chore(deps): bump the production-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: @forgesworn/shamir-core, @noble/ciphers and @noble/hashes.

Updates @forgesworn/shamir-core from 1.0.0 to 1.0.3

Release notes

Sourced from @​forgesworn/shamir-core's releases.

v1.0.3

1.0.3 (2026-04-10)

Bug Fixes

• pin release actions to SHA, add .gitignore, remove src/ from npm package (0546c62)
• snapshot share properties, validate threshold metadata, add bounds checks (ff83413)

v1.0.2

1.0.2 (2026-03-31)

Bug Fixes

• add registry-url to release job for OIDC publishing (6839fe8)

v1.0.1

1.0.1 (2026-03-27)

Bug Fixes

• pin release actions to SHA, add .gitignore, remove src/ from npm package (f20c7ad)
• snapshot share properties, validate threshold metadata, add bounds checks (4c19d35)

Changelog

Sourced from @​forgesworn/shamir-core's changelog.

1.0.3 (2026-04-10)

Bug Fixes

• pin release actions to SHA, add .gitignore, remove src/ from npm package (0546c62)
• snapshot share properties, validate threshold metadata, add bounds checks (ff83413)

1.0.2 (2026-03-31)

Bug Fixes

• add registry-url to release job for OIDC publishing (6839fe8)

1.0.1 (2026-03-27)

Bug Fixes

• pin release actions to SHA, add .gitignore, remove src/ from npm package (f20c7ad)
• snapshot share properties, validate threshold metadata, add bounds checks (4c19d35)

Commits

• 50ec504 chore(release): 1.0.3 [skip ci]
• 96a600c merge: security-audit-2026-03-27 -- TOCTOU fix, zeroBytes finally, threshold ...
• c073288 docs: add ecosystem cross-links and discoverability files
• f71bd42 chore(release): 1.0.2 [skip ci]
• 6839fe8 fix: add registry-url to release job for OIDC publishing
• f20c313 chore(release): 1.0.1 [skip ci]
• bf43407 docs: add README and llms.txt for AI discoverability
• f20c7ad fix: pin release actions to SHA, add .gitignore, remove src/ from npm package
• 4c19d35 fix: snapshot share properties, validate threshold metadata, add bounds checks
• 4d1cca3 docs: add README and llms.txt for AI discoverability
• Additional commits viewable in compare view

Updates @noble/ciphers from 2.1.1 to 2.2.0

Release notes

Sourced from @​noble/ciphers's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: ctr from webcrypto submodule used wrong counter wrapping
  • Fix: MAC no longer corrupts oversized outputs
  • Align CMAC API to other MACs
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Fix compilation issues on TypeScript v6
• Zeroization improvements by @​ChALkeR in paulmillr/noble-ciphers#67, paulmillr/noble-ciphers#68
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

Full Changelog: paulmillr/noble-ciphers@2.1.1...2.2.0

Commits

• b097e68 Release 2.2.0.
• 0c24e29 Minor formatting fix
• 7e7ec1e Merge pull request #68 from ChALkeR/patch-2
• 5316f58 fixup: also in chacha
• 953887f fixup: cleanup ciphPlaintext too
• 98b8578 fix: cleanup on salsa tag mismatch
• e160698 Merge pull request #67 from ChALkeR/patch-1
• 3d91c2a Minor formatting fixes
• 400bea0 fix: cleanup in gcm tag mismatch
• 4361ffc Run prettier format on tests
• Additional commits viewable in compare view

Updates @noble/hashes from 2.0.1 to 2.2.0

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/hashes since your current version.