chore(deps): bump @noble/curves from 1.9.7 to 2.2.0 in /sdk by dependabot[bot] · Pull Request #119 · marinom2/lightnode

dependabot · 2026-06-11T21:14:46Z

Bumps @noble/curves from 1.9.7 to 2.2.0.

Release notes

Sourced from @noble/curves's releases.

2.2.0

March 2026 self-audit (all files): no major issues found

Audited for spec compliance and security

ed25519: make zip215 verification logic match spec more strictly (spec vectors were not enough)

ed448: turn off zip215 mode by default, use stricter one

schnorr: reduce rand by mod N instead of throwing

math: hardening of sqrt

babyjubjub: use correct curve and curve params

der: improve parsing

bls: improve point decoding

bls, bn: Fix Fp6 / Fp12 order

hash-to-curve: empty dst / count now throws

Apply Object.freeze to most primitives

Other minor hardening

Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+

TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>

This creates incompatibility of code between versions

Previously, it was hard to use and constantly emitted errors similar to TS2345

See typescript#62240 for more context

Implement FROST threshold signatures from RFC 9591

Fix compilation issues on TypeScript v6

Improve tree-shaking, reduce bundle sizes

Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-curves@2.0.1...2.2.0

2.0.1

Disable extension-less imports. If you've used /ed25519, switch to /ed25519.js now. See 2.0.0 for more details.

package.json: specify exported submodules to ensure typescript autocompletion

package.json: bump hashes to 2.0.1 with scrypt & pkg.json changes

ed25519: export map_to_curve_elligator2_curve25519 paulmillr/noble-curves#211

bls: try-catch pairingBatch in bls12_381.verify() by @MegaManSec in paulmillr/noble-curves#212

fft: expose extra info in rootsOfUnity

New Contributors

@MegaManSec made their first contribution in paulmillr/noble-curves#212

GitHub Immutable Releases

This GH release does not include standalone noble-curves.js: use 2.0.0 for now, until we upgrade to newly added Immutable Releases

Full Changelog: paulmillr/noble-curves@2.0.0...2.0.1

2.0.0

High-level

v2 massively simplifies internals, improves security, reduces bundle size and lays path for the future. To simplify upgrading, upgrade first to curves 1.9.x. It would show deprecations in vscode-like text editor.

... (truncated)

Commits

043905d Release 2.2.0.
aa55711 Add more tests for wnaf
1574a6c Remove unused argument from multiplyUnsafe
ea1c7b3 Fix typo in createOPRF. gh-234
22057a1 Merge pull request #235 from ChALkeR/chalker/deepview/endo/0
d04fb69 Merge pull request #236 from ChALkeR/patch-4
8041fec Inline toAffine and assertPointValid
76b26be fix a misleading comment
df0ccf4 Bump noble-hashes to 2.2.0
3e5f1b8 Run prettier format on tests
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @noble/curves since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@noble/curves](https://github.com/paulmillr/noble-curves) from 1.9.7 to 2.2.0. - [Release notes](https://github.com/paulmillr/noble-curves/releases) - [Commits](paulmillr/noble-curves@1.9.7...2.2.0) --- updated-dependencies: - dependency-name: "@noble/curves" dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-06-11T21:14:49Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
lightnode	Error		Jun 11, 2026 9:15pm

Supersedes the dependabot bumps (#118 @noble/ciphers, #119 @noble/curves, #120 typescript) with the actual code migration they need: - @noble/curves ^2 / @noble/ciphers ^2: import paths move to the v2 exports (@noble/curves/nist.js, @noble/ciphers/aes.js, matching what the wallet already runs), and the point class rename ProjectivePoint -> Point with fromHex(bytes) -> fromBytes(bytes) in importPublicKey. getPublicKey / getSharedSecret signatures are unchanged, so the wire format is identical (verified: ECDH still agrees, AES-GCM round-trips, points validate). - typescript ^6: add @types/node and an explicit types:[node] in tsconfig, which TS6 now requires for the node built-ins the CLI/crypto guard-import (process, node:crypto, node:fs/promises). SDK build clean, root typecheck clean, 507 root tests pass.

marinom2 · 2026-06-12T07:22:40Z

Superseded by #130 (full @noble v2 migration in lightnode-sdk 0.19.1).

dependabot · 2026-06-12T07:22:43Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 11, 2026

vercel Bot had a problem deploying to Preview June 11, 2026 21:15 Failure

marinom2 mentioned this pull request Jun 12, 2026

chore(sdk): 0.19.1 - migrate to @noble v2 and TypeScript 6 #130

Merged

marinom2 closed this Jun 12, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/sdk/noble/curves-2.2.0 branch June 12, 2026 07:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump @noble/curves from 1.9.7 to 2.2.0 in /sdk#119

chore(deps): bump @noble/curves from 1.9.7 to 2.2.0 in /sdk#119
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sdk/noble/curves-2.2.0

dependabot Bot commented on behalf of github Jun 11, 2026

Uh oh!

vercel Bot commented Jun 11, 2026 •

edited

Loading

Uh oh!

marinom2 commented Jun 12, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 11, 2026

2.2.0

2.0.1

New Contributors

GitHub Immutable Releases

2.0.0

High-level

Uh oh!

vercel Bot commented Jun 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

marinom2 commented Jun 12, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

vercel Bot commented Jun 11, 2026 •

edited

Loading