Bump @noble/post-quantum from 0.4.1 to 0.6.0

[dependabot]

Bumps @noble/post-quantum from 0.4.1 to 0.6.0.

Release notes

Sourced from @​noble/post-quantum's releases.

0.6.0

• Implement Falcon signatures. Prepare for future FN-DSA / FIPS-206.
• Mar 2026 self-audit of the library has been completed, with no major findings. Lots of minor security / stability improvements have been incorporated.
• Add detailed documentation to all files

Full Changelog: paulmillr/noble-post-quantum@0.5.4...0.6.0

0.5.4

• Fix ecdhKem.encapsulate default rand length by @​FiloSottile in paulmillr/noble-post-quantum#35
• Rename hybrid.js submodule exports to align with other modules. Old names are still available until v0.6. New usage:

import {
  ml_kem768_x25519, ml_kem768_p256, ml_kem1024_p384,
  KitchenSink_ml_kem768_x25519, XWing,
  QSF_ml_kem768_p256, QSF_ml_kem1024_p384,
} from '@noble/post-quantum/hybrid.js';

New Contributors

• @​FiloSottile made their first contribution in paulmillr/noble-post-quantum#35

Full Changelog: paulmillr/noble-post-quantum@0.5.3...0.5.4

0.5.3

Implement irtf-cfrg-concrete-hybrid-kems-02.

Contributed by @​panva in paulmillr/noble-post-quantum#34

import { MLKEM768X25519, MLKEM768P256, MLKEM1024P384 } from '@noble/post-quantum/hybrid.js';

New Contributors

• @​MurasameKei made their first contribution in paulmillr/noble-post-quantum#31

Full Changelog: paulmillr/noble-post-quantum@0.5.2...0.5.3

0.5.2

• Disable extension-less imports. If you've used /ml-dsa, switch to /ml-dsa.js now. See 0.5.0 for more details.
• package.json: specify exported submodules to ensure typescript autocompletion

GitHub Immutable Releases

This GH release does not standalone noble-post-quantum.js, until we fix bugs related to newly added GitHub Immutable Releases

Full Changelog: paulmillr/noble-post-quantum@0.5.1...0.5.2

0.5.1

• Use stable noble-hashes and noble-curves v2

... (truncated)

Commits

• bcc54d6 Release 0.6.0.
• 9d18187 Update jsbt ci
• 2b99d75 Changes as per Mar 2026 audit
• c19545e Bump typescript to 6.0.2
• 79e5ae4 Add docs everywhere. Upgrade to ts 6.0-rc, jsbt 0.5. Add pkg.json scripts.
• 08a149a Implement Falcon signatures. Prepare for future FN-DSA / FIPS-206.
• e5b7543 readme
• 66d1516 readme
• 099503b Release 0.5.4.
• fc2faa5 readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​noble/post-quantum since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​noble/​post-quantum@​0.4.1 ⏵ 0.6.0			+1	+6

View full report

[dependabot]

Looks like @noble/post-quantum is no longer a dependency, so this is no longer needed.