chore(deps): bump @noble/curves from 1.9.7 to 2.2.0

[dependabot]

Bumps @noble/curves from 1.9.7 to 2.2.0.

Release notes

Sourced from @​noble/curves's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • ed25519: make zip215 verification logic match spec more strictly (spec vectors were not enough)
  • ed448: turn off zip215 mode by default, use stricter one
  • schnorr: reduce rand by mod N instead of throwing
  • math: hardening of sqrt
  • babyjubjub: use correct curve and curve params
  • der: improve parsing
  • bls: improve point decoding
  • bls, bn: Fix Fp6 / Fp12 order
  • hash-to-curve: empty dst / count now throws
  • Apply Object.freeze to most primitives
  • Other minor hardening
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Implement FROST threshold signatures from RFC 9591
• Fix compilation issues on TypeScript v6
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-curves@2.0.1...2.2.0

2.0.1

• Disable extension-less imports. If you've used /ed25519, switch to /ed25519.js now. See 2.0.0 for more details.
• package.json: specify exported submodules to ensure typescript autocompletion
• package.json: bump hashes to 2.0.1 with scrypt & pkg.json changes
• ed25519: export map_to_curve_elligator2_curve25519 paulmillr/noble-curves#211
• bls: try-catch pairingBatch in bls12_381.verify() by @​MegaManSec in paulmillr/noble-curves#212
• fft: expose extra info in rootsOfUnity

New Contributors

• @​MegaManSec made their first contribution in paulmillr/noble-curves#212

GitHub Immutable Releases

This GH release does not include standalone noble-curves.js: use 2.0.0 for now, until we upgrade to newly added Immutable Releases

Full Changelog: paulmillr/noble-curves@2.0.0...2.0.1

2.0.0

High-level

v2 massively simplifies internals, improves security, reduces bundle size and lays path for the future. To simplify upgrading, upgrade first to curves 1.9.x. It would show deprecations in vscode-like text editor.

... (truncated)

Commits

• 043905d Release 2.2.0.
• aa55711 Add more tests for wnaf
• 1574a6c Remove unused argument from multiplyUnsafe
• ea1c7b3 Fix typo in createOPRF. gh-234
• 22057a1 Merge pull request #235 from ChALkeR/chalker/deepview/endo/0
• d04fb69 Merge pull request #236 from ChALkeR/patch-4
• 8041fec Inline toAffine and assertPointValid
• 76b26be fix a misleading comment
• df0ccf4 Bump noble-hashes to 2.2.0
• 3e5f1b8 Run prettier format on tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/curves since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)