Skip to content

build(deps): bump @noble/ciphers from 1.3.0 to 2.0.1 #8391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump @noble/ciphers from 1.3.0 to 2.0.1 #8391

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025
edited by pr-codex bot
Loading

Bumps @noble/ciphers from 1.3.0 to 2.0.1.

Release notes

Sourced from @​noble/ciphers's releases.

2.0.1

  • Disable extension-less imports. If you've used /chacha, switch to /chacha.js now. See 2.0.0 for more details.
  • package.json: specify exported submodules to ensure typescript autocompletion

GitHub Immutable Releases

This GH release does not include NPM & JSR attestations, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-ciphers@2.0.0...2.0.1

2.0.0

High-level

  • The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
    • Node v20.19 is now the minimum required version
    • Package imports now work correctly in bundler-less environments, such as browsers
    • Reduces npm package size (traffic consumed): 118KB => 99KB
    • Reduces unpacked npm size (on-disk space): 753KB => 458KB
  • Make bundle sizes smaller, compared to v1.x
  • .js extension must be used for all modules
    • Old: @noble/ciphers/aes
    • New: @noble/ciphers/aes.js
    • This simplifies working in browsers natively without transpilers

Changes

  • webcrypto: move randomBytes and managedNonce to utils.js
  • ghash, poly1305, polyval: only allow Uint8Array as hash inputs, prohibit string
  • utils: new abytes; remove ahash, toBytes
  • Remove modules _assert (use utils), _micro and crypto (use webcrypto)
  • Upgrade typescript compilation env to ts5.9 and es2022
  • Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-ciphers@1.3.0...2.0.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

PR-Codex overview

This PR focuses on updating dependency versions in the package.json and pnpm-lock.yaml files for the vault-sdk package, enhancing compatibility and security.

Detailed summary

  • Updated @noble/ciphers from ^1.2.1 to ^2.0.1.
  • Updated next dependency version from 15.3.5 with a new @babel/core version 7.28.5.
  • Updated @babel/core, @babel/generator, and various other Babel-related packages to version 7.28.5.
  • Updated zod from 3.25.75 to 4.1.12.
  • Updated several dependencies in pnpm-lock.yaml including @expo/osascript, @expo/package-manager, and others to their latest versions.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@dependabot
build(deps): bump @noble/ciphers from 1.3.0 to 2.0.1
a1cdbe1 
Bumps [@noble/ciphers](https://github.com/paulmillr/noble-ciphers) from 1.3.0 to 2.0.1.
- [Release notes](https://github.com/paulmillr/noble-ciphers/releases)
- [Commits](paulmillr/noble-ciphers@1.3.0...2.0.1)

---
updated-dependencies:
- dependency-name: "@noble/ciphers"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 10, 2025
@changeset-bot
Copy link

changeset-bot bot commented Nov 10, 2025

⚠️ No Changeset found

Latest commit: a1cdbe1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Nov 10, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
docs-v2 Ready Ready Preview Comment Nov 10, 2025 8:18pm
nebula Ready Ready Preview Comment Nov 10, 2025 8:18pm
thirdweb_playground Error Error Nov 10, 2025 8:18pm
thirdweb-www Error Error Nov 10, 2025 8:18pm
wallet-ui Ready Ready Preview Comment Nov 10, 2025 8:18pm

@graphite-app
Copy link
Contributor

graphite-app bot commented Nov 10, 2025

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 10, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security
Copy link

socket-security bot commented Nov 10, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​noble/​ciphers@​2.0.110010010086100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code packages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant