Skip to content

Bump @noble/ed25519 from 3.0.0 to 3.1.0 in /ui#49

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ui/noble/ed25519-3.1.0
Open

Bump @noble/ed25519 from 3.0.0 to 3.1.0 in /ui#49
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ui/noble/ed25519-3.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps @noble/ed25519 from 3.0.0 to 3.1.0.

Release notes

Sourced from @​noble/ed25519's releases.

3.1.0

  • March 2026 self-audit (all files): no major issues found
    • Audited for spec compliance and security
    • Minor code hardening in different places
  • Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
    • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
    • This creates incompatibility of code between versions
    • Previously, it was hard to use and constantly emitted errors similar to TS2345
    • See typescript#62240 for more context
  • Fix sign() in Firefox WebExtension context. Closes gh-120
  • Fix compilation issues on TypeScript v6
  • Improve tree-shaking, reduce bundle sizes
  • Add massive amounts of documentation everywhere

Full Changelog: paulmillr/noble-ed25519@3.0.1...3.1.0

3.0.1

  • Fix a low-severity issue affecting verify
    • An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key
    • Impact: low, primarily systems which rely on non-repudiation
    • Special thanks to folks who've reported the issue: Yituo He (a.k.a. @​HaveYouTall) and @​sunyxedu
  • Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
    • Contributed by @​georg95 in paulmillr/noble-ed25519#117.
    • keygen x 10,594 ops/sec @ 94μs/op => 14,610 ops/sec @ 68μs/op
    • sign x 5,267 ops/sec @ 189μs/op => 7,225 ops/sec @ 138μs/op
    • verify x 1,203 ops/sec @ 830μs/op => 1,972 ops/sec @ 506μs/op

Full Changelog: paulmillr/noble-ed25519@3.0.0...3.0.1

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/ed25519 since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 22, 2026
@dependabot
Bump @noble/ed25519 from 3.0.0 to 3.1.0 in /ui
67b2bec 
Bumps [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/paulmillr/noble-ed25519/releases)
- [Commits](paulmillr/noble-ed25519@3.0.0...3.1.0)

---
updated-dependencies:
- dependency-name: "@noble/ed25519"
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ui/noble/ed25519-3.1.0 branch from 434f70c to 67b2bec Compare April 29, 2026 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants