diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 000000000..62291703e
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,31 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/configuration-reference
+version: 2.1
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs
+jobs:
+  say-hello:
+    # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job
+    docker:
+      # Specify the version you desire here
+      # See: https://circleci.com/developer/images/image/cimg/base
+      - image: cimg/base:current
+
+    # Add steps to the job
+    # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps
+    steps:
+      # Checkout the code as the first step.
+      - checkout
+      - run:
+          name: "Say hello"
+          command: "echo Hello, World!"
+
+# Orchestrate jobs using workflows
+# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows
+workflows:
+  say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow.
+    # Inside the workflow, you define the jobs you want to run.
+    jobs:
+      - say-hello
\ No newline at end of file
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 000000000..9bbf3ba2a
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,39 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency review'
+on:
+  pull_request:
+    branches: [ "master" ]
+
+# If using a dependency submission action in this workflow this permission will need to be set to:
+#
+# permissions:
+#   contents: write
+#
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
+permissions:
+  contents: read
+  # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
+        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+        with:
+          comment-summary-in-pr: always
+        #   fail-on-severity: moderate
+        #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
+        #   retry-on-snapshot-warnings: true
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..034e84803
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/package-lock.json b/package-lock.json
index 611e3c970..8927c38de 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,12 +9,12 @@
       "version": "7.0.0-rc.0",
       "license": "MIT",
       "dependencies": {
-        "@noble/hashes": "^1.2.0",
+        "@noble/hashes": "^1.7.1",
         "bech32": "^2.0.0",
         "bip174": "^3.0.0-rc.0",
         "bs58check": "^4.0.0",
         "uint8array-tools": "^0.0.9",
-        "valibot": "^0.38.0",
+        "valibot": "^0.42.1",
         "varuint-bitcoin": "^2.0.0"
       },
       "devDependencies": {
@@ -738,9 +738,10 @@
       }
     },
     "node_modules/@noble/hashes": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.5.0.tgz",
-      "integrity": "sha512-1j6kQFb7QRru7eKN3ZDvRcP13rugwdxZqCjbiAVZfIJwgj2A65UmT4TgARXGlXgnRkORLTDTrO19ZErt7+QXgA==",
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.7.1.tgz",
+      "integrity": "sha512-B8XBPsn4vT/KJAGqDzbwztd+6Yte3P4V7iafm24bxgDe/mlRuK6xmWPuCNrKt2vDafZ8MfJLlchDG/vYafQEjQ==",
+      "license": "MIT",
       "engines": {
         "node": "^14.21.3 || >=16"
       },
@@ -3872,9 +3873,10 @@
       }
     },
     "node_modules/valibot": {
-      "version": "0.38.0",
-      "resolved": "https://registry.npmjs.org/valibot/-/valibot-0.38.0.tgz",
-      "integrity": "sha512-RCJa0fetnzp+h+KN9BdgYOgtsMAG9bfoJ9JSjIhFHobKWVWyzM3jjaeNTdpFK9tQtf3q1sguXeERJ/LcmdFE7w==",
+      "version": "0.42.1",
+      "resolved": "https://registry.npmjs.org/valibot/-/valibot-0.42.1.tgz",
+      "integrity": "sha512-3keXV29Ar5b//Hqi4MbSdV7lfVp6zuYLZuA9V1PvQUsXqogr+u5lvLPLk3A4f74VUXDnf/JfWMN6sB+koJ/FFw==",
+      "license": "MIT",
       "peerDependencies": {
         "typescript": ">=5"
       },
diff --git a/package.json b/package.json
index ca47758a9..34160d638 100644
--- a/package.json
+++ b/package.json
@@ -63,26 +63,26 @@
     "src"
   ],
   "dependencies": {
-    "@noble/hashes": "^1.2.0",
+    "@noble/hashes": "^1.7.1",
     "bech32": "^2.0.0",
     "bip174": "^3.0.0-rc.0",
     "bs58check": "^4.0.0",
     "uint8array-tools": "^0.0.9",
-    "valibot": "^0.38.0",
+    "valibot": "^0.42.1",
     "varuint-bitcoin": "^2.0.0"
   },
   "devDependencies": {
     "bitcoinjs-lib": ".",
     "@eslint/eslintrc": "^3.1.0",
     "@eslint/js": "^9.9.1",
-    "@types/bs58": "^4.0.0",
+    "@types/bs58": "^5.0.0",
     "@types/bs58check": "^2.1.0",
     "@types/mocha": "^5.2.7",
     "@types/node": "^18.7.14",
     "@types/proxyquire": "^1.3.28",
     "@types/randombytes": "^2.0.0",
     "@typescript-eslint/eslint-plugin": "^8.2.0",
-    "@typescript-eslint/parser": "^8.2.0",
+    "@typescript-eslint/parser": "^8.30.1",
     "better-npm-audit": "^3.7.3",
     "bip32": "^5.0.0-rc.0",
     "bip39": "^3.1.0",
@@ -97,13 +97,13 @@
     "globals": "^15.9.0",
     "hoodwink": "^2.0.0",
     "minimaldata": "^1.0.2",
-    "mocha": "^10.6.0",
+    "mocha": "^11.0.1",
     "c8": "^10.1.2",
     "prettier": "^3.0.0",
     "proxyquire": "^2.0.1",
     "randombytes": "^2.1.0",
     "regtest-client": "0.2.0",
-    "rimraf": "^2.6.3",
+    "rimraf": "^4.3.1",
     "tiny-secp256k1": "^2.2.0",
     "tsx": "^4.17.0",
     "typedoc": "^0.26.6",