Skip to content

chore(deps): update dependency @noble/hashes to v2 #1118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JammingBen merged 2 commits into from
Sep 18, 2025
Merged

chore(deps): update dependency @noble/hashes to v2 #1118

JammingBen merged 2 commits into from
Sep 18, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 26, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
@noble/hashes (source) 1.8.0 -> 2.0.0 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

paulmillr/noble-hashes (@​noble/hashes)

v2.0.0

Compare Source

High-level
  • The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
    • Node v20.19 is now the minimum required version
    • Package imports now work correctly in bundler-less environments, such as browsers
    • Reduces npm package size (traffic consumed): 152KB => 136KB
    • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
  • Make bundle sizes smaller, compared to v1.x
  • .js extension must be used for all modules
    • Old: @noble/hashes/sha3
    • New: @noble/hashes/sha3.js
    • This simplifies working in browsers natively without transpilers
Changes
  • Only allow Uint8Array as hash inputs, prohibit string
    • Strict validation checks improve security
    • To replicate previous behavior, use utils.utf8ToBytes
  • Rename / remove some modules for consistency. Previously, sha384 resided in sha512, which was weird
    • sha256, sha512 => sha2.js (consistent with sha3.js)
    • blake2b, blake2s => blake2.js (consistent with blake3.js, blake1.js)
    • ripemd160, sha1, md5 => legacy.js (all low-security hashes are there)
    • _assert => utils.js
    • crypto internal module got removed: use built-in WebCrypto instead
  • Improve typescript types & option autocomplete
  • Upgrade typescript compilation env to ts5.9 and es2022
  • Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-hashes@1.8.0...2.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/noble-hashes-2.x branch from 65c8ec4 to 3fb8839 Compare August 31, 2025 10:34
@renovate renovate bot force-pushed the renovate/noble-hashes-2.x branch 4 times, most recently from 8f5c015 to 6eacfe1 Compare September 16, 2025 13:52
@renovate
Copy link
Contributor Author

renovate bot commented Sep 16, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@JammingBen JammingBen force-pushed the renovate/noble-hashes-2.x branch from f80a582 to 1fb5a06 Compare September 17, 2025 13:20
@JammingBen JammingBen merged commit 17e1513 into main Sep 18, 2025
28 checks passed
@JammingBen JammingBen deleted the renovate/noble-hashes-2.x branch September 18, 2025 08:00
@openclouders openclouders mentioned this pull request Sep 18, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JammingBen JammingBen JammingBen approved these changes

Assignees

No one assigned

Labels

Type:Dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JammingBen