Update dependency @noble/ed25519 to v3.1.0 #15

Merged

MarkerBot merged 1 commit from renovate/noble-ed25519-3.x-lockfile into main 2026-04-12 11:00:41 -07:00

Conversation 0 Commits 1 Files changed 1 +3 -3

MarkerBot commented 2026-03-20 19:00:46 -07:00

Member

Copy link

This PR contains the following updates:

Package	Change	Age	Confidence
@noble/ed25519 (source)	3.0.0 → 3.1.0

---

Release Notes

paulmillr/noble-ed25519 (@​noble/ed25519)

v3.1.0

Compare Source

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Minor code hardening in different places
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Fix sign() in Firefox WebExtension context. Closes gh-120
• Fix compilation issues on TypeScript v6
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/3.0.1...3.1.0

v3.0.1

Compare Source

• Fix a low-severity issue affecting verify
  • An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key
  • Impact: low, primarily systems which rely on non-repudiation
  • Special thanks to folks who've reported the issue: Yituo He (a.k.a. @​HaveYouTall) and @​sunyxedu
• Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
  • Contributed by @​georg95 in #​117.
  • keygen x 10,594 ops/sec @​ 94μs/op => 14,610 ops/sec @​ 68μs/op
  • sign x 5,267 ops/sec @​ 189μs/op => 7,225 ops/sec @​ 138μs/op
  • verify x 1,203 ops/sec @​ 830μs/op => 1,972 ops/sec @​ 506μs/op

Full Changelog: https://github.com/paulmillr/noble-ed25519/compare/3.0.0...3.0.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@noble/ed25519](https://paulmillr.com/noble/) ([source](https://github.com/paulmillr/noble-ed25519)) | [`3.0.0` → `3.1.0`](https://renovatebot.com/diffs/npm/@noble%2fed25519/3.0.0/3.1.0) |  |  | --- ### Release Notes <details> <summary>paulmillr/noble-ed25519 (@&#8203;noble/ed25519)</summary> ### [`v3.1.0`](https://github.com/paulmillr/noble-ed25519/releases/tag/3.1.0) [Compare Source](https://github.com/paulmillr/noble-ed25519/compare/3.0.1...3.1.0) - **March 2026 self-audit** (all files): no major issues found - Audited for spec compliance and security - Minor code hardening in different places - Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+ - TS 5.6 has `Uint8Array`, while TS 5.9+ made it generic `Uint8Array<ArrayBuffer>` - This creates incompatibility of code between versions - Previously, it was hard to use and constantly emitted errors similar to `TS2345` - See [typescript#62240](https://github.com/microsoft/TypeScript/issues/62240) for more context - Fix `sign()` in Firefox WebExtension context. Closes [gh-120](https://github.com/paulmillr/noble-ed25519/issues/120) - Fix compilation issues on TypeScript v6 - Improve tree-shaking, reduce bundle sizes - Add massive amounts of documentation everywhere **Full Changelog**: <https://github.com/paulmillr/noble-ed25519/compare/3.0.1...3.1.0> ### [`v3.0.1`](https://github.com/paulmillr/noble-ed25519/releases/tag/3.0.1) [Compare Source](https://github.com/paulmillr/noble-ed25519/compare/3.0.0...3.0.1) - Fix a low-severity issue affecting `verify` - An attacker **with an access to secret key** was able to produce signatures, which were valid for all messages for their secret key - Impact: low, primarily systems which rely on non-repudiation - Special thanks to folks who've reported the issue: *Yituo He (a.k.a. [@&#8203;HaveYouTall](https://github.com/HaveYouTall)) and [@&#8203;sunyxedu](https://github.com/sunyxedu)* - Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50. - Contributed by [@&#8203;georg95](https://github.com/georg95) in [#&#8203;117](https://github.com/paulmillr/noble-ed25519/pull/117). - keygen x 10,594 ops/sec @&#8203; 94μs/op => 14,610 ops/sec @&#8203; 68μs/op - sign x 5,267 ops/sec @&#8203; 189μs/op => 7,225 ops/sec @&#8203; 138μs/op - verify x 1,203 ops/sec @&#8203; 830μs/op => 1,972 ops/sec @&#8203; 506μs/op **Full Changelog**: <https://github.com/paulmillr/noble-ed25519/compare/3.0.0...3.0.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44NC4xIiwidXBkYXRlZEluVmVyIjoiNDMuMTEwLjE1IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

MarkerBot added 1 commit 2026-03-20 19:00:47 -07:00

Update dependency @noble/ed25519 to v3.0.1 59d274a10a

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from 59d274a10a to dc1080fea4 2026-04-11 12:51:16 -07:00 Compare

MarkerBot changed title from Update dependency @noble/ed25519 to v3.0.1 to Update dependency @noble/ed25519 to v3.1.0 2026-04-11 15:00:55 -07:00

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from dc1080fea4 to b5821a432f 2026-04-11 15:00:55 -07:00 Compare

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from b5821a432f to 7122ea60be 2026-04-12 08:57:35 -07:00 Compare

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from 7122ea60be to 083b08c20e 2026-04-12 09:01:00 -07:00 Compare

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from 083b08c20e to 66bf951d9d 2026-04-12 09:03:46 -07:00 Compare

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from 66bf951d9d to e48e29f06e 2026-04-12 09:06:50 -07:00 Compare

MarkerBot force-pushed renovate/noble-ed25519-3.x-lockfile from e48e29f06e to 42c7ad6c1b 2026-04-12 10:00:54 -07:00 Compare

MarkerBot merged commit 6df688bf29 into main 2026-04-12 11:00:41 -07:00

MarkerBot referenced this pull request from a commit 2026-04-12 11:00:42 -07:00

Merge pull request 'Update dependency @noble/ed25519 to v3.1.0' (#15) from renovate/noble-ed25519-3.x-lockfile into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

MarkerMatic/site!15

No description provided.