Bump @cosmjs/encoding from 0.34.0 to 0.36.1 in /packages/xchain-cosmos

[dependabot]

Bumps @cosmjs/encoding from 0.34.0 to 0.36.1.

Release notes

Sourced from @​cosmjs/encoding's releases.

0.36.0

Encrypted wallet serialization deprecated!

• The use of encrypted wallet storage is deprecated. In particular this means:

  • Secp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • Secp256k1HdWallet.deserialize/.deserializeWithEncryptionKey
  • DirectSecp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • DirectSecp256k1HdWallet.deserialize/.deserializeWithEncryptionKey

  If you are using any of those methods, please comment at cosmos/cosmjs#1796.

  A scream test was established which slows down the key derivation function a lot. This simulates the use of a pure-JS implementation of Argon2 which we will use on one of the next releases. If this causes problems for your app, switch back to ^0.35.0 and comment in the issue.

• Migrate from libsodium to different implementation in order to reduce bundle size and improve compatibility.

  • ed25519 now uses @​noble/curves
  • xchacha20poly1305 now uses @​noble/ciphers
  • Argon2 now uses hash-wasm

0.35.0

Cosmos client

• Add timeout option to CometBFT clients
• Avoid unnecessary status request when connecting a Comet38Client, Tendermint37Client or Tendermint34Client
• Upgrade CosmJS types to Cosmos SDK 0.50
• Kill @​cosmjs/cli to reduce maintenance burden
• Fix block result types in CometBFT clients

Modern JS

• Replace bn.js dependency with native bigints
• Modernize codebase for Node.js 20+
• Migrate away from axios to native fetch, reducing bundle size and external dependencies
• Preparation for better ES6 module support
• Replace the Node.js „crypto“ import with native crypto APIs to reduce problems with other environments
• All JS output is now ES2022

CI / tooling

• Migrate all CI jobs from CircleCI to GitHub Actions
• Migrate lint tooling to latest versions of eslint and typescript-eslint

Huge shout out to @​dynst for an enoumous amount of high quality contributions to the 0.35.0 and 0.34.0 releases!

Changelog

Sourced from @​cosmjs/encoding's changelog.

[0.36.1] - 2025-10-02

Fixed

• @​cosmjs/crypto: Fix import path of @​noble/hashes to avoid bunding issue

  Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './sha2.js' is not defined by "exports" in …

  In @​noble/hashes version 1.x the import paths must not contain the .js suffix. This issue was intoduced in CosmJS 0.35.0. (#1817)

#1817: cosmos/cosmjs#1817

[0.36.0] - 2025-08-14

Changed

• Migrate from libsodium to different implementation in order to reduce bundle size and improve compatibility.

  • ed25519 now uses @​noble/curves
  • xchacha20poly1305 now uses @​noble/ciphers
  • Argon2 now uses hash-wasm

  (#1722)

#1722: cosmos/cosmjs#1722

Deprecated

• The use of encrypted wallet storage is deprecated. In particular this means:

  • Secp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • Secp256k1HdWallet.deserialize/.deserializeWithEncryptionKey
  • DirectSecp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • DirectSecp256k1HdWallet.deserialize/.deserializeWithEncryptionKey

  If you are using any of those methods, please comment at cosmos/cosmjs#1796.

  A scream test was established which slows down the key derivation function a lot. This simulates the use of a pure-JS implementation of Argon2 which we will use on one of the next releases. If this causes problems for your app, switch back to ^0.35.0 and comment in the issue.

  (#1797)

#1797: cosmos/cosmjs#1797

... (truncated)

Commits

• ed7774b Set version 0.36.1
• 31e71f9 Remove .js extensions from @​noble/hashes imports (#1817)
• 600f4f9 test: fix typos in RFC3339 and webserver test descriptions (#1801)
• 67234a8 Update libsodium.spec.ts (#1788)
• e76b292 fix(comments): correct typos in test descriptions and comments (#1791)
• 46336b8 Set version 0.36.0
• 7195de5 Merge pull request #1798 from cosmos/finish-up-0.36
• 61139cc Add CHANGELOG
• 7325e10 Use sleep for scream test
• 39e712a Merge pull request #1722 from dynst/desalinate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}