chore(deps): bump elliptic, @cosmjs/crypto, @cosmjs/stargate and @cosmjs/tendermint-rpc

[dependabot]

Removes elliptic. It's no longer used after updating ancestor dependencies elliptic, @cosmjs/crypto, @cosmjs/stargate and @cosmjs/tendermint-rpc. These dependencies need to be updated together.

Removes elliptic

Updates @cosmjs/crypto from 0.30.1 to 0.38.1

Release notes

Sourced from @​cosmjs/crypto's releases.

0.38.0

Highlights in this release

• Add Support for dynamic gas price (via feemarket or Osmosis)
• Add support for Cosmos EVM key handling and signing
• Add support ts-proto v2 code generation
• Decimal type now supports negative values

Housekeeping

• Use ReadonlyDate from readonly-date-esm
• Remove Tendermint 0.34 client
• Rename package @​cosmjs/cosmwasm-stargate to @​cosmjs/cosmwasm

Important notes

• Users now require TypeScript 5.7+ since we return Uint8Array generics whenever possible
• This is the last version that supports Node.js 20. Please upgrade to version 22 or 24.

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0380---2025-12-30 All changes: cosmos/cosmjs@v0.37.0...v0.38.0

0.37.0

Highlights in this release

• Add client for CometBFT 1.x (Comet1Client)
• Modernize dependencies to reduce bundle size and reliability
• Set exports field to all packages. This prevents users from importing non-public interfaces and prepares for and ESM world.
• Deprecate executeKdf from both @​cosmjs/amino and @​cosmjs/proto-signing as wallet encryption will be removed (cosmos/cosmjs#1796).

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0370---2025-10-29 All changes: cosmos/cosmjs@v0.36.1...v0.37.0

0.36.0

Encrypted wallet serialization deprecated!

• The use of encrypted wallet storage is deprecated. In particular this means:

  • Secp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • Secp256k1HdWallet.deserialize/.deserializeWithEncryptionKey
  • DirectSecp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • DirectSecp256k1HdWallet.deserialize/.deserializeWithEncryptionKey

  If you are using any of those methods, please comment at cosmos/cosmjs#1796.

  A scream test was established which slows down the key derivation function a lot. This simulates the use of a pure-JS implementation of Argon2 which we will use on one of the next releases. If this causes problems for your app, switch back to ^0.35.0 and comment in the issue.

• Migrate from libsodium to different implementation in order to reduce bundle size and improve compatibility.

  • ed25519 now uses @​noble/curves
  • xchacha20poly1305 now uses @​noble/ciphers

... (truncated)

Changelog

Sourced from @​cosmjs/crypto's changelog.

[0.38.1] - 2025-12-31

• Bring back main/types fields for bundlephobia support. (#1942)

#1942: cosmos/cosmjs#1942

[0.38.0] - 2025-12-30

Added

• @​cosmjs/encoding: Add fixUint8Array which takes an Uint8Array<ArrayBufferLike> and returns Uint8Array<ArrayBuffer>. This can be used in cases where a data source returns an Uint8Array without specifying the buffer type but you need an ArrayBuffer. Internally it might perform a copy but in the vast majority of cases it will just change the type after ensuring ArrayBuffer is used. (#1883)
• @​cosmjs/math: Add Decimal.adjustFractionalDigits which allows you to change the fractional digits of a Decimal without changing its value. (#1916)
• @​cosmjs/stargate, @​cosmjs/cosmwasm-stargate: Add option to configure dynamic gas price in SigningCosmWasmClientOptions and SigningStargateClientOptions using the DynamicGasPriceConfig interface for gasPrice. This then uses Osmosis' EIP-1559 implementation or the Skip fee market module to get the gas price from the chain. (#1926)
• @​cosmjs/cosmwasm-stargate: Add the ability to specify a custom account parser for CosmWasmClient. (#1928)
• Add support for Cosmos EVM key handling and signing. (#1932)
• @​cosmjs/proto-signing: Add support for ts-proto v2 through the newly added TsProto2GeneratedType interface. As long as the existing TsProtoGeneratedType is not removed, ts-proto v1 remains supported. (#1613)

#1613: cosmos/cosmjs#1613 #1883: cosmos/cosmjs#1883 #1916: cosmos/cosmjs#1916 #1926: cosmos/cosmjs#1926 #1928: cosmos/cosmjs#1928 #1932: cosmos/cosmjs#1932

Changed

• all: return Uint8Array<ArrayBuffer> instead of Uint8Array = Uint8Array<ArrayBufferLike> whenever CosmJS creates binary data for users. This allows users to stick it into APIs that require ArrayBuffer such as many APIs from Subtle crypto. You can still assign Uint8Array<ArrayBuffer> to any Uint8Array in an existing codebase like this:

  const myVar: Uint8Array = fromHex("aabb");

... (truncated)

Commits

• c1e00ef Set version 0.38.1
• 9d9e735 Bring back main/types fields for bundlephobia support (#1942)
• 37377b7 Fix @​cosmjs/cosmwasm package name in README
• b28d7d8 Set version 0.38.0
• 27b7de9 Update some credits
• e232235 Merge pull request #1934 from cosmos/spliteria
• 3cc8083 Rename renaming libsodum module to ed25519
• 6bf92d6 Pull Xchacha20poly1305 code out of libsodium module
• b82b285 Pull argon2 code out of libsolium module
• 02592ac Set version 0.38.0-rc.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by webmaster128, a new releaser for @​cosmjs/crypto since your current version.

Updates @cosmjs/stargate from 0.30.1 to 0.38.1

Release notes

Sourced from @​cosmjs/stargate's releases.

0.38.0

Highlights in this release

• Add Support for dynamic gas price (via feemarket or Osmosis)
• Add support for Cosmos EVM key handling and signing
• Add support ts-proto v2 code generation
• Decimal type now supports negative values

Housekeeping

• Use ReadonlyDate from readonly-date-esm
• Remove Tendermint 0.34 client
• Rename package @​cosmjs/cosmwasm-stargate to @​cosmjs/cosmwasm

Important notes

• Users now require TypeScript 5.7+ since we return Uint8Array generics whenever possible
• This is the last version that supports Node.js 20. Please upgrade to version 22 or 24.

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0380---2025-12-30 All changes: cosmos/cosmjs@v0.37.0...v0.38.0

0.37.0

Highlights in this release

• Add client for CometBFT 1.x (Comet1Client)
• Modernize dependencies to reduce bundle size and reliability
• Set exports field to all packages. This prevents users from importing non-public interfaces and prepares for and ESM world.
• Deprecate executeKdf from both @​cosmjs/amino and @​cosmjs/proto-signing as wallet encryption will be removed (cosmos/cosmjs#1796).

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0370---2025-10-29 All changes: cosmos/cosmjs@v0.36.1...v0.37.0

0.36.0

Encrypted wallet serialization deprecated!

• The use of encrypted wallet storage is deprecated. In particular this means:

  • Secp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • Secp256k1HdWallet.deserialize/.deserializeWithEncryptionKey
  • DirectSecp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • DirectSecp256k1HdWallet.deserialize/.deserializeWithEncryptionKey

  If you are using any of those methods, please comment at cosmos/cosmjs#1796.

  A scream test was established which slows down the key derivation function a lot. This simulates the use of a pure-JS implementation of Argon2 which we will use on one of the next releases. If this causes problems for your app, switch back to ^0.35.0 and comment in the issue.

• Migrate from libsodium to different implementation in order to reduce bundle size and improve compatibility.

  • ed25519 now uses @​noble/curves
  • xchacha20poly1305 now uses @​noble/ciphers

... (truncated)

Changelog

Sourced from @​cosmjs/stargate's changelog.

[0.38.1] - 2025-12-31

• Bring back main/types fields for bundlephobia support. (#1942)

#1942: cosmos/cosmjs#1942

[0.38.0] - 2025-12-30

Added

• @​cosmjs/encoding: Add fixUint8Array which takes an Uint8Array<ArrayBufferLike> and returns Uint8Array<ArrayBuffer>. This can be used in cases where a data source returns an Uint8Array without specifying the buffer type but you need an ArrayBuffer. Internally it might perform a copy but in the vast majority of cases it will just change the type after ensuring ArrayBuffer is used. (#1883)
• @​cosmjs/math: Add Decimal.adjustFractionalDigits which allows you to change the fractional digits of a Decimal without changing its value. (#1916)
• @​cosmjs/stargate, @​cosmjs/cosmwasm-stargate: Add option to configure dynamic gas price in SigningCosmWasmClientOptions and SigningStargateClientOptions using the DynamicGasPriceConfig interface for gasPrice. This then uses Osmosis' EIP-1559 implementation or the Skip fee market module to get the gas price from the chain. (#1926)
• @​cosmjs/cosmwasm-stargate: Add the ability to specify a custom account parser for CosmWasmClient. (#1928)
• Add support for Cosmos EVM key handling and signing. (#1932)
• @​cosmjs/proto-signing: Add support for ts-proto v2 through the newly added TsProto2GeneratedType interface. As long as the existing TsProtoGeneratedType is not removed, ts-proto v1 remains supported. (#1613)

#1613: cosmos/cosmjs#1613 #1883: cosmos/cosmjs#1883 #1916: cosmos/cosmjs#1916 #1926: cosmos/cosmjs#1926 #1928: cosmos/cosmjs#1928 #1932: cosmos/cosmjs#1932

Changed

• all: return Uint8Array<ArrayBuffer> instead of Uint8Array = Uint8Array<ArrayBufferLike> whenever CosmJS creates binary data for users. This allows users to stick it into APIs that require ArrayBuffer such as many APIs from Subtle crypto. You can still assign Uint8Array<ArrayBuffer> to any Uint8Array in an existing codebase like this:

  const myVar: Uint8Array = fromHex("aabb");

... (truncated)

Commits

• c1e00ef Set version 0.38.1
• 9d9e735 Bring back main/types fields for bundlephobia support (#1942)
• 37377b7 Fix @​cosmjs/cosmwasm package name in README
• b28d7d8 Set version 0.38.0
• 27b7de9 Update some credits
• e232235 Merge pull request #1934 from cosmos/spliteria
• 3cc8083 Rename renaming libsodum module to ed25519
• 6bf92d6 Pull Xchacha20poly1305 code out of libsodium module
• b82b285 Pull argon2 code out of libsolium module
• 02592ac Set version 0.38.0-rc.1
• Additional commits viewable in compare view

Updates @cosmjs/tendermint-rpc from 0.30.1 to 0.38.1

Release notes

Sourced from @​cosmjs/tendermint-rpc's releases.

0.38.0

Highlights in this release

• Add Support for dynamic gas price (via feemarket or Osmosis)
• Add support for Cosmos EVM key handling and signing
• Add support ts-proto v2 code generation
• Decimal type now supports negative values

Housekeeping

• Use ReadonlyDate from readonly-date-esm
• Remove Tendermint 0.34 client
• Rename package @​cosmjs/cosmwasm-stargate to @​cosmjs/cosmwasm

Important notes

• Users now require TypeScript 5.7+ since we return Uint8Array generics whenever possible
• This is the last version that supports Node.js 20. Please upgrade to version 22 or 24.

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0380---2025-12-30 All changes: cosmos/cosmjs@v0.37.0...v0.38.0

0.37.0

Highlights in this release

• Add client for CometBFT 1.x (Comet1Client)
• Modernize dependencies to reduce bundle size and reliability
• Set exports field to all packages. This prevents users from importing non-public interfaces and prepares for and ESM world.
• Deprecate executeKdf from both @​cosmjs/amino and @​cosmjs/proto-signing as wallet encryption will be removed (cosmos/cosmjs#1796).

Changelog: https://github.com/cosmos/cosmjs/blob/main/CHANGELOG.md#0370---2025-10-29 All changes: cosmos/cosmjs@v0.36.1...v0.37.0

0.36.0

Encrypted wallet serialization deprecated!

• The use of encrypted wallet storage is deprecated. In particular this means:

  • Secp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • Secp256k1HdWallet.deserialize/.deserializeWithEncryptionKey
  • DirectSecp256k1HdWallet.serialize/.serializeWithEncryptionKey
  • DirectSecp256k1HdWallet.deserialize/.deserializeWithEncryptionKey

  If you are using any of those methods, please comment at cosmos/cosmjs#1796.

  A scream test was established which slows down the key derivation function a lot. This simulates the use of a pure-JS implementation of Argon2 which we will use on one of the next releases. If this causes problems for your app, switch back to ^0.35.0 and comment in the issue.

• Migrate from libsodium to different implementation in order to reduce bundle size and improve compatibility.

  • ed25519 now uses @​noble/curves
  • xchacha20poly1305 now uses @​noble/ciphers

... (truncated)

Changelog

Sourced from @​cosmjs/tendermint-rpc's changelog.

[0.38.1] - 2025-12-31

• Bring back main/types fields for bundlephobia support. (#1942)

#1942: cosmos/cosmjs#1942

[0.38.0] - 2025-12-30

Added

• @​cosmjs/encoding: Add fixUint8Array which takes an Uint8Array<ArrayBufferLike> and returns Uint8Array<ArrayBuffer>. This can be used in cases where a data source returns an Uint8Array without specifying the buffer type but you need an ArrayBuffer. Internally it might perform a copy but in the vast majority of cases it will just change the type after ensuring ArrayBuffer is used. (#1883)
• @​cosmjs/math: Add Decimal.adjustFractionalDigits which allows you to change the fractional digits of a Decimal without changing its value. (#1916)
• @​cosmjs/stargate, @​cosmjs/cosmwasm-stargate: Add option to configure dynamic gas price in SigningCosmWasmClientOptions and SigningStargateClientOptions using the DynamicGasPriceConfig interface for gasPrice. This then uses Osmosis' EIP-1559 implementation or the Skip fee market module to get the gas price from the chain. (#1926)
• @​cosmjs/cosmwasm-stargate: Add the ability to specify a custom account parser for CosmWasmClient. (#1928)
• Add support for Cosmos EVM key handling and signing. (#1932)
• @​cosmjs/proto-signing: Add support for ts-proto v2 through the newly added TsProto2GeneratedType interface. As long as the existing TsProtoGeneratedType is not removed, ts-proto v1 remains supported. (#1613)

#1613: cosmos/cosmjs#1613 #1883: cosmos/cosmjs#1883 #1916: cosmos/cosmjs#1916 #1926: cosmos/cosmjs#1926 #1928: cosmos/cosmjs#1928 #1932: cosmos/cosmjs#1932

Changed

• all: return Uint8Array<ArrayBuffer> instead of Uint8Array = Uint8Array<ArrayBufferLike> whenever CosmJS creates binary data for users. This allows users to stick it into APIs that require ArrayBuffer such as many APIs from Subtle crypto. You can still assign Uint8Array<ArrayBuffer> to any Uint8Array in an existing codebase like this:

  const myVar: Uint8Array = fromHex("aabb");

... (truncated)

Commits

• c1e00ef Set version 0.38.1
• 9d9e735 Bring back main/types fields for bundlephobia support (#1942)
• 37377b7 Fix @​cosmjs/cosmwasm package name in README
• b28d7d8 Set version 0.38.0
• 27b7de9 Update some credits
• e232235 Merge pull request #1934 from cosmos/spliteria
• 3cc8083 Rename renaming libsodum module to ed25519
• 6bf92d6 Pull Xchacha20poly1305 code out of libsodium module
• b82b285 Pull argon2 code out of libsolium module
• 02592ac Set version 0.38.0-rc.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.