Skip to content

chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript#3

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1
Open

chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps @noble/ed25519 from 2.3.0 to 3.0.1.

Release notes

Sourced from @​noble/ed25519's releases.

3.0.1

  • Fix a low-severity issue affecting verify
    • An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key
    • Impact: low, primarily systems which rely on non-repudiation
    • Special thanks to folks who've reported the issue: Yituo He (a.k.a. @​HaveYouTall) and @​sunyxedu
  • Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
    • Contributed by @​georg95 in paulmillr/noble-ed25519#117.
    • keygen x 10,594 ops/sec @ 94μs/op => 14,610 ops/sec @ 68μs/op
    • sign x 5,267 ops/sec @ 189μs/op => 7,225 ops/sec @ 138μs/op
    • verify x 1,203 ops/sec @ 830μs/op => 1,972 ops/sec @ 506μs/op

Full Changelog: paulmillr/noble-ed25519@3.0.0...3.0.1

3.0.0

v3 brings the package closer to noble-curves v2

  • Most methods now expect Uint8Array, string hex inputs are prohibited
  • Add keygen, keygenAsync method
  • Node v20.19 is now the minimum required version
  • Various small changes for types and Point class
  • etc: hashes are now set in hashes object:
// before
ed.etc.sha512Sync = (...m: Uint8Array[]) => sha512(ed.etc.concatBytes(...m));
ed.etc.sha512Async = (...m: Uint8Array[]) => Promise.resolve(sha512(ed.etc.concatBytes(...m)));
// after
ed.hashes.sha512 = sha512;
ed.hashes.sha512Async = (m: Uint8Array) => Promise.resolve(sha512(m));

New Contributors

Full Changelog: paulmillr/noble-ed25519@2.3.0...3.0.0

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/ed25519 since your current version.

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 26, 2026

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1 branch from baac886 to 96ef17a Compare March 27, 2026 01:39
@dependabot
chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript
f126c2b 
Bumps [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) from 2.3.0 to 3.0.1.
- [Release notes](https://github.com/paulmillr/noble-ed25519/releases)
- [Commits](paulmillr/noble-ed25519@2.3.0...3.0.1)

---
updated-dependencies:
- dependency-name: "@noble/ed25519"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1 branch from 96ef17a to f126c2b Compare March 27, 2026 01:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants