[Snyk] Upgrade ipld from 0.17.4 to 0.25.3

[snyk-bot]

Snyk has created this PR to upgrade ipld from 0.17.4 to 0.25.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 18 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2020-01-13.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-73638	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept
	Prototype Pollution npm:lodash:20180130	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	No Known Exploit

Release notes

Package name: ipld

• 0.25.3 - 2020-01-13
  

  Bug Fixes

  • package: update multicodec to version 1.0.0 (2b661da)
  • package: update typical to version 6.0.0 (2a9506a)
• 0.25.2 - 2019-10-30
  No content.
• 0.25.1 - 2019-10-30
  

  Bug Fixes

  • package: update merge-options to version 2.0.0 (c55c869)
• 0.25.0 - 2019-08-01
  

  Code Refactoring

  • make code promisify free (23de2e4)

  BREAKING CHANGES

  • Everyone upgrading to this release also needs to upgrade
    ipfs-block-service, ipfs-repo and ipld-in-memory.

  This commit uses the new async API of:

  • ipfs-block-service >= 0.16.0
  • ipfs-repo >=0.27.0
  • ipld-in-memory >= 3.0.0

  If your library has a dependency on any of those, you likely also need
  to upgrade to at least those versions.

• 0.24.1 - 2019-05-15
  

  Bug Fixes

  • respect the cidVersion option (b1a3a2a)
• 0.24.0 - 2019-05-10
  

  Chores

  • update dependencies (7232eea)

  BREAKING CHANGES

  • v1 CIDs now default to base32 encoding

  Previous versions returned a base58 encoded string when toString()/
  toBaseEncodedString() was called on a CIDv1. It now returns a base32
  encoded string.

• 0.23.0 - 2019-05-08
  

  Bug Fixes

  • use the cleaned up IPLD Format API (108aef0)

  BREAKING CHANGES

  • All formats now return data according to the IPLD Data Model

  The most important change is that now all formats return links as CID instances
  and no longer as the JSON representation ({"/": "base-encoded-cid"}.

• 0.22.0 - 2019-03-21
  

  Bug Fixes

  • add dynamically loaded format via addFormat() (95536cd)
  • don't throw if it's not a proper old-style link (38be898)
  • error if loadFormat() is not a function (4ad1ee4)
  • use a version of typical where async iterators are supported (43176ca)
  • use promisify-es6 instead of Nodes.js' promisify (79e521c)

  Code Refactoring

  • make _getFormat() async/await (996e9dc)
  • store codecs by their code (d797667)

  Features

  • add single item functions (945fc61)
  • implementation of the new addFormat/removeFormat() functions (12b436b)
  • implementation of the new get() function (743e679)
  • implementation of the new put() function (8b737b1)
  • implementation of the new remove() function (08c1e0e)
  • implementation of the new resolve() function (162473b)
  • implementation of the new tree() function (9801765)
  • make addFormat() and removeFormat() return the instance (5f62fe0)

  BREAKING CHANGES

  • put/get/remove functions are renamed

  This commit introduces single item functions which are called put()/get(),remove().

  In order to put, get or remove multiple items you need to call
  putMany(),getMany()/removeMany() now.

  • This replaces the treeStream() function.

  The API docs for it:

  Returns all the paths that can be resolved into.

  • cid (CID, required): the CID to get the paths from.
  • path (IPLD Path, default: ''): the path to start to retrieve the other paths from.
  • options:
    • recursive (bool, default: false): whether to get the paths recursively or not. false resolves only the paths of the given CID.

  Returns an async iterator of all the paths (as Strings) you could resolve into.

  • They replace the support.add() and support.rm() functions.

  The API docs for it:

  .addFormat(ipldFormatImplementation):

  Add support for an IPLD Format

  • ipldFormatImplementation (IPLD Format, required): the implementation of an IPLD Format.

  .removeFormat(codec):

  Remove support for an IPLD Format

  • codec (multicodec, required): the codec of the IPLD Format to remove.
  • remove() has a new API.

  The API docs for it:

  Remove IPLD Nodes by the given cids

  • cids (Iterable<CID>): the CIDs of the IPLD Nodes that should be
    removed.

  Throws an error if any of the Blocks can’t be removed. This operation is
  not atomic, some Blocks might have already been removed.

  • get() is replacing the getMany() function.

  The API docs for it:

  Retrieve several IPLD Nodes at once.

  • cids (Iterable<CID>): the CIDs of the IPLD Nodes that should be retrieved.

  Returns an async iterator with the IPLD Nodes that correspond to the given cids.

  Throws an error if a IPLD Node can’t be retrieved.

  • The API of put() changes.

  The API docs for it:

  Stores the given IPLD Nodes of a recognized IPLD Format.

  • nodes (Iterable<Object>): deserialized IPLD nodes that should be inserted.
  • format (multicodec, required): the multicodec of the format that IPLD Node should be encoded in.
  • options is applied to any of the nodes and is an object with the following properties:
    • hashAlg (multicodec, default: hash algorithm of the given multicodec): the hashing algorithm that is used to calculate the CID.
    • cidVersion (boolean, default: 1): the CID version to use.
    • onlyHash (boolean, default: false): if true the serialized form of the IPLD Node will not be passed to the underlying block store.

  Returns an async iterator with the CIDs of the serialized IPLD Nodes.

  • The codec parameter in options.loadFormat() is a number

  Instead of returnign the name of the codec as string, the codec code (a number)
  is now returned.

  So if you e.g. check within the function for a certain format, it changes from:

  async loadFormat (codec) {
    if (codec !== 'dag-cbor') …
  }
  

  To:

  async loadFormat (codec) {
    if (codec !== multicodec.DAG_CBOR) …
  }
  

  • your custom format loading function needs
    to be an async now.

  So the signature for options.loadFormat is no longer:

  function (codec, callback)

  but

  async functiont (codec)

  • resolve() replaces parts of get().

  The API docs for it:

  Retrieves IPLD Nodes along the path that is rooted at cid.

  • cid (CID, required): the CID the resolving starts.
  • path (IPLD Path, required): the path that should be resolved.

  Returns an async iterator of all the IPLD Nodes that were traversed during the path resolving. Every element is an object with these fields:

  • remainderPath (string): the part of the path that wasn’t resolved yet.
  • value (*): the value where the resolved path points to. If further traversing is possible, then the value is a CID object linking to another IPLD Node. If it was possible to fully resolve the path, value is the value the path points to. So if you need the CID of the IPLD Node you’re currently at, just take the value of the previously returned IPLD Node.
• 0.21.1 - 2019-01-25
  No content.
• 0.21.0 - 2019-01-16
  

  Code Refactoring

  • remove inMemory util (689afcc), closes #151

  BREAKING CHANGES

  • This module no longer exports an inMemory utility to create an IPLD instance that uses a block service that stores data in memory. Please use the ipld-in-memory module instead.

  License: MIT
  Signed-off-by: Alan Shaw [email protected]

• 0.20.2 - 2018-12-19
• 0.20.1 - 2018-11-19
• 0.20.0 - 2018-11-10
• 0.19.3 - 2018-11-09
• 0.19.2 - 2018-11-07
• 0.19.1 - 2018-10-27
• 0.19.0 - 2018-10-25
• 0.18.0 - 2018-10-12
• 0.17.4 - 2018-09-25

from ipld GitHub release notes

Commit messages

Package name: ipld

• 7cacff7 chore: release version v0.25.3
• 2e1950f chore: update contributors
• 2b661da fix(package): update multicodec to version 1.0.0
• 2c7547f chore(package): update ipfs-repo to version 0.30.1
• 2a9506a fix(package): update typical to version 6.0.0
• 803a94f chore(package): update ipfs-repo to version 0.29.0
• 660a597 chore: release version v0.25.2
• a61357e chore: update contributors
• c189fd4 chore: update dependencies
• d76b263 chore: release version v0.25.1
• 8a7efc9 chore: update contributors
• 4f5845e chore(package): update ipld-zcash to version 0.4.0
• c55c869 fix(package): update merge-options to version 2.0.0
• 1312244 chore(package): update ipfs-repo to version 0.28.0
• 8933c25 chore(package): update ipfs-repo to version 0.27.1
• a703ccb chore(package): update ipld-dag-pb to version 0.18.1
• e74b6e0 chore: fix typo in README ([Snyk] Security upgrade libp2p-websocket-star from 0.8.1 to 0.10.2 #231)
• 90ce57a chore: release version v0.25.0
• 693ac93 chore: update contributors
• 9a3c1d6 chore: update dependencies
• cbb8300 chore: upgrade ipld-dag-pb to newest version
• 23de2e4 refactor: make code promisify free
• 8f20e0f Revert "refactor: make code promisify free"
• 1a98e16 refactor: make code promisify free

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs