fix(deps): update dependency @noble/ciphers to v2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@noble/ciphers (source)	^1.0.0 → ^2.0.0

---

Release Notes

paulmillr/noble-ciphers (@​noble/ciphers)

v2.2.0

Compare Source

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: ctr from webcrypto submodule used wrong counter wrapping
  • Fix: MAC no longer corrupts oversized outputs
  • Align CMAC API to other MACs
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Fix compilation issues on TypeScript v6
• Zeroization improvements by @​ChALkeR in #​67, #​68
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

Full Changelog: paulmillr/noble-ciphers@2.1.1...2.2.0

v2.1.1

Compare Source

• Implement AES-SIV by @​overheadhunter in #​62
  • AES-SIV (RFC 5297) is different from AES-GCM-SIV (RFC 8452)
  • Deprecate old siv export in aes.js because it was an alias to gcmsiv
• Publish provenance statement, missed in 2.0.1 due to GitHub bugs

New Contributors

• @​overheadhunter made their first contribution in #​62

Full Changelog: paulmillr/noble-ciphers@2.0.1...2.1.0

v2.0.1

Compare Source

• Disable extension-less imports. If you've used /chacha, switch to /chacha.js now. See 2.0.0 for more details.
• package.json: specify exported submodules to ensure typescript autocompletion

GitHub Immutable Releases

This GH release does not include NPM & JSR attestations, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-ciphers@2.0.0...2.0.1

v2.0.0

Compare Source

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 118KB => 99KB
  • Reduces unpacked npm size (on-disk space): 753KB => 458KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/ciphers/aes
  • New: @noble/ciphers/aes.js
  • This simplifies working in browsers natively without transpilers

Changes

• webcrypto: move randomBytes and managedNonce to utils.js
• ghash, poly1305, polyval: only allow Uint8Array as hash inputs, prohibit string
• utils: new abytes; remove ahash, toBytes
• Remove modules _assert (use utils), _micro and crypto (use webcrypto)
• Upgrade typescript compilation env to ts5.9 and es2022
• Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-ciphers@1.3.0...2.0.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.