Skip to content

deps: Bump libsodium from 1.0.20.1 to 1.0.22#611

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/libsodium-1.0.22
Open

deps: Bump libsodium from 1.0.20.1 to 1.0.22#611
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/libsodium-1.0.22

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Updated libsodium from 1.0.20.1 to 1.0.22.

Release notes

Sourced from libsodium's releases.

1.0.22

Version 1.0.22

This point release includes all the changes from 1.0.21-stable, plus:

  • Post-quantum key encapsulation is now available. ML-KEM768, the
    NIST-standardized lattice-based KEM, is accessible through the
    crypto_kem_mlkem768_*() functions.
  • X-Wing, a hybrid KEM combining ML-KEM768 with X25519 for protection
    against both classical and quantum adversaries, is available through the
    crypto_kem_*() functions. X-Wing is the recommended KEM for most
    applications.
  • SHA-3 hash functions are now available as crypto_hash_sha3256_*()
    and crypto_hash_sha3512_*(), with both one-shot and streaming APIs.

Version 1.0.21-stable

  • Performance: NEON optimizations for Argon2 on ARM platforms.
  • Performance: SHA3 (Keccak1600) now leverages ARM SHA3 instructions when
    available on ARM platforms.
  • Performance: WebAssembly SIMD implementations of Argon2 have been added.
  • Emscripten: LTO is now disabled. With Emscripten 4, LTO produced
    WebAssembly modules with functions that ran significantly slower than
    without it.
  • Emscripten: a new option allows compilation with SIMD support.
  • Emscripten: native ESM module generation is now supported.
  • JavaScript sumo builds now allow up to 80 MiB memory usage, so that
    crypto_pwhash with the interactive settings can be used in pure
    JavaScript, not just WebAssembly.
  • XOF state alignment has been relaxed.
  • crypto_core_keccak1600_state has been added.
  • Export missing crypto_ipcrypt_nd_keygen() helper function.
  • crypto_auth_hmacsha256_init and crypto_auth_hmacsha512_init now
    accept NULL key pointers (with a zero key length), for consistency with
    other _init functions.
  • apple-xcframework: headers are now in a Clibsodium subdirectory
    to prevent module.modulemap collisions with other xcframeworks.
  • Fixed compilation with GCC on aarch64 and gcc 4.x.
  • On aarch64, aes256-gcm is now enabled even when not using clang,
    including MSVC.
  • Added compatibility with Visual Studio 2026 when toolsets do not
    define PlatformToolsetVersion.
  • Libsodium can be directly used as a dependency in a Zig project.
  • Performance of MSVC builds has been improved.

1.0.21

  • Version 1.0.21
    This point release includes all the changes from 1.0.20-stable, which include a security fix for the crypto_core_ed25519_is_valid_point() function, as well as two new sets of functions:

    • The new crypto_ipcrypt_* functions implement mechanisms for securely encrypting and anonymizing IP addresses.
    • The sodium_bin2ip and sodium_ip2bin helper functions have been added to complement the crypto_ipcrypt_* functions and easily convert addresses between bytes and strings.
    • XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are standard extendable output functions. From input of any length, they can derive output of any length with the same properties as hash functions. These primitives are required by many post-quantum mechanisms, but can also be used for a wide range of applications, including key derivation, session encryption and more.

  • Version 1.0.20-stable

    • XCFramework: cross-compilation is now forced on Apple Silicon to avoid Rosetta-related build issues
    • The Fil-C compiler is supported out of the box
    • The CompCert compiler is supported out of the box
    • MSVC 2026 (Visual Studio 2026) is now supported
    • Zig builds now support FreeBSD targets
    • Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers
    • Android binaries have been added to the NuGet package
    • Windows ARM binaries have been added to the NuGet package
    • The Android build script has been improved. The base SDK is now 27c, and the default platform is 21, supporting 16 KB page sizes.
    • The library can now be compiled with Zig 0.15 and Zig 0.16
    • Zig builds now generate position-independent static libraries by default on targets that support PIC
    • arm64e builds have been added to the XCFramework packages
    • XCFramework packages are now full builds instead of minimal builds
    • MSVC builds have been enabled for ARM64
    • iOS 32-bit (armv7/armv7s) support has been removed from the XCFramework build script
    • Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options.
    • Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup
    • ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero
    • A cross-compilation issue with old clang versions has been fixed
    • JavaScript: support for Cloudflare Workers has been added
    • JavaScript: WASM_BIGINT is forcibly disabled to retain compatibility with older runtimes
    • A compilation issue with old toolchains on Solaris has been fixed
    • crypto_aead_aes256gcm_is_available is exported to JavaScript
    • libsodium is now compatible with Emscripten 4.x
    • Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete
    • Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation.

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps: Bump libsodium from 1.0.20.1 to 1.0.22
7e411c0 
---
updated-dependencies:
- dependency-name: libsodium
  dependency-version: 1.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Apr 13, 2026
@dependabot dependabot Bot mentioned this pull request Apr 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants