Skip to content

chore(deps): bump @noble/curves from 2.0.1 to 2.2.0#9

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/noble/curves-2.2.0
Open

chore(deps): bump @noble/curves from 2.0.1 to 2.2.0#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/noble/curves-2.2.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 3, 2026
edited
Loading

Bumps @noble/curves from 2.0.1 to 2.2.0.

Release notes

Sourced from @​noble/curves's releases.

2.2.0

  • March 2026 self-audit (all files): no major issues found
    • Audited for spec compliance and security
    • ed25519: make zip215 verification logic match spec more strictly (spec vectors were not enough)
    • ed448: turn off zip215 mode by default, use stricter one
    • schnorr: reduce rand by mod N instead of throwing
    • math: hardening of sqrt
    • babyjubjub: use correct curve and curve params
    • der: improve parsing
    • bls: improve point decoding
    • bls, bn: Fix Fp6 / Fp12 order
    • hash-to-curve: empty dst / count now throws
    • Apply Object.freeze to most primitives
    • Other minor hardening
  • Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
    • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
    • This creates incompatibility of code between versions
    • Previously, it was hard to use and constantly emitted errors similar to TS2345
    • See typescript#62240 for more context
  • Implement FROST threshold signatures from RFC 9591
  • Fix compilation issues on TypeScript v6
  • Improve tree-shaking, reduce bundle sizes
  • Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-curves@2.0.1...2.2.0

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/curves since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 3, 2026
@dependabot
chore(deps): bump @noble/curves from 2.0.1 to 2.2.0
a49c3d2 
Bumps [@noble/curves](https://github.com/paulmillr/noble-curves) from 2.0.1 to 2.2.0.
- [Release notes](https://github.com/paulmillr/noble-curves/releases)
- [Commits](paulmillr/noble-curves@2.0.1...2.2.0)

---
updated-dependencies:
- dependency-name: "@noble/curves"
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/noble/curves-2.2.0 branch from a27501d to a49c3d2 Compare May 6, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants