v1.0.0

1.0.0 (2023-12-03)

Versioning Strategy

The API is stable and has been running in production for many years now, therefore won't be changing.

This library has a single dependency on golang.org/x/crypto. This means that as the version of Go is updated there, this library will roll up it's version to a new minor.
Any CVEs/security patches that come through via dependabot, without a resulting Go version update, will become a patch release.

For example:

• If a version of /x/crypto now requires go@1.28, argon2 will go from v1.0.0 -> v1.1.0.
• If x/crypto releases a version that resolves CVEs with no requirement to upgrade Go, then argon2 will go from v1.0.0 -> v1.0.1.

⚠ BREAKING CHANGES

• deps: bump golang.org/x/crypto from 0.13.0 to 0.16.0 now requires go@v1.18 as a minimum.

Features

• deps: bump golang.org/x/crypto from 0.13.0 to 0.16.0 (8dbc527)

v0.3.4

0.3.4 (2023-09-06)

Miscellaneous Chores

• deps: updates dependencies (efcbcce)

v0.3.3

0.3.3 (2023-07-04)

Build

• deps: updates to golang.org/x/crypto@v0.10.0. (d9c0208)

Bug Fixes

• .github/dependabot: fixes branch targets in dependabot configuration. (64ab947)

v0.3.2

v0.3.2 - 2022-11-18

Changed

• deps: updates to golang.org/x/crypto@v0.3.0.
• .github: adjusts dependabot to file version updates against development.

Full Changelog: v0.3.1...v0.3.2

v0.3.1

v0.3.1 - 2022-11-10

Changed

• deps: updates to golang.org/x/crypto@v0.2.0.

Full Changelog: v0.3.0...v0.3.1

v0.3.0

v0.3.0 - 2022-11-05

Added

• .github: adds support for github actions, codeowners and dependabot.

Changed

• deps: updates to go@1.18 and golang.org/x/crypto@v0.1.0.
• readme: update badges and remove references to travis ci.
• *: update project licensing.

Fixed

• argon2: fixes grammar and comment line length.

Removed

• dep: removes support for dep.
• travis: removes travis configuration.

Full Changelog: v0.2.1...v0.3.0

v0.2.1

v0.2.1 - 2022-02-22

GPG signed release of v0.2.0.

Added

• tests: adds benchmarks to compare the default recommendations.

Changed

• travis: updates to test against go@1.17.
• deps: updates go.mod to go@1.17 and x/crypto to latest. (Thanks @ricochet! 🎉)
• explicitly ignores returned error values under benchmarks (errcheck).
• argon2: updates recommended defaults as described by RFC9106.

v0.1.5

v0.1.5 - 2021-08-06

Changed

• travis: require go >= v1.9
• deps: bumps to the latest version of golang.org/x/crypto.
  • Upgrades to mitigate users importing a vulnerable version of golang.org/x/crypto/ssh that contains CVE-2020-9283.
  • Upgrades to mitigate users importing a vulnerable version of golang.org/x/text that contains CVE-2020-14040.
• travis: updated to test against go 1.12+, migrates to go mod for dependency management.
• travis: forces use of go modules under ci.
• travis: sets go@v1.11.4 as the lowest supported go mod version due to a change in go build.

v0.1.4

re-release of v0.1.3, but fixes bad gpg signing of commits.

v0.1.3

v0.1.3 - 2020-05-22

Changed

• deps: updated x/crypto@master to point to latest commit.
  • This is mainly to mitigate users from CVEs in other x/crypto implementations, namely CVE-2020-7919 (cryptobyte) and CVE-2020-9283 (ssh).
• readme: added a tl;dr section, updated benchmarks.
• readme: show example of the encoded argon2 string.

Removed

• argon2_test: removed bench marking against native bindings to remove dependencies (lhecker/argon2) under go mod.