Skip to content

fix(deps): update dependency @noble/ciphers to v2 #6886

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: v2.0
Choose a base branch
from
Open

fix(deps): update dependency @noble/ciphers to v2 #6886

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 31, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Change Age Confidence
@noble/ciphers (source) 1.3.0 -> 2.0.1 age confidence

Release Notes

paulmillr/noble-ciphers (@​noble/ciphers)

v2.0.1

Compare Source

  • Disable extension-less imports. If you've used /chacha, switch to /chacha.js now. See 2.0.0 for more details.
  • package.json: specify exported submodules to ensure typescript autocompletion
GitHub Immutable Releases

This GH release does not include NPM & JSR attestations, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-ciphers@2.0.0...2.0.1

v2.0.0

Compare Source

High-level
  • The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
    • Node v20.19 is now the minimum required version
    • Package imports now work correctly in bundler-less environments, such as browsers
    • Reduces npm package size (traffic consumed): 118KB => 99KB
    • Reduces unpacked npm size (on-disk space): 753KB => 458KB
  • Make bundle sizes smaller, compared to v1.x
  • .js extension must be used for all modules
    • Old: @noble/ciphers/aes
    • New: @noble/ciphers/aes.js
    • This simplifies working in browsers natively without transpilers
Changes
  • webcrypto: move randomBytes and managedNonce to utils.js
  • ghash, poly1305, polyval: only allow Uint8Array as hash inputs, prohibit string
  • utils: new abytes; remove ahash, toBytes
  • Remove modules _assert (use utils), _micro and crypto (use webcrypto)
  • Upgrade typescript compilation env to ts5.9 and es2022
  • Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-ciphers@1.3.0...2.0.0

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security Socket Security
Copy link

socket-security bot commented Aug 31, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​noble/​ciphers@​2.0.110010010092100

View full report

@renovate renovate bot force-pushed the renovate/noble-ciphers-2.x branch 3 times, most recently from a2f3971 to 8018d4c Compare September 10, 2025 17:44
@renovate renovate bot force-pushed the renovate/noble-ciphers-2.x branch 9 times, most recently from 7c13da4 to 6aa5756 Compare September 18, 2025 13:31
@renovate renovate bot force-pushed the renovate/noble-ciphers-2.x branch 3 times, most recently from 9144864 to 82e0545 Compare September 26, 2025 12:20
@renovate renovate bot force-pushed the renovate/noble-ciphers-2.x branch from 82e0545 to 62e98bf Compare September 30, 2025 13:52
@renovate renovate bot force-pushed the renovate/noble-ciphers-2.x branch from 62e98bf to e732529 Compare October 3, 2025 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants