chore(deps): bump the production-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: @noble/curves, @noble/hashes and @scure/base.

Updates @noble/curves from 2.0.1 to 2.2.0

Release notes

Sourced from @​noble/curves's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • ed25519: make zip215 verification logic match spec more strictly (spec vectors were not enough)
  • ed448: turn off zip215 mode by default, use stricter one
  • schnorr: reduce rand by mod N instead of throwing
  • math: hardening of sqrt
  • babyjubjub: use correct curve and curve params
  • der: improve parsing
  • bls: improve point decoding
  • bls, bn: Fix Fp6 / Fp12 order
  • hash-to-curve: empty dst / count now throws
  • Apply Object.freeze to most primitives
  • Other minor hardening
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See [typescript#62240](microsoft/TypeScript#62240) for more context
• Implement FROST threshold signatures from RFC 9591
• Fix compilation issues on TypeScript v6
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-curves@2.0.1...2.2.0

Commits

• 043905d Release 2.2.0.
• aa55711 Add more tests for wnaf
• 1574a6c Remove unused argument from multiplyUnsafe
• ea1c7b3 Fix typo in createOPRF. gh-234
• 22057a1 Merge pull request #235 from ChALkeR/chalker/deepview/endo/0
• d04fb69 Merge pull request #236 from ChALkeR/patch-4
• 8041fec Inline toAffine and assertPointValid
• 76b26be fix a misleading comment
• df0ccf4 Bump noble-hashes to 2.2.0
• 3e5f1b8 Run prettier format on tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/curves since your current version.

Updates @noble/hashes from 2.0.1 to 2.2.0

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/hashes since your current version.

Updates @scure/base from 1.2.6 to 2.0.0

Release notes

Sourced from @​scure/base's releases.

2.0.0

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 26.1KB => 24.5KB
  • Reduces unpacked npm size (on-disk space): 165KB => 102KB
• Make bundle sizes smaller, compared to v1.x
• Upgrade typescript compilation env to ts5.9 and es2022

Full Changelog: paulmillr/scure-base@1.2.6...2.0.0

Commits

• d765626 Release 2.0.0.
• 4f9c0ab Bump jsbt
• 51d4fab Merge devdeps: should, bmark into jsbt
• d530159 Simplify abytes
• 389662d Release 2.0.0-beta.1.
• 90b495c Bump jsbt
• 559c3d9 pkg.json: use standard field order. Use standard gitignore. Adjust test code ...
• 8b4ce93 Bump ts to 5.9. Rewrite tests in ts.
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The group that created this PR has been removed from your configuration.