Skip to content

fix(deps): update dependency @noble/curves to v2#951

Closed
renovate[bot] wants to merge 1261 commits into
mainfrom
renovate/noble-curves-2.x
Closed

fix(deps): update dependency @noble/curves to v2#951
renovate[bot] wants to merge 1261 commits into
mainfrom
renovate/noble-curves-2.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 3, 2026

This PR contains the following updates:

Package Change Age Confidence
@noble/curves (source) ^1.8.0^2.0.0 age confidence

Release Notes

paulmillr/noble-curves (@​noble/curves)

v2.0.1

Compare Source

  • Disable extension-less imports. If you've used /ed25519, switch to /ed25519.js now. See 2.0.0 for more details.
  • package.json: specify exported submodules to ensure typescript autocompletion
  • package.json: bump hashes to 2.0.1 with scrypt & pkg.json changes
  • ed25519: export map_to_curve_elligator2_curve25519 #​211
  • bls: try-catch pairingBatch in bls12_381.verify() by @​MegaManSec in #​212
  • fft: expose extra info in rootsOfUnity

New Contributors

GitHub Immutable Releases

This GH release does not include standalone noble-curves.js: use 2.0.0 for now, until we upgrade to newly added Immutable Releases

Full Changelog: paulmillr/noble-curves@2.0.0...2.0.1

v2.0.0

Compare Source

High-level

v2 massively simplifies internals, improves security, reduces bundle size and lays path for the future. To simplify upgrading, upgrade first to curves 1.9.x. It would show deprecations in vscode-like text editor.

  • The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
    • Node v20.19 is now the minimum required version
    • Package imports now work correctly in bundler-less environments, such as browsers
    • Reduces npm package size (traffic consumed): 354KB => 300KB
    • Reduces unpacked npm size (on-disk space): 2.1MB => 1.2MB
  • Make bundle sizes smaller, compared to v1.x: -4KB for schnorr, -5.3KB for ristretto255, -9.4KB for x448
  • .js extension must be used for all modules
    • Old: @noble/curves/ed25519
    • New: @noble/curves/ed25519.js
    • This simplifies working in browsers natively without transpilers
New features
  • webcrypto: create friendly noble-like wrapper over built-in WebCrypto
  • oprf: implement RFC 9497 OPRFs (oblivious pseudorandom functions)
    • We support p256, p384, p521, ristretto255 and decaf44
  • weierstrass, edwards: add isValidSecretKey, isValidPublicKey
  • misc: add Brainpool curves: brainpoolP256r1, brainpoolP384r1, brainpoolP512r1
Changes
  • Most methods now expect Uint8Array, string hex inputs are prohibited
    • The change simplifies reasoning, improves security and reduces malleability
    • Point.fromHex now expects string-only hex inputs, use Point.fromBytes for Uint8Array
  • Breaking changes of ECDSA (secp256k1, p256, p384...):
    • sign, verify: Switch to prehashed messages. Instead of
      messageHash, the methods now expect unhashed message.
      To bring back old behavior, use option {prehash: false}
    • sign, verify: Switch to lowS signatures by default.
      This change doesn't affect secp256k1, which has been using lowS since beginning.
      If you tested against specific sign / verify vectors, upgrading to v2 would fail, unless old behavior is brought back.
      To bring back old behavior, use option {lowS: false}
    • sign, verify: Switch to Uint8Array signatures (format: 'compact') by default.
    • verify: der format must be explicitly specified in {format: 'der'}.
      This reduces malleability
    • verify: prohibit Signature-instance signature. User must now always do
      signature.toBytes()
  • Breaking changes of BLS signatures (bls12-381, bn254):
    • Move getPublicKey, sign, verify, signShortSignature etc into two new namespaces:
      bls.longSignatures (G1 pubkeys, G2 sigs) and bls.shortSignatures (G1 sigs, G2 pubkeys).
    • verifyBatch now expects array of inputs {message: ..., publicKey: ...}[]
  • Curve changes:
    • Massively simplify curve creation, split it into point creation & sig generator creation
    • New methods are weierstrass() + ecdsa() / edwards() + eddsa()
    • weierstrass / edwards expect simplified curve params (Fp became p)
    • ecdsa / eddsa expect Point class and hash
    • Remove unnecessary Fn argument in pippenger
  • modular changes:
    • Field#fromBytes() now validates elements to be in 0..order-1 range
  • Upgrade typescript compilation env to ts5.9 and es2022
  • Massively improve error messages, make them more descriptive
Renamings
  • Module changes
    • p256, p384, p521 modules have been moved into nist
    • jubjub module has been moved into misc
  • Point changes
    • ExtendedPoint, ProjectivePoint => Point
    • Point coordinates (projective / extended) from px/ex, py/ey, pz/ez, et => X, Y, Z, T
    • Point.normalizeZ, Point.msm => separate methods in abstract/curve.js submodule
    • Point.fromPrivateKey() got removed, use Point.BASE.multiply() and Point.Fn.fromBytes(secretKey)
    • toRawBytes, fromRawBytes => toBytes, fromBytes
    • RistrettoPoint => ristretto255.Point, DecafPoiont => decaf44.Point
  • Signature (ECDSA) changes
    • toCompactRawBytes, toDERRawBytes => toBytes('compact'), toBytes('der')
    • toCompactHex, toDERHex => toHex('compact'), toHex('der')
    • fromCompact, fromDER => fromBytes(format), fromHex(format)
  • utils changes
    • randomPrivateKey => randomSecretKey
    • utils.precompute, Point#_setWindowSize => Point#precompute
    • edwardsToMontgomery => utils.toMontgomery
    • edwardsToMontgomeryPriv => utils.toMontgomerySecret
  • Rename all curve-specific hash-to-curve methods to *curve*_hasher.
    Example: secp256k1.hashToCurve => secp256k1_hasher.hashToCurve()
  • Massive type renamings and improvements
Removed features
  • Point#multiplyAndAddUnsafe, Point#hasEvenY
  • CURVE property with all kinds of random stuff. Point.CURVE() now replaces it, but only provides
    curve parameters
  • Remove pasta, bn254_weierstrass (NOT pairing-based bn254) curves
  • Field.MASK
  • utils.normPrivateKeyToScalar

Full Changelog: paulmillr/noble-curves@1.9.6...2.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

yannickmonney and others added 30 commits March 20, 2026 11:28
@yannickmonney
update metadata
6119803
@larryro
feat(platform): workflow human input approvals (#821)
d9f6514
@yannickmonney
Configure Mintlify documentation theme and metadata (#822)
80c7a53
@Israeltheminer
fix(conversations): fix email preview mangling newsletter content (#823)
4465f01
@Israeltheminer
feat(conversations): bulk spam/unspam and query optimizations (#824)
57a2157
@larryro
Add 'Something else' option to human input cards (#825)
f395e98
@larryro
feat(platform): workflow schema validation, knowledge scoping, and ap…
88c88d7 
…proval types (#826)
@larryro
feat(platform): nested workflow schemas and arg normalization (#827)
7b282f1
@Israeltheminer
feat(platform): entity count footer and delete dialog fix (#829)
96bc45d
@larryro
feat(platform): resolve agent from thread metadata and fix workflow o…
8d78044 
…utput extraction (#828)
@larryro
feat(platform): simplify chat auto-scroll and fix streaming markdown …
9e14c48 
…flicker (#830)
@larryro
feat(platform): thread status indicators and markdown approval cards (#…
1ed3409 
…831)
@larryro
Extract human input fields component and enhance input request flow (#…
85ce7ef 
…832)
@larryro
feat(platform): document list operation, unified fileId, and output m…
d1b473c 
…apping (#833)
@larryro
feat: Red Flag DD workflow, unified file_id, and document-file linking (
7966de8 
#834)
@larryro
feat(platform): user context template variables for agent prompts (#835)
07a0b2f
@yannickmonney
Update theme and branding in docs.json (#837)
39d19c6
@yannickmonney
Remove unused background decoration field (#838)
5b2257e
@larryro
feat(platform): persistent chat, scroll-intent, typewriter, and syste…
71a3c9b 
…m message tags (#836)
@yannickmonney
Configure documentation site with new logo and navigation (#839)
418f5db
@larryro
Support <details> elements in chat markdown (#840)
f82a46a
@larryro
feat(platform): add request user location agent tool (#841)
f0e034e
@larryro
fix(platform): add horizontal padding to chat system messages (#842)
8af8457
@larryro
feat(platform): improve chat markdown rendering and scroll behavior (#…
732dd1e 
…843)
@larryro
Remove verify_approval tool, file preprocessing, and fix agent stabil…
8982d42 
…ity (#844)
@larryro
Improve generation cancellation with state-driven detection (#845)
adf3b38
@larryro
Rename agent tool properties and switch to OpenAI-compatible provider (
b640198 
…#846)
@renovate
chore(deps): update dependency bun to v1.3.11 (#848)
8d0610d 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@larryro
fix(platform): use neutral style for workflow system messages
423f637 
Workflow completed/created/updated messages used the green 'success'
banner which visually clashed with the chat UI. Switch to 'info' style
to match other workflow system messages like workflow started.
@larryro
fix(platform): update system-message-tags test for info display style
992bc5a 
Align test expectations with 423f637 which changed workflow
completed/created/updated tags from 'success' to 'info'.
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch from 67532ed to 65ccca5 Compare April 7, 2026 22:54
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch from 65ccca5 to 31d0426 Compare April 7, 2026 22:57
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch 2 times, most recently from 1d32dbe to f6bab3a Compare April 7, 2026 23:03
@yannickmonney
fix(platform): resolve knip, lint, typecheck, and test failures
ff08f21 
- Remove unused exports DOCUMENT_UPLOAD_ALLOWED_TYPES and
  DOCUMENT_UPLOAD_ALLOWED_EXTENSIONS (knip)
- Remove unused SqlIntegrationResult import (lint)
- Fix status field types in product/customer edit dialogs to use
  enum literals instead of plain string
- Fix conversation list helper ts-expect-error placement
- Add type annotation to get_user_organizations filter callback
- Default rowCount/duration to 0 in SQL integration result
- Add Link mock to login form test for router compatibility
- Update customer edit test expectations to include status field
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch from f6bab3a to 18be15c Compare April 8, 2026 01:19
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch from 18be15c to 097c0d2 Compare April 8, 2026 08:12
@renovate renovate Bot force-pushed the renovate/noble-curves-2.x branch from 097c0d2 to 52da791 Compare April 8, 2026 08:15
@yannickmonney
fix(platform): resolve lint errors blocking Renovate PRs
55b0bc2 
Remove unnecessary non-null assertions in data-table tests and suppress
no-unsafe-type-assertion for Select status callbacks constrained by options.
@yannickmonney yannickmonney force-pushed the renovate/noble-curves-2.x branch from 52da791 to 9c5dd22 Compare April 8, 2026 08:17
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Apr 8, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate Bot and others added 3 commits April 8, 2026 10:30
@renovate
chore(deps): update storybook monorepo to v10.3.5 (#1017)
26d41ec 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @yannickmonney
chore(deps): update dependency oxfmt to ^0.44.0 (#940)
86b0e8a 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: methosiea <ym@tale.dev>
@renovate @yannickmonney
fix(deps): update dependency @milkdown/react to v7.20.0 (#642)
e3bbf17 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: methosiea <ym@tale.dev>
@yannickmonney yannickmonney force-pushed the renovate/noble-curves-2.x branch from fba5d74 to 7d8f2ad Compare April 8, 2026 08:47
@yannickmonney yannickmonney force-pushed the renovate/noble-curves-2.x branch from 7d8f2ad to 8755534 Compare April 8, 2026 08:57
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Apr 8, 2026

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 2.x releases. But if you manually upgrade to 2.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@yannickmonney @larryro @Israeltheminer @naveed-jameel-comsian @AdeolaAdekoya @saifaliunity