Skip to content

chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0#52

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/noble/hashes-2.2.0
Open

chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0#52
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/noble/hashes-2.2.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps @noble/hashes from 1.8.0 to 2.2.0.

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

  • March 2026 self-audit (all files): no major issues found
    • Audited for spec compliance and security
    • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
    • Fix: parallelHash with blockLen=0
    • Fix: argon2 progress callback now reaches 100%
    • Improve: digestInto no longer returns a value (better performance)
    • Improve: argon2, blake2 support non-4-divisible dkLen
  • Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
    • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
    • This creates incompatibility of code between versions
    • Previously, it was hard to use and constantly emitted errors similar to TS2345
    • See typescript#62240 for more context
  • sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
  • Fix compilation issues on TypeScript v6
  • Make package Big Endian friendly. All tests pass on s390x
  • Improve tree-shaking, reduce bundle sizes
  • Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

2.0.1

  • .js extension must be used for all modules
    • Old: @noble/hashes/sha3
    • New: @noble/hashes/sha3.js
    • This simplifies working in browsers natively without transpilers
    • This was planned for 2.0.0, but was accidentally left out
  • package.json: specify exported submodules to ensure typescript autocompletion
  • scrypt: Fix error message for maxmem check by @​ChALkeR in paulmillr/noble-hashes#121
  • scrypt: 4% speed-up by @​ChALkeR in paulmillr/noble-hashes#122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

2.0.0

High-level

  • The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
    • Node v20.19 is now the minimum required version
    • Package imports now work correctly in bundler-less environments, such as browsers
    • Reduces npm package size (traffic consumed): 152KB => 136KB
    • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
  • Make bundle sizes smaller, compared to v1.x
  • .js extension must be used for all modules
    • Old: @noble/hashes/sha3
    • New: @noble/hashes/sha3.js
    • This simplifies working in browsers natively without transpilers

Changes

... (truncated)

Commits
  • 81983c2 Release 2.2.0.
  • 8883d32 Minor syntax fixes
  • e5fedba Run prettier format on tests
  • 72e2083 Changes related to March 2026 audit (new tests)
  • fd9f580 Changes related to March 2026 audit (typed arrays)
  • 9a216b5 Changes related to March 2026 audit
  • 85e35d5 Clarify sha3.
  • cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
  • 46c3129 Bump typescript to 6.0.2
  • ca90465 Bump devdeps.
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/hashes since your current version.

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/noble/hashes-2.2.0 branch 2 times, most recently from fd31d40 to 3f73929 Compare May 5, 2026 07:27
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/noble/hashes-2.2.0 branch from 3f73929 to a2f4529 Compare May 8, 2026 21:46
@dependabot
chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0
2160d98 
Bumps [@noble/hashes](https://github.com/paulmillr/noble-hashes) from 1.8.0 to 2.2.0.
- [Release notes](https://github.com/paulmillr/noble-hashes/releases)
- [Commits](paulmillr/noble-hashes@1.8.0...2.2.0)

---
updated-dependencies:
- dependency-name: "@noble/hashes"
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/noble/hashes-2.2.0 branch from a2f4529 to 2160d98 Compare May 8, 2026 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants