Skip to content

fix: dependency upgrades (bech32 v2, @noble/hashes v2, bs58 v6, @noble/curves v2, chain-registry v2)#198

Open
pyramation wants to merge 3 commits intomainfrom
ijs/upgrades
Open

fix: dependency upgrades (bech32 v2, @noble/hashes v2, bs58 v6, @noble/curves v2, chain-registry v2)#198
pyramation wants to merge 3 commits intomainfrom
ijs/upgrades

Conversation

@pyramation
Copy link
Contributor

@pyramation pyramation commented Mar 1, 2026
edited by devin-ai-integration bot
Loading

Summary

Bumps multiple dependencies to their latest major versions and fixes all resulting breaking import/API changes across the monorepo.

Dependency Version Change Breaking Change Files Changed
bech32 v1 → v2 namespace → named export packages/encoding/src/bech32.ts
@noble/hashes v1 → v2 sha256/sha512 moved to sha2 module; ripemd160 moved to legacy; v2 exports map requires .js extensions on subpath imports 5 files across packages/crypto, packages/auth
@noble/curves v1 → v2 Signature.fromCompact()fromBytes(_, 'compact'); Point.toRawBytes()toBytes(); v2 exports map requires .js extension networks/ethereum/src/signers/base-signer.ts
bs58 v5 → v6 namespace → default export 4 files in networks/solana/
@chain-registry/client v1 → v2 snake_case → camelCase properties 4 starship test files
bignumber.js v9 → v10 version bump in package.json
deepmerge 4.2.2 → 4.3.1 version bump in package.json

Updates since last revision

  • Added .js extensions to all @noble/hashes and @noble/curves subpath imports (7 files). The v2 exports maps in these packages only expose .js subpaths (e.g. ./sha2.js, ./legacy.js, ./secp256k1.js), which caused Jest's CJS resolver to fail with Cannot find module errors. This fix ensures both TypeScript compilation and Jest test resolution work correctly.

Review & Testing Checklist for Human

  • 🔴 HIGH RISK: Verify @noble/curves v2 API in ETH signer — The changes at <ref_snippet file="/home/ubuntu/repos/interchainjs/networks/ethereum/src/signers/base-signer.ts" lines="211-215" /> and <ref_snippet file="/home/ubuntu/repos/interchainjs/networks/ethereum/src/signers/base-signer.ts" lines="267-271" /> modify cryptographic signature recovery logic. Wrong API usage will cause silent failures or incorrect signatures. Manually verify against @noble/curves@2 type definitions that fromBytes(bytes, 'compact') and toBytes(false) are correct.
  • 🔴 Verify .js extension imports don't break downstream bundlers — All @noble/hashes and @noble/curves imports now use .js extensions (e.g. @noble/hashes/sha2.js). This is required by v2's exports map and fixes Jest resolution. Confirm this doesn't break any bundler or consumer of these packages.
  • Verify chain-registry v2 camelCase in starship tests — The test file changes (bech32Prefix, chainName, chain1/chain2, portId/channelId) can't be validated without running starship integration tests. Spot-check against @chain-registry/types@2.0.163 type definitions.
  • Check for bignumber.js v10 breaking changes — This major bump has no corresponding source code changes. Verify the library is only used in ways compatible with v10 (or that it's actually backwards compatible).
  • Manually test ETH and Solana signing — The import changes for @noble/curves and bs58 are runtime-critical. Create test transactions for both networks.
  • Review indentation drift — The diff shows extra indentation in <ref_snippet file="/home/ubuntu/repos/interchainjs/networks/cosmos/starship/tests/token.test.ts" lines="355-367" />. Check if this causes linting issues or was intentional reformatting.

Test Plan

  1. ✅ Run pnpm buildPASSES (injective has pre-existing error unrelated to this PR)
  2. Run starship integration tests in networks/cosmos, networks/injective, and libs/interchainjs to verify chain-registry v2 types
  3. Manual signing tests:
    • ETH: Create and sign a transaction using ethereum signer to verify @noble/curves v2 API
    • Solana: Create and sign a transaction to verify bs58 v6 default export
  4. Run full test suite with pnpm test to verify .js extension imports work with Jest

Notes

  • CI status: 4 non-required build checks exist but fail due to pre-existing injective error (src/signers/config.ts type mismatch). PR is marked mergeable.
  • Pre-existing issues (not introduced here):
    • Injective build error in src/signers/config.ts (also fails on main branch)
    • ESLint plugin incompatibility across workspace
  • Requested by: @pyramation
  • Devin Session

@pyramation
upgrades
3bcc8ac
@pyramation
fix: update imports for major dependency upgrades
cae743e 
- bech32 v2: change import * to named import { bech32 }
- @noble/hashes v2: sha256/sha512 -> sha2, ripemd160 -> legacy
- @noble/curves v2: fromCompact -> fromBytes('compact'), toRawBytes -> toBytes
- bs58 v6: change import * to default import
- @chain-registry/client v2: snake_case -> camelCase (bech32_prefix, chain_name, chain_1/2, port_id, channel_id)
@devin-ai-integration
Copy link

devin-ai-integration bot commented Mar 1, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pyramation pyramation

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyramation