deps(deps): bump @noble/hashes from 1.8.0 to 2.2.0

[dependabot]

Bumps @noble/hashes from 1.8.0 to 2.2.0.

Release notes

Sourced from @​noble/hashes's releases.

2.2.0

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: dkLen=0 handling in pbkdf2, blake2, turboshake, kt
  • Fix: parallelHash with blockLen=0
  • Fix: argon2 progress callback now reaches 100%
  • Improve: digestInto no longer returns a value (better performance)
  • Improve: argon2, blake2 support non-4-divisible dkLen
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• sha3: speed-up by up to 50%. Contributed by @​ChALkeR in paulmillr/noble-hashes#126
• Fix compilation issues on TypeScript v6
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

(We're skipping v2.1, to align with other noble packages)

Full Changelog: paulmillr/noble-hashes@2.0.1...2.2.0

2.0.1

• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers
  • This was planned for 2.0.0, but was accidentally left out
• package.json: specify exported submodules to ensure typescript autocompletion
• scrypt: Fix error message for maxmem check by @​ChALkeR in paulmillr/noble-hashes#121
• scrypt: 4% speed-up by @​ChALkeR in paulmillr/noble-hashes#122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

2.0.0

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 152KB => 136KB
  • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers

Changes

... (truncated)

Commits

• 81983c2 Release 2.2.0.
• 8883d32 Minor syntax fixes
• e5fedba Run prettier format on tests
• 72e2083 Changes related to March 2026 audit (new tests)
• fd9f580 Changes related to March 2026 audit (typed arrays)
• 9a216b5 Changes related to March 2026 audit
• 85e35d5 Clarify sha3.
• cc8ea40 Merge pull request #126 from ChALkeR/chalker/unroll/sha3/0/chi
• 46c3129 Bump typescript to 6.0.2
• ca90465 Bump devdeps.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​noble/hashes since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7ab71aac1a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Delay noble-hashes v2 until subpath imports are updated

This upgrade introduces a breaking module-path change for @noble/hashes v2 while the code still imports v1-style paths (@noble/hashes/ripemd160 and @noble/hashes/sha256) in packages/chains/cosmos/src/chain.ts and packages/chains/xrp/src/chain.ts. With v2, those legacy subpaths are no longer compatible, so these packages can fail to build or load at runtime when address/hash code paths are executed unless the imports are migrated to the new .js subpath format.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Align declared Node engine with new dependency floor

The lockfile now records @noble/hashes@2.2.0 with engines: {node: '>= 20.19.0'}, but the affected packages still declare "engines": { "node": ">=20" }. That means users on Node 20.0–20.18 satisfy your package metadata yet can hit install/runtime incompatibilities after this bump, so the package engine declarations should be raised (or the dependency version constrained) to avoid a misleading compatibility contract.

Useful? React with 👍 / 👎.