Skip to content

Releases: forgesworn/signet

v1.0.0

31 Mar 14:44
@github-actions github-actions
v1.0.0
2164983

Choose a tag to compare

View all tags
v1.0.0 Latest
Latest

1.0.0 (2026-03-31)

Bug Fixes

  • add algorithm field to voting parsed interfaces (227c5a5)
  • add ArrayBuffer cast for crypto.subtle.importKey type compat (e9408e4)
  • add ECDH identity-point check to computeSharedSecret for consistency (9842bfc)
  • add length bounds to callbackUrl and relayUrl in VerifyRequest validation (7b1234e)
  • add prepare script for git URL installs (c0d55a6)
  • add prepare script for git URL installs (ce306e8)
  • add signet-lsag-v1 domain separator to LSAG signatures (ea68b6b)
  • address re-review findings — bounds checks, constant-time comparisons, type guards (e0a4621)
  • allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (a66efcf)
  • app build — bump spoken-token to v2, shim node:crypto for browser (e0066cf)
  • app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (d5d71b3)
  • bind signet age proof verification to credential policy (f1c51e9)
  • bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (042af30)
  • bump canary-kit to ^0.10.0 (spoken-token extraction) (5ae99df)
  • compact QR format for auth + combined flow warning (d6702b3)
  • compliance off-by-one in consent age check, merkle key colon guard (a732133)
  • comprehensive security and production readiness hardening (8e6ccbc), closes Hi#severity
  • correct copyright holder in licence (6416431)
  • correct nsec-tree file: path for main repo root (1918279)
  • correct repository URL and remove NPM_TOKEN from CI (e5c6f22)
  • enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (85dfcd1)
  • fifth security pass — auth, SDK, and presentation hardening (445d1cb)
  • fourth security pass — undici fix, nsec single-keypair safety, encryption prep (2bce01a)
  • low-severity security hardening (9315c1f)
  • modulo bias, pubkey validation, trim API surface, add engines (af7689b)
  • NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (177795e)
  • NaN guards on parseInt for untrusted tag values (2c365fc)
  • nullifier separator ambiguity and relay event verification (4590b0d)
  • pass 7 belt-and-braces — 24 findings, all fixed (330fb61)
  • pass 8 — onboarding encryption window + double-encryption bug (36a231a)
  • pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cc9d2f4)
  • QR scanner — remove all sizing overrides, let html5-qrcode manage layout (95a210f)
  • QR scanner — remove forced aspect ratio causing duplicate view (37d4128)
  • QR scanner — split image, jerkiness, and auto-stop on scan (ab828e2)
  • remaining security and production readiness issues (e1dd8f8)
  • remove manual L/l tags from builders (nip-va auto-generates) (a056287)
  • remove unused deriveNostrKeyPair import (re-review finding) (b04306a)
  • rename expires → expiration (NIP-40 standard) across all files (277f586)
  • replace html5-qrcode camera with native getUserMedia + jsQR (edeee32)
  • resolve all LOW-severity security findings from audit passes 1-3 (8368196)
  • resolve app build issues and install dependencies (e72f32c)
  • resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (64908c0)
  • resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (120d9ec)
  • resolve Uint8Array type compatibility with crypto.subtle (d8cb466)
  • restore correct repository URL to signet-protocol (5f629fd)
  • restore HTTPS certs for app after dev-app retirement (b38b5dd)
  • second-pass security hardening (2274db2)
  • second-pass security review — tag bounds, relay guards, range-proof hardening (a3b88cf)
  • security and production readiness hardening (iteration 1) (d8963cb)
  • security audit — HIGH and MEDIUM severity fixes (512a978)
  • security hardening — expiry checks, type guards, fetch timeout, key cleanup (b516b21)
  • security hardening — input validation, type guards, error classes (7085af8)
  • security hardening — NaN guards, assertValidity, input bounds (073d394)
  • security hardening pass 2 — ring encoding, key image validation, store/relay guards (0ba8268)
  • security hardening, credential chain fix, kind number reservation (96e0974)
  • security review findings - binding, validation, replay resistance (67e0202)
  • simplify HTTPS setup, remove redirect ports (d6acaa1)
  • switch canary-kit dependency from file: to npm ^0.9.0 (24f02cc)
  • tests: add algorithm field to voting and policy test objects (d6955cb)
  • update app domain to forgesworn.dev, replace local path aliases with npm deps (232339d)
  • update kind 30999 references in comments to 31000 (ac21899)
  • update repository URL to forgesworn/signet ([8c01baf](https://github.com/forgesworn/signet...
Read more
Assets 2
Loading