UMD, minified UMD, and ESM
72
+ - Build time improved from ~30s to ~5s
73
+ - Removed `.babelrc` and `transform-import-meta.js` (no longer needed)
74
+
75
+ ### Scripts Updated
76
+
77
+ | Script | Previous | Updated |
78
+ |--------|----------|---------|
79
+ | `build` | browserify with babel transforms | `rollup -c` |
80
+ | `build:dev` | browserify without minification | `rollup -c --environment NODE_ENV:development` |
81
+ | `coverage` | nyc with coveralls | `c8 --reporter=lcov mocha ...` |
82
+ | `coverage:report` | nyc html reporter | `c8 report --reporter=html` |
83
+
84
+ **New script:**
85
+ - `build:watch` - `rollup -c --watch`