Skip to content

fix(deps): update dependency @noble/hashes to v1.8.0 #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency @noble/hashes to v1.8.0 #244

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 10, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@noble/hashes (source) 1.7.1 -> 1.8.0 age confidence

Release Notes

paulmillr/noble-hashes (@​noble/hashes)

v1.8.0

Compare Source

Preparation for v2

The release contains bugfixes and a few improvements which pave the way for upcoming v2.0.

  • Modules are now available with .js extension
    • Old: @noble/hashes/sha2
    • New: @noble/hashes/sha2.js
    • Old path is still available
    • This simplifies working in browsers natively without transpilers
  • Refactor core functionality, remove duplicate code
  • Decrease package size
Deprecations

In v2, some modules will be removed. For example, sha256 will become sha2. In v1.8, the old names still exist, but are marked as deprecated, to simplify upgrade path.

One of the reasons for moving those was the fact sha384 resided in sha512, sha224 in sha256 - which was confusing. New naming scheme simplifies reasoning and decreases amount of modules.

  • sha256 became sha2 (which already existed for several releases)
  • sha512 became sha2
  • _assert became utils
  • blake2b became blake2
  • blake2s became blake2
  • ripemd160 became legacy (to signify its low security level 2^80)
  • sha1 became legacy

Full Changelog: paulmillr/noble-hashes@1.7.2...1.8.0

v1.7.2

Compare Source

  • legacy: new module, with md5 hash
  • sha1: move to legacy, keep old alias until major release
  • utils: randomBytes should ensure Uint8Array output for old node.js versions
  • utils: use built-in Uint8Array toHex / fromHex when available. Gives 13x speed-up on 256b arrays, 20x speed-up on 32kb arrays
  • Typescript source can now be used without compilation in node.js v24, due to erasableSyntaxOnly

Full Changelog: paulmillr/noble-hashes@1.7.1...1.7.2

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security
Copy link

socket-security bot commented Aug 10, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​noble/​hashes@​1.8.010010010090100

View full report

@renovate renovate bot force-pushed the renovate/noble-hashes-1.x branch 2 times, most recently from 814d451 to 18e48ae Compare September 29, 2025 15:20
@renovate renovate bot force-pushed the renovate/noble-hashes-1.x branch from 18e48ae to a2d7b6e Compare October 8, 2025 11:54
@renovate renovate bot force-pushed the renovate/noble-hashes-1.x branch from a2d7b6e to 316a5c9 Compare October 21, 2025 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant