Skip to content

Bump github.com/onflow/flow-go-sdk from 0.31.3 to 0.38.0#30

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/onflow/flow-go-sdk-0.38.0
Closed

Bump github.com/onflow/flow-go-sdk from 0.31.3 to 0.38.0#30
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/onflow/flow-go-sdk-0.38.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2023

Bumps github.com/onflow/flow-go-sdk from 0.31.3 to 0.38.0.

Release notes

Sourced from github.com/onflow/flow-go-sdk's releases.

v0.38.0

🛠 Improvements

📖 Documentation

New Contributors

Full Changelog: onflow/flow-go-sdk@v0.37.0...v0.38.0

v0.37.0

What's Changed

Other Changes

New Contributors

Full Changelog: onflow/flow-go-sdk@v0.36.0...v0.37.0

v0.36.0

💥 Breaking Changes

Update Crypto version

by @​tarakby in onflow/flow-go-sdk#353

The Flow Go-SDK crypto package is based on the github.com/onflow/flow-go/crypto package. In particular, ECDSA key generation (the keys supported by Flow accounts) is a wrapper around the flow-go/crypto key generation. The underlying package used to implement a very simple deterministic key generation for ECDSA that maps any input seed to a private key using a simple modular reduction. This requires the seed to not only have enough entropy, but to also have its entropy uniformly distributed across all the bits. This is true for a seed that is sampled using a secure RNG. To be safer with low-quality input seeds, the Flow-Go-SDK/crypto used to hash the input seeds to guarantee uniform distribution before invoking flow-go/crypto.

The flow-go/crypto package recently updated its key generation process to a more robust one that requires less constraints from the input seed (onflow/flow-go#3788). The entropy is now extracted from the input seed and then expanded into the required data thanks to a Key derivation Function (KDF). This change means that the flow-go-sdk/crypto no longer needs to implement the safety hashing and can simply invoke the more secure generation from flow-go/crypto. Although the key generation process is still deterministic, the new process maps seeds to different private keys than it used to in the previous version.

If you would like to preserve the private keys you used to find with the previous SDK version, it is always possible to use the method Encode on your private keys. This is an alternative way to storing the seeds. Encode is already implemented in the previous versions and returns a serialization of the private key. Calling DecodePrivateKey on the serialization gets you back to the original key, regardless of the SDK version used. Remember that dealing with seeds or private keys of sensitive assets requires using a safe environment like a secure hardware. flow-go-sdk is a pure software implementation that should not be used for sensitive keys.

Full Changelog: onflow/flow-go-sdk@v0.35.0...v0.36.0

v0.35.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/onflow/flow-go-sdk from 0.31.3 to 0.38.0
7a35a30 
Bumps [github.com/onflow/flow-go-sdk](https://github.com/onflow/flow-go-sdk) from 0.31.3 to 0.38.0.
- [Release notes](https://github.com/onflow/flow-go-sdk/releases)
- [Commits](onflow/flow-go-sdk@v0.31.3...v0.38.0)

---
updated-dependencies:
- dependency-name: github.com/onflow/flow-go-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 30, 2023
@dependabot dependabot bot mentioned this pull request Mar 30, 2023
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 31, 2023

Superseded by #32.

@dependabot dependabot bot closed this Mar 31, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/onflow/flow-go-sdk-0.38.0 branch March 31, 2023 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants