Releases · margelo/react-native-quick-crypto

12 May 20:21

github-actions

v1.1.3

dbf4fb5

Release 1.1.3 Latest

Latest

1.1.3 (2026-05-12)

✨ Features

perf: Add fast path for decodeLatin1() (#1037) (67b3332)
perf: Avoid unnecessary .slice() in Utils.toArrayBuffer() (#1038) (51e20f9)
perf: Use jsi::String::createFromAscii() if possible (#1035) (9e34a72)

Assets 2

07 May 02:19

github-actions

v1.1.2

fb014b5

Release 1.1.2

1.1.2 (2026-05-07)

✨ Features

add randomUUIDv7 (RFC 9562 §5.7) and disableEntropyCache option (#1033) (cacf92a)
add range support to bufferToString() and ab2str() (#1028) (87954b8)
add raw key formats (raw-public, raw-private, raw-seed) (#1034) (33906ca)
add SLH-DSA sign and verify support (#1030) (1e8b312)
add TurboSHAKE and KangarooTwelve digests (#1032) (8254643)
perf: Remove unnecessary construction of native ArrayBuffer (#1015) (c614fe5)
PQC JWK import/export for ML-DSA and ML-KEM (#1016) (e33f183)
PQC PKCS#8 seed validation for ML-DSA and ML-KEM (#1017) (849029a)

🐛 Bug Fixes

deduplicate and canonicalize CryptoKey.usages (#1020) (28be337)
default RSA-PSS saltLength to RSA_PSS_SALTLEN_MAX_SIGN (#1029) (78a047d)
EC named-curve match, on-curve check, uncompressed SPKI export (#1027) (9155523)
Fix include of JSIConverter in HybridUtils.cpp (#1022) (fd5e5d0)
improve subtle.supports per spec, rename KMAC/cSHAKE length → outputLength (#1026) (dcf78c5)
reject SharedArrayBuffer in WebCrypto and getRandomValues (#1019) (39551e4)
required-arg checks, validation ordering, and length=null in subtle (#1024) (5b23b02)
route raw / raw-secret / raw-public per-algorithm in subtle (#1023) (d2c46b1)
throw spec-correct DOMException types in WebCrypto error paths (#1018) (5a10d66)
validate JWK alg/crv/kty per algorithm in subtle.importKey (#1021) (3076769)

📚 Documentation

mark ML-KEM and encapsulate/decapsulate as implemented (#994) (5c78689)

Assets 2

28 Apr 23:38

github-actions

v1.1.1

6074c59

Release 1.1.1

1.1.1 (2026-04-28)

✨ Features - Security Audit Findings and Fixes

security: Phase 0 audit fixes — actively exploitable findings (#982) (7d9b0a9)
security: Phase 1 audit foundation — shared helpers (validateUInt, secureZero, EVP_CIPHER_CTX RAII, typed getUIntOption) (#983) (78a4f9e)
security: Phase 2 audit memory-safety sweep (#984) (e1b306a)
security: Phase 3 audit — TS-boundary validation + WebCrypto hardening (#985) (6870c90)
security: Phase 4 audit — test coverage + 11 impl fixes (#986) (3e06d95)
security: Phase 5 — cross-cutting security audit (CI hardening + tarball trim + audit gate) (#992) (e720ae2)

✨ Features

feature: Add fast path for utf16le encoding in stringToBuffer()/bufferToString() (#981) (391bc6d)

Assets 2

26 Apr 22:40

github-actions

v1.1.0

3efab23

Release 1.1.0

1.1.0 (2026-04-26)

⚠ BREAKING CHANGES

String/Buffer conversion now matches Node.js `Buffer` semantics (#976)

stringToBuffer (and the conversion paths that use it) no longer validates hex input or masks high-bit ASCII characters. Behavior now mirrors Node.js's Buffer.from(str, encoding):

Input	v1.0.19	v1.1.0
`stringToBuffer('abc', 'hex')`	throws	`[0xAB]` (trailing nibble dropped)
`stringToBuffer('zzzz', 'hex')`	throws	`[]` (invalid chars truncate)
`stringToBuffer('über', 'ascii')`	`[0x7C, 0x62, 0x65, 0x72]` (masked to 7-bit)	`[0xFC, 0x62, 0x65, 0x72]` (full byte preserved)

Migration:

If you relied on hex decoding throwing for odd-length or invalid input, validate the string yourself before calling (e.g. /^[0-9a-fA-F]+$/.test(s) && s.length % 2 === 0).
If you relied on ASCII encoding stripping the high bit, switch to an explicit mask or use a different encoding ('utf8' for text, 'latin1' for the previous full-byte-pass-through behavior).

✨ Features

use simdutf for faster string encoding/decoding (#976) (7b9c096)

🐛 Bug Fixes

Bump minimum requirement of nitro to 0.31.2 (peerDeps only) (#980) (ab84046)
use OpenSSL-Universal CocoaPods dependency instead of vendored xcframework (#977) (86273d5)