Bump @noble/ciphers from 1.3.0 to 2.1.1

[dependabot]

Bumps @noble/ciphers from 1.3.0 to 2.1.1.

Release notes

Sourced from @​noble/ciphers's releases.

2.1.1

• Implement AES-SIV by @​overheadhunter in paulmillr/noble-ciphers#62
  • AES-SIV (RFC 5297) is different from AES-GCM-SIV (RFC 8452)
  • Deprecate old siv export in aes.js because it was an alias to gcmsiv
• Publish provenance statement, missed in 2.0.1 due to GitHub bugs

New Contributors

• @​overheadhunter made their first contribution in paulmillr/noble-ciphers#62

Full Changelog: paulmillr/noble-ciphers@2.0.1...2.1.0

2.0.1

• Disable extension-less imports. If you've used /chacha, switch to /chacha.js now. See 2.0.0 for more details.
• package.json: specify exported submodules to ensure typescript autocompletion

GitHub Immutable Releases

This GH release does not include NPM & JSR attestations, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-ciphers@2.0.0...2.0.1

2.0.0

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 118KB => 99KB
  • Reduces unpacked npm size (on-disk space): 753KB => 458KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/ciphers/aes
  • New: @noble/ciphers/aes.js
  • This simplifies working in browsers natively without transpilers

Changes

• webcrypto: move randomBytes and managedNonce to utils.js
• ghash, poly1305, polyval: only allow Uint8Array as hash inputs, prohibit string
• utils: new abytes; remove ahash, toBytes
• Remove modules _assert (use utils), _micro and crypto (use webcrypto)
• Upgrade typescript compilation env to ts5.9 and es2022
• Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-ciphers@1.3.0...2.0.0

Commits

• 785181b Release 2.1.1.
• f14e577 aes: improve siv and cmac tests
• b7b374f aes: refactor aes-siv cmac
• 999f2ff README
• 9c9feec Improve bench:compare
• c5cdae0 ci: reuse test:slow workflow
• 0415b82 ci: run large tests bi-weekly
• b966ecd Fix ci
• 49a1a19 ci: Update jsbt, fix test-slow
• 5df188d readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/ciphers since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Medium Risk
Major-version crypto dependency upgrade; although code changes are limited to package.json, upstream API/behavior changes could affect AES-GCM and nonce generation usage at runtime.

Overview
Updates packages/seismic-viem to use @noble/ciphers ^2.1.1 (from ^1.2.0) via package.json dependency bump.

^{Written by Cursor Bugbot for commit 1ed61f8. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on March 2

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Major version bump breaks extensionless import paths

High Severity

Bumping @noble/ciphers from v1.x to v2.x without updating import paths in aes.ts and nonce.ts. Both files import from @noble/ciphers/webcrypto (extensionless), but v2.0.1 explicitly disabled extensionless imports — all subpath imports now require a .js extension (e.g., @noble/ciphers/webcrypto.js). This will cause module resolution failures at build time or runtime.

 

[cursor]

randomBytes moved from webcrypto to utils module

High Severity

In @noble/ciphers v2.0.0, randomBytes was moved from the webcrypto module to utils.js. The existing import in nonce.ts — import { randomBytes } from '@noble/ciphers/webcrypto' — will fail even after fixing the extensionless path issue, because randomBytes is no longer exported from webcrypto.js. It needs to be imported from @noble/ciphers/utils.js instead.