2.0.1 (2026-04-07)
- remove forbidden author field, add SECURITY.md (c17af17)
2.0.0 (2026-03-30)
- bump vite to 7.3.2 and picomatch to 4.0.4 (security) (deps)
- fix!: harden crypto primitives, remove phantom dependencies (5fdfa44)
- hashToScalar now length-prefixes each part before concatenation, preventing ambiguous input collisions. Existing proofs will not verify with this version.
- hexToScalar rejects non-canonical scalars >= curve order N
- hashToScalar adds 4-byte big-endian length prefix per part
- Remove circular self-dependency (@forgesworn/range-proof)
- Remove phantom @forgesworn/ring-sig dependency
- Restore accidentally deleted src/range-proof.ts
1.1.0 (2026-03-30)
- upgrade @noble/curves and @noble/hashes to v2 (4ac3f8a)
1.0.4 (2026-03-25)
- remove broken example (API signatures mismatched) (e3ccbcc)
1.0.3 (2026-03-20)
- correct copyright to ForgeSworn (b1b316f)
1.0.2 (2026-03-19)
- require expected policy in proof verification (9ca8084)
1.0.1 (2026-03-18)
- add credential file patterns to .gitignore (1098889)
- address re-review findings (03280e9)
- early-reject oversized context strings before UTF-8 conversion (98d8adf)
- harden input validation, prevent prototype pollution in deserialiser (81a12ac)
- pin GitHub Actions to SHA, remove unused permissions, pin npm version (f9c8209)
- security audit — bind commitment to sub-proofs, sanitise errors, validate inputs (abbb03b)