fix(deps): update dependency @noble/ciphers to v2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@noble/ciphers (source)	^1.0.0 → ^2.0.0

---

Release Notes

paulmillr/noble-ciphers (@​noble/ciphers)

v2.2.0

Compare Source

• March 2026 self-audit (all files): no major issues found
  • Audited for spec compliance and security
  • Fix: ctr from webcrypto submodule used wrong counter wrapping
  • Fix: MAC no longer corrupts oversized outputs
  • Align CMAC API to other MACs
• Fix all Byte Array types, to ensure proper work in both TypeScript 5.6 & TypeScript 5.9+
  • TS 5.6 has Uint8Array, while TS 5.9+ made it generic Uint8Array<ArrayBuffer>
  • This creates incompatibility of code between versions
  • Previously, it was hard to use and constantly emitted errors similar to TS2345
  • See typescript#62240 for more context
• Fix compilation issues on TypeScript v6
• Zeroization improvements by @​ChALkeR in #​67, #​68
• Make package Big Endian friendly. All tests pass on s390x
• Improve tree-shaking, reduce bundle sizes
• Add massive amounts of documentation everywhere

Full Changelog: paulmillr/noble-ciphers@2.1.1...2.2.0

v2.1.1

Compare Source

• Implement AES-SIV by @​overheadhunter in #​62
  • AES-SIV (RFC 5297) is different from AES-GCM-SIV (RFC 8452)
  • Deprecate old siv export in aes.js because it was an alias to gcmsiv
• Publish provenance statement, missed in 2.0.1 due to GitHub bugs

New Contributors

• @​overheadhunter made their first contribution in #​62

Full Changelog: paulmillr/noble-ciphers@2.0.1...2.1.0

v2.0.1

Compare Source

• Disable extension-less imports. If you've used /chacha, switch to /chacha.js now. See 2.0.0 for more details.
• package.json: specify exported submodules to ensure typescript autocompletion

GitHub Immutable Releases

This GH release does not include NPM & JSR attestations, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-ciphers@2.0.0...2.0.1

v2.0.0

Compare Source

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 118KB => 99KB
  • Reduces unpacked npm size (on-disk space): 753KB => 458KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/ciphers/aes
  • New: @noble/ciphers/aes.js
  • This simplifies working in browsers natively without transpilers

Changes

• webcrypto: move randomBytes and managedNonce to utils.js
• ghash, poly1305, polyval: only allow Uint8Array as hash inputs, prohibit string
• utils: new abytes; remove ahash, toBytes
• Remove modules _assert (use utils), _micro and crypto (use webcrypto)
• Upgrade typescript compilation env to ts5.9 and es2022
• Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-ciphers@1.3.0...2.0.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.76%. Comparing base (5124844) to head (a32ba91).

Additional details and impacted files

@@           Coverage Diff           @@
##             next    #1472   +/-   ##
=======================================
  Coverage   89.76%   89.76%           
=======================================
  Files         177      177           
  Lines       26917    26917           
  Branches     2230     2230           
=======================================
  Hits        24162    24162           
  Misses       2755     2755           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

packages/credential-ld                   | [WARN] The field "resolutions" was found in /tmp/renovate/repos/github/decentralized-identity/veramo/packages/credential-ld/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.
packages/did-provider-key                | [WARN] The field "resolutions" was found in /tmp/renovate/repos/github/decentralized-identity/veramo/packages/did-provider-key/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.
packages/did-provider-peer               | [WARN] The field "resolutions" was found in /tmp/renovate/repos/github/decentralized-identity/veramo/packages/did-provider-peer/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.
Scope: all 36 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
.                                        | [WARN] deprecated uuid@9.0.1
packages/cli                             | [WARN] deprecated @types/node-fetch@3.0.3
packages/data-store-json                 | [WARN] deprecated @ungap/structured-clone@1.3.0
Progress: resolved 107, reused 1, downloaded 0, added 0
packages/kv-store                        | [WARN] deprecated eslint@8.57.1
Progress: resolved 129, reused 1, downloaded 0, added 0
Progress: resolved 153, reused 1, downloaded 0, added 0
Progress: resolved 361, reused 1, downloaded 0, added 0
Progress: resolved 634, reused 1, downloaded 0, added 0
/tmp/renovate/repos/github/decentralized-identity/veramo/packages/credential-ld:
[ERR_PNPM_EXOTIC_SUBDEP] Exotic dependency "jsonld" (resolved via git-repository) is not allowed in subdependencies when blockExoticSubdeps is enabled

This error happened while installing the dependencies of @digitalcredentials/vc@7.0.0