chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0

[dependabot]

Bumps @noble/hashes from 1.8.0 to 2.2.0.

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

2.0.1

• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers
  • This was planned for 2.0.0, but was accidentally left out
• package.json: specify exported submodules to ensure typescript autocompletion
• scrypt: Fix error message for maxmem check by @​ChALkeR in paulmillr/noble-hashes#121
• scrypt: 4% speed-up by @​ChALkeR in paulmillr/noble-hashes#122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

2.0.0

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 152KB => 136KB
  • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers

Changes

... (truncated)

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/hashes since your current version.

[satyakwok]

Closing — major version bump introducing breaking changes that need targeted upgrade work + manual API migration. Reopen / pick up in dedicated upgrade PR when ready. Dependabot will reopen with subsequent minor/patch bumps in the meantime.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.