chore(deps): bump @cashu/cashu-ts from 3.6.3 to 4.1.0

[dependabot]

Bumps @cashu/cashu-ts from 3.6.3 to 4.1.0.

Release notes

Sourced from @​cashu/cashu-ts's releases.

v4.1.0

What's Changed

• fix: typedocs were not running on release-please by @​robwoodgate in cashubtc/cashu-ts#626
• docs: update roadmap, reorg docs by @​robwoodgate in cashubtc/cashu-ts#628
• feat: widen selectProofsToSend and groupProofsByState to accept ProofLike by @​robwoodgate in cashubtc/cashu-ts#631
• feat: add createEphemeralCounterSource function by @​robwoodgate in cashubtc/cashu-ts#630
• chore(main): release 4.1.0 by @​robwoodgate in cashubtc/cashu-ts#627

Full Changelog: cashubtc/cashu-ts@v4.0.0...v4.1.0

v4.0.0

Version 4 is a major step forward for Cashu TS: It adds precision-safe amounts across the API, first-class proof serialization utilities, custom mint/melt methods, NUT-29 batch minting, and stronger security and rate-limit handling throughout the stack.

New features include:

• Exact amount handling with Amount and bigint support across the API, eliminating silent precision loss (eg large millisat amounts).
• Generic mint/melt APIs for custom payment methods, so apps can integrate new rails without waiting on library-specific support.
• NUT-29 batch minting support for more efficient multi-quote mint workflows.
• Better production resilience with explicit 429 handling, Retry-After parsing, and response metadata for rate-limit-aware clients.
• Stronger security defaults via DLEQ verification hardening, optional strict signature enforcement, and tighter P2PK validation.
• Improved privacy and compatibility through hardened request fingerprinting behavior and more flexible request-header overrides.
• Slimmer ESM only package (ESM can finally be loaded from common.js on node)

Migration Guide

Please see the full migration guide for detailed instructions on upgrading your code.

What's Changed

Detailed changes below - for a summary, see the changelog.

• chore!: remove support for CJS build by @​KvngMikey in cashubtc/cashu-ts#524
• chore: update react tsconfig for TS6.0 by @​robwoodgate in cashubtc/cashu-ts#541
• feat!: migrate amount-bearing APIs to use Amount VO by @​robwoodgate in cashubtc/cashu-ts#533
• feat!: tighten mint/melt API; remove MeltBlanks and prefer_async by @​robwoodgate in cashubtc/cashu-ts#534
• feat!: Proof.amount → bigint, strip crypto primitives, consolidate melt by @​robwoodgate in cashubtc/cashu-ts#537
• feat!: Add bigint support to CBOR for creqA payment requests by @​KvngMikey in cashubtc/cashu-ts#538
• feat: bigint roundtrip for v3/v4 tokens, wire in the enhanced CBOR by @​robwoodgate in cashubtc/cashu-ts#539
• feat!: multi-unit KeyChain, cache API cleanup, deprecation removal by @​robwoodgate in cashubtc/cashu-ts#540
• fix!: prevent getEncodedToken from mutating input token proofs by @​gudnuf in cashubtc/cashu-ts#536
• chore: remove deprecated mint/wallet/model types. Clean up test LSP issues by @​robwoodgate in cashubtc/cashu-ts#542
• chore: remove remaining deprecated methods/types/functions by @​robwoodgate in cashubtc/cashu-ts#543
• chore: update docs - v3 is now the lts version. Add v4 base64 tests by @​robwoodgate in cashubtc/cashu-ts#547
• chore: update version workflow to allow rc releases by @​robwoodgate in cashubtc/cashu-ts#548
• chore(docs): update release info by @​robwoodgate in cashubtc/cashu-ts#549
• fix: harden fetch RequestInit against client fingerprinting by @​robwoodgate in cashubtc/cashu-ts#545
• fix: normalize and dedup p2pk pubkeys / refund keys at edges by @​robwoodgate in cashubtc/cashu-ts#546
• refactor: narrow Proof params to Pick<> where full object isn't needed by @​robwoodgate in cashubtc/cashu-ts#550
• feat!: generic mint/melt methods for custom payment types by @​robwoodgate in cashubtc/cashu-ts#544
• refactor: split wallet tests file by feature by @​robwoodgate in cashubtc/cashu-ts#551
• ci: add Codecov integration and deduplicate workflow triggers by @​robwoodgate in cashubtc/cashu-ts#554

... (truncated)

Changelog

Sourced from @​cashu/cashu-ts's changelog.

4.1.0 (2026-04-16)

Features

• add createEphemeralCounterSource function (#630) (12fe7b1)
• widen selectProofsToSend and groupProofsByState to accept ProofLike[] (#631) (87b4be4)

Bug Fixes

• typedocs were not running on release-please. Now just v4. releases without hyphen (#626) (a3cbb49)

4.0.0 (2026-04-14)

⚠ BREAKING CHANGES

• utils: restrict internal functions from public API surface (#570)
• remove handleTokens from public API (#569)
• p2pk: add normalizeP2PKOptions (#564)
• remove v3 token encoding; accept raw proofs in receive flows (#558)
• generic mint/melt methods for custom payment types (#544)
• multi-unit KeyChain, cache API cleanup, deprecation removal (#540)
• Add bigint support to CBOR for creqA payment requests (#538)
• Proof.amount → bigint, strip crypto primitives, consolidate melt (#537)
• tighten mint/melt API; remove MeltBlanks and prefer_async (#534)
• migrate amount-bearing APIs to use Amount VO (#533)
• remove support for CJS build (#524)

Features

• Add bigint support to CBOR for creqA payment requests (#538) (7a54a91)
• add JSONInt to public api. Update migration docs (#593) (464ec82)
• add requireSigDleq option to Wallet for DLEQ enforcement on signatures (#622) (df5cec6)
• allow consumers to override anti-fingerprinting headers (#580) (31268a1)
• bigint roundtrip for v3/v4 tokens, wire in the enhanced CBOR (#539) (88bffc0)
• errors: add RateLimitError and parseRetryAfter for explicit 429 (#594) (74e0efc)
• extend Amount utils, update migration docs (#584) (4d4529c)
• generic mint/melt methods for custom payment types (#544) (6c9121b)
• migrate amount-bearing APIs to use Amount VO (#533) (ae5d41d)
• multi-unit KeyChain, cache API cleanup, deprecation removal (#540) (2ac031d)
• nut29: wire NUT-06 max_batch_size into prepareBatchMint enforcement (#607) (d88f1a9)
• Proof.amount → bigint, strip crypto primitives, consolidate melt (#537) (c426323)
• remove v3 token encoding; accept raw proofs in receive flows (#558) (abd1efc)
• ResponseMeta callback and per-mint rate-limit header exposure (#596) (42db5c7)
• Support NUT-29 Batch Minting (#478) (de895da)
• tighten mint/melt API; remove MeltBlanks and prefer_async (#534) (8ef99c9)
• utils: add serializeProofs/deserializeProofs, make getEncodedTokenV4 internal (2c92842)

... (truncated)

Commits

• c2df2fd chore(main): release 4.1.0 (#627)
• 12fe7b1 feat: add createEphemeralCounterSource function (#630)
• 87b4be4 feat: widen selectProofsToSend and groupProofsByState to accept ProofLike[] (...
• 2260968 docs: update roadmap, reorg docs (#628)
• a3cbb49 fix: typedocs were not running on release-please. Now just v4. releases witho...
• b4a6b36 chore(main): release 4.0.0 (#531)
• df5cec6 feat: add requireSigDleq option to Wallet for DLEQ enforcement on signatures ...
• 2dea650 chore: add 7 days npm min release age (#625)
• 53a5a7d docs: add warning to treat tokens as untrusted input (#623)
• b6ae9b3 refactor(output): restore OutputData as canonical creator implementation (#620)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)