chore(deps): bump @noble/curves from 1.8.1 to 2.2.0 in /frontend#7
chore(deps): bump @noble/curves from 1.8.1 to 2.2.0 in /frontend#7dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [@noble/curves](https://github.com/paulmillr/noble-curves) from 1.8.1 to 2.2.0. - [Release notes](https://github.com/paulmillr/noble-curves/releases) - [Commits](paulmillr/noble-curves@1.8.1...2.2.0) --- updated-dependencies: - dependency-name: "@noble/curves" dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
| Check | Result |
|---|---|
| Scope (frontend deps only) | ✅ frontend/package.json + lockfile only |
| Protect-the-gate (no CI/test edits) | ✅ untouched |
| Supply-chain: 0 new packages | ✅ 0 added |
CI Frontend (sandbox guard + build) |
|
| dependency-type | direct:production (version-update:semver-major) |
Why it needs review
- dependency-type is
direct:production(not a pure dev-dependency) - weigh runtime / money-path impact. - CI
Frontend (sandbox guard + build)isfailure(needsuccess).
Supply-chain delta (npm_and_yarn @ /frontend)
Version-changed (2):
@noble/curves/node_modules/@noble/hashes: 1.7.1 -> 2.2.0@noble/curves: 1.8.1 -> 2.2.0
Removed (0):
none
Added (0):
none
⚠️ Residual blind spot (pre-existing, applies to every merge): no gate runs the rolldown-minified in-app money-path bundle (dist/assets/*.js). The byte-parity gate covers the cold-recovery tool + source, not the shipped minified bytes. Low risk for a minor bump; weigh it for any runtime-dependency change.
Posted by .github/workflows/dependabot-verify.yml. Verdict is advisory; you are the merge gate.
Bumps @noble/curves from 1.8.1 to 2.2.0.
Release notes
Sourced from @noble/curves's releases.
... (truncated)
Commits
043905dRelease 2.2.0.aa55711Add more tests for wnaf1574a6cRemove unused argument from multiplyUnsafeea1c7b3Fix typo in createOPRF. gh-23422057a1Merge pull request #235 from ChALkeR/chalker/deepview/endo/0d04fb69Merge pull request #236 from ChALkeR/patch-48041fecInline toAffine and assertPointValid76b26befix a misleading commentdf0ccf4Bump noble-hashes to 2.2.03e5f1b8Run prettier format on testsMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@noble/curvessince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)