Releases · rrrodzilla/rusty_paseto

29 May 04:12

v0.7.0

448738a

Latest

Overview

The release of version 0.7.0 includes significant updates to dependencies, extensive refactoring for improved readability and maintainability, and enhancements to cryptographic functionalities. Improvements have also been made to CI/CD workflows to streamline the development process.

Major Changes

Dependency Updates

Updated aes from 0.7.5 to 0.8.4: The ctr feature has been removed as part of this update.
Updated blake2 from 0.9.2 to 0.10.6: Replaced VarBlake2b with Blake2bMac and adjusted methods accordingly.
Updated chacha20poly1305 from 0.9.0 to 0.10.1.
Updated erased-serde from 0.3.16 to 0.4.5.
Updated iso8601 from 0.4.0 to 0.6.1 and uuid from 0.8.2 to 1.8.0.
Updated p384, chacha20, and base64 to the latest versions, improving overall security and performance.

Refactoring and Enhancements

Refactored GitHub Actions workflows: Optimized workflows for testing and linting by using a matrix strategy, allowing tests and linting against multiple feature flags in parallel.
Improved error handling in v4 test vectors: Simplified import statements by using fully qualified paths for better readability.
Enhanced cryptographic capabilities: Implemented encryption keys, ciphertext, and authentication keys for different versions of PASETO tokens (v1, v3, v4), providing better key management and security.
Updated import statements: Cleaned up and streamlined import statements across various modules for better code maintainability.

New Contributors

@EbbDrop made their first contribution in #35

Full Changelog: v0.6.0...v0.7.0

Contributors

EbbDrop

Assets 2

06 Nov 00:00

rrrodzilla

v0.6.0

42718c1

v0.6.0 - bump ed25519-dalek to v2.0 for RUSTSEC-2022-0093

fix: bump ed25519-dalek to v2.0 for RUSTSEC-2022-0093

Update ed25519-dalek dependency from v^1.0.1 to v2.0 to address the security vulnerability described in RUSTSEC-2022-0093. This update is backward-compatible as it does not introduce changes to the public API of rusty-paseto. However given the importance of the update due to its security implications, a minor version bump is used to signal that there has been a notable change in the dependencies that could affect users.

Assets 2

01 Jan 06:12

rrrodzilla

v0.5.0

94b4f54

v0.5.0 - Happy new year!

Now with V3 Public token support. Full API documentation and a boatload of additional unit tests.
One V3 Local implicit assertion bug where the assertion was not getting included in the decrypt procedure preventing V3 Local tokens with implicit assertions from getting decrypted is now fixed.
Happy 2023!

Assets 2