Skip to content

chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript#3

Merged
Jeshua Ben Joseph (Theaxiom) merged 1 commit intomainfrom
dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1
Mar 29, 2026
Merged

chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript#3
Jeshua Ben Joseph (Theaxiom) merged 1 commit intomainfrom
dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps @noble/ed25519 from 2.3.0 to 3.0.1.

Release notes

Sourced from @​noble/ed25519's releases.

3.0.1

  • Fix a low-severity issue affecting verify
    • An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key
    • Impact: low, primarily systems which rely on non-repudiation
    • Special thanks to folks who've reported the issue: Yituo He (a.k.a. @​HaveYouTall) and @​sunyxedu
  • Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
    • Contributed by @​georg95 in paulmillr/noble-ed25519#117.
    • keygen x 10,594 ops/sec @ 94μs/op => 14,610 ops/sec @ 68μs/op
    • sign x 5,267 ops/sec @ 189μs/op => 7,225 ops/sec @ 138μs/op
    • verify x 1,203 ops/sec @ 830μs/op => 1,972 ops/sec @ 506μs/op

Full Changelog: paulmillr/noble-ed25519@3.0.0...3.0.1

3.0.0

v3 brings the package closer to noble-curves v2

  • Most methods now expect Uint8Array, string hex inputs are prohibited
  • Add keygen, keygenAsync method
  • Node v20.19 is now the minimum required version
  • Various small changes for types and Point class
  • etc: hashes are now set in hashes object:
// before
ed.etc.sha512Sync = (...m: Uint8Array[]) => sha512(ed.etc.concatBytes(...m));
ed.etc.sha512Async = (...m: Uint8Array[]) => Promise.resolve(sha512(ed.etc.concatBytes(...m)));
// after
ed.hashes.sha512 = sha512;
ed.hashes.sha512Async = (m: Uint8Array) => Promise.resolve(sha512(m));

New Contributors

Full Changelog: paulmillr/noble-ed25519@2.3.0...3.0.0

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/ed25519 since your current version.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 26, 2026

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1 branch 2 times, most recently from 96ef17a to f126c2b Compare March 27, 2026 01:50
@dependabot
chore(deps): bump @noble/ed25519 from 2.3.0 to 3.0.1 in /sdk/typescript
b5bba4e 
Bumps [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) from 2.3.0 to 3.0.1.
- [Release notes](https://github.com/paulmillr/noble-ed25519/releases)
- [Commits](paulmillr/noble-ed25519@2.3.0...3.0.1)

---
updated-dependencies:
- dependency-name: "@noble/ed25519"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1 branch from f126c2b to b5bba4e Compare March 29, 2026 23:57
@Theaxiom Jeshua Ben Joseph (Theaxiom) merged commit 0b11963 into main Mar 29, 2026
2 of 5 checks passed
@Theaxiom Jeshua Ben Joseph (Theaxiom) deleted the dependabot/npm_and_yarn/sdk/typescript/noble/ed25519-3.0.1 branch March 29, 2026 23:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Theaxiom