chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0 in /frontend#6
chore(deps): bump @noble/hashes from 1.8.0 to 2.2.0 in /frontend#6dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@noble/hashes](https://github.com/paulmillr/noble-hashes) from 1.8.0 to 2.2.0. - [Release notes](https://github.com/paulmillr/noble-hashes/releases) - [Commits](paulmillr/noble-hashes@1.8.0...2.2.0) --- updated-dependencies: - dependency-name: "@noble/hashes" dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
| Check | Result |
|---|---|
| Scope (frontend deps only) | ✅ frontend/package.json + lockfile only |
| Protect-the-gate (no CI/test edits) | ✅ untouched |
| Supply-chain: 0 new packages | ❌ 2 added |
CI Frontend (sandbox guard + build) |
|
| dependency-type | direct:production (version-update:semver-major) |
Why it needs review
- Introduces 2 NEW package(s):
@kasflow/passkey-wallet/node_modules/@noble/hashes,snarkjs/node_modules/@noble/hashes - dependency-type is
direct:production(not a pure dev-dependency) - weigh runtime / money-path impact. - CI
Frontend (sandbox guard + build)isfailure(needsuccess).
Supply-chain delta (npm_and_yarn @ /frontend)
Version-changed (1):
@noble/hashes: 1.8.0 -> 2.2.0
Removed (0):
none
Added (2):
@kasflow/passkey-wallet/node_modules/@noble/hashessnarkjs/node_modules/@noble/hashes
⚠️ Residual blind spot (pre-existing, applies to every merge): no gate runs the rolldown-minified in-app money-path bundle (dist/assets/*.js). The byte-parity gate covers the cold-recovery tool + source, not the shipped minified bytes. Low risk for a minor bump; weigh it for any runtime-dependency change.
Posted by .github/workflows/dependabot-verify.yml. Verdict is advisory; you are the merge gate.
Bumps @noble/hashes from 1.8.0 to 2.2.0.
Release notes
Sourced from @noble/hashes's releases.
... (truncated)
Commits
81983c2Release 2.2.0.8883d32Minor syntax fixese5fedbaRun prettier format on tests72e2083Changes related to March 2026 audit (new tests)fd9f580Changes related to March 2026 audit (typed arrays)9a216b5Changes related to March 2026 audit85e35d5Clarify sha3.cc8ea40Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi46c3129Bump typescript to 6.0.2ca90465Bump devdeps.Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@noble/hashessince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)