Skip to content

build(deps): bump @noble/curves from 1.9.7 to 2.2.0#357

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/noble/curves-2.2.0
Open

build(deps): bump @noble/curves from 1.9.7 to 2.2.0#357
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/noble/curves-2.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps @noble/curves from 1.9.7 to 2.2.0.

Release notes

Sourced from @​noble/curves's releases.

2.2.0

  • March 2026 self-audit (all files): no major issues found
    • Audited for spec compliance and security
    • ed25519: make zip215 verification logic match spec more strictly (spec vectors were not enough)
    • ed448: turn off zip215 mode by default, use stricter one
    • schnorr: reduce rand by mod N instead of throwing
    • math: hardening of sqrt
    • babyjubjub: use correct curve and curve params
    • der: improve parsing
    • bls: improve point decoding
    • bls, bn: Fix Fp6 / Fp12 order
    • hash-to-curve: empty dst / count now throws
    • Apply Object.freeze to most primitives
    • Other minor hardening
  • Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
    • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
    • This creates incompatibility of code between versions
    • Previously, it was hard to use and constantly emitted errors similar to TS2345
    • See typescript#62240 for more context
  • Implement FROST threshold signatures from RFC 9591
  • Fix compilation issues on TypeScript v6
  • Improve tree-shaking, reduce bundle sizes
  • Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-curves@2.0.1...2.2.0

2.0.1

  • Disable extension-less imports. If you've used /ed25519, switch to /ed25519.js now. See 2.0.0 for more details.
  • package.json: specify exported submodules to ensure typescript autocompletion
  • package.json: bump hashes to 2.0.1 with scrypt & pkg.json changes
  • ed25519: export map_to_curve_elligator2_curve25519 paulmillr/noble-curves#211
  • bls: try-catch pairingBatch in bls12_381.verify() by @​MegaManSec in paulmillr/noble-curves#212
  • fft: expose extra info in rootsOfUnity

New Contributors

GitHub Immutable Releases

This GH release does not include standalone noble-curves.js: use 2.0.0 for now, until we upgrade to newly added Immutable Releases

Full Changelog: paulmillr/noble-curves@2.0.0...2.0.1

2.0.0

High-level

v2 massively simplifies internals, improves security, reduces bundle size and lays path for the future. To simplify upgrading, upgrade first to curves 1.9.x. It would show deprecations in vscode-like text editor.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/curves since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sipher Ready Ready Preview, Comment Jul 4, 2026 12:55am

Bumps [@noble/curves](https://github.com/paulmillr/noble-curves) from 1.9.7 to 2.2.0.
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](paulmillr/noble-curves@1.9.7...2.2.0)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/noble/curves-2.2.0 branch from fdab353 to 76e9a82 Compare July 4, 2026 00:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants