Conversation
ea7e889 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
|
|
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
Reviewer's GuideStreamlines the CI test workflow by upgrading GitHub Actions to v4, introducing a clean step before builds, consolidating all per-package tests into a single test job that depends on the build, and integrating Foundry/Anvil for tests that require an Arbitrum forked network. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The
testsjob depends onbuildbut still re-runspnpm buildandinstall-dependencies; consider relying on the build artifacts or caching instead of rebuilding/reinstalling to avoid redundant work. - The previous workflow ran
pnpm typecheckandpnpm lintin thebuildjob, which are now removed; if this is unintentional, you may want to reintroduce them or move them to a separate job so static checks still run in CI. - Anvil is started in the background without any explicit readiness check; if tests occasionally fail due to the node not being ready in time, consider adding a small wait or a health-check loop before running
pnpm test.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `tests` job depends on `build` but still re-runs `pnpm build` and `install-dependencies`; consider relying on the build artifacts or caching instead of rebuilding/reinstalling to avoid redundant work.
- The previous workflow ran `pnpm typecheck` and `pnpm lint` in the `build` job, which are now removed; if this is unintentional, you may want to reintroduce them or move them to a separate job so static checks still run in CI.
- Anvil is started in the background without any explicit readiness check; if tests occasionally fail due to the node not being ready in time, consider adding a small wait or a health-check loop before running `pnpm test`.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
This was
linked to
issues
Jan 9, 2026
Dargon789
added a commit
that referenced
this pull request
Jan 19, 2026
* 2.3.7 (#131) * fix broken guard private key * Expose access to passkey credential list * Dapp client direct txn request (0xsequence#856) * Signature request refactor * WIP * Refactor * Update dapp-client exports (0xsequence#858) * Add hasPermission method to DappClient (0xsequence#859) * Save discovered passkey credentials upon login * Expose name property in PasskeySignupArgs * Fix blacklist sort * Add multi server script * relayer: /SimulateV3 (0xsequence#857) * Add await for handleOpenDB scheduleExpiration * Update increment to always include native once used * Fix session tests * Adding lastLoginAt to PasskeyCredential * LoginToPasskeyArgs now accept a credentialId which is used to specify which credential to use * Adding onSignatureRequestStatus function to register single use callbacks for when a request reaches a terminal state of completed or cancelled * When a login is cancelled we can remove the wallet which is logging-in * Add RC3 contracts * Sessions space restriction * Dedupe signers for encoding * Support RC3 sessions * Tightly increment call validation * CLI defaults to RC3 wallet code * Rc3 address test * Fix hashing tests * Add deprecated encoding test * wdk: throw errors from otp respond callback (0xsequence#864) * wdk: throw errors from otp respond callback * wdk: otp auth error and handler refactor * Handle guard 2FA (0xsequence#861) * guard: return a specific error when auth required * core: pass guard token to the service * wdk: handle prompting for guard 2FA code * dapp-client: handle prompting for guard 2FA code * guard 2fa tests * wdk: separate wallet and sessions guards * dapp-client: remove guard 2fa * dapp-client: fix imports * fix guard tests * wdk: remove unneeded promise resolve * Update relayer and api gen.ts, force public packages * Add standalone fetch queued payloads * Replacing GuardRole enum with string union type, as well as replacing guardAddresses Map with Record<GuardRole, Address> * Fallback to chain for non-logged in recovery * Add Katana, Sandbox Tesnet, Incentiv Testnet v2 (0xsequence#873) * Update a few remaining dev1 contract addresses to rc3 (0xsequence#874) * Remove unnecessary console.error where we already throw error * Improve DappClient hasPermission method * Wallet db try checksum and lowercase * Update dapp client json utils to include Map reviver and replacer * Bump next in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.4.2 to 15.4.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.2...v15.4.7) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.7 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Update type name, update exports for dapp client * Expired explicit sessions can't sign * Improve session validity test * session isValid returns invalid reason * InvalidReason is typed * Support multiple identity signers in sessions configuration * Device signers can approve implicit sessions * Remove invalid test * Fix recursion * Fix comment * Improve test stability by reducing race conditions * Do not set passkey signer as identity signer * Use length checks * Throw on missing identity signer * Encoding requires identity signer to encode * Fix test * Refactor/types namings tsdoc redundant code (0xsequence#880) * refactor types, namings, ts doc * fix session response payload * change parameter name * change parameter name * change type in tests * improve types and dapp client methods * fix session test to use new types * refactor * refactor implicit sessions array in chain session manager * remove unused types * remove unused types and add ConnectionError * update pnpm lock * move reusable session types to wallet-core * Update some imports and update some response type names --------- Co-authored-by: Tolgahan Arikan <tolgahan.arikan@gmail.com> * Fix check for explicit session for the updated type in dapp-client * Update api.gen.ts and relayer.gen.ts * Add missing chainId for dapp client event * Fix initializing new chain session manager on redirect * Add support for non-viem, custom Sequence chains (0xsequence#882) * Update issue templates * Provider sent to prepareBlankEnvelope * Add session signature decoding * Add feeTokens endpoint to relayer (0xsequence#885) * const for node length * Clearer blacklist size encoding * identity signer node length * Potential fix for code scanning alert no. 84: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * add getFeeTokens to dapp client (0xsequence#889) * add getFeeTokens to dapp client * fix typo * make getFeeTokens independent of chain session manager and initialize state (0xsequence#890) * make getFeeTokens independent of chain session manager and initialized state * remove getFeeTokens from chain session manager * Throw specific error when trying to sign with an expired session (0xsequence#887) * Throw when supported session signer is expired * Fix tests * Make dapp-client implicit sessions chain agnostic (0xsequence#893) * Add Monad, remove LAOS and Root Network * Bump the npm_and_yarn group across 3 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Bump happy-dom in the npm_and_yarn group across 1 directory (#69) Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 20.0.0 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.0.0...v20.0.2) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Create SECURITY.md for security policy (#70) * Create SECURITY.md for security policy Add a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Add support for sessionless dapp connection (0xsequence#896) * Refactor relayer package & update dependant packages (0xsequence#891) * refactor exports for relayer (0xsequence#900) * Add Arc Testnet * Fix changelog config * Sessionless connection upgrade and error handling in DappClient (0xsequence#902) * dapp-client: add sessionless snapshot restore flow * Bump the npm_and_yarn group across 3 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (0xsequence#906) * Pass request to PromptCodeHandler in guard registerUI (0xsequence#909) * Pass request to PromptCodeHandler in guard registerUI * Fixing guard registerUI test * guard: allow using recovery code as 2FA token (0xsequence#910) * guard: allow using recovery code as 2FA token * Cleanup types of ResponseFn --------- Co-authored-by: Corban Riley <corbanbrook@gmail.com> * Add a way to reset 2fa when using a backup code (0xsequence#911) * Add a way to reset 2fa when using a backup code * use the GuardToken type instead of breaking out the props * Update SECURITY.md Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/wallet/dapp-client/src/DappTransport.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/src/App.tsx Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create FUNDING.json (#90) Enhancements: Include FUNDING.json to display GitHub sponsorship options in the repository Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create config.yml (#91) Add initial CircleCI configuration to enable automated builds using a custom Docker executor and a defined workflow. Build: Add .circleci/config.yml with version 2.1 specification and custom Docker executor. CI: Define web3-defi-game-project job with checkout step. Set up my-custom-workflow to run the job. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Add rc4 contracts * Set rc4 as default and add it to lists * Session enhanced replay protection * New sessions replay protection hashes payload * Use the 4337 factory wrapper * Update keymachine url in dapp-client constants * Update keymachine url in Provider constructor * SSR safety (0xsequence#915) * SSR safety test * Fix CI job * Guard dapp-client for SSR (lazy transport, browser checks, gated storage) * Fix guard topology (0xsequence#918) * Use proper guard topology * Test and fixes * login and setup tests * Switch prod manager settings (0xsequence#917) * Add prod guard and identity instrument info * Remove completed TODOs * Small JS tweaks (0xsequence#919) * Fix type exports to built declarations * Update repository links to current package paths * Improve Next app tooling and React typings * Expose primitives CLI bin and use base lint config * Update relayer.gen.ts and TransactionPrecondition interface * Update api.gen.ts * Update metadata.gen.ts * Update marketplace.gen.ts * Update guard.gen.ts * Support multiple identity signers in sessions configuration * Device signers can approve implicit sessions * Remove invalid test * Fix recursion * Fix comment * Improve test stability by reducing race conditions * Do not set passkey signer as identity signer * Use length checks * Throw on missing identity signer * Encoding requires identity signer to encode * Fix test * Refactor/types namings tsdoc redundant code (0xsequence#880) * refactor types, namings, ts doc * fix session response payload * change parameter name * change parameter name * change type in tests * improve types and dapp client methods * fix session test to use new types * refactor * refactor implicit sessions array in chain session manager * remove unused types * remove unused types and add ConnectionError * update pnpm lock * move reusable session types to wallet-core * Update some imports and update some response type names --------- Co-authored-by: Tolgahan Arikan <tolgahan.arikan@gmail.com> * Fix check for explicit session for the updated type in dapp-client * Update api.gen.ts and relayer.gen.ts * Add missing chainId for dapp client event * Fix initializing new chain session manager on redirect * Add support for non-viem, custom Sequence chains (0xsequence#882) * Provider sent to prepareBlankEnvelope * Add session signature decoding * const for node length * Clearer blacklist size encoding * identity signer node length * Add feeTokens endpoint to relayer (0xsequence#885) * add getFeeTokens to dapp client (0xsequence#889) * add getFeeTokens to dapp client * fix typo * make getFeeTokens independent of chain session manager and initialize state (0xsequence#890) * make getFeeTokens independent of chain session manager and initialized state * remove getFeeTokens from chain session manager * Throw specific error when trying to sign with an expired session (0xsequence#887) * Throw when supported session signer is expired * Fix tests * Make dapp-client implicit sessions chain agnostic (0xsequence#893) * Add Monad, remove LAOS and Root Network * Add support for sessionless dapp connection (0xsequence#896) * Refactor relayer package & update dependant packages (0xsequence#891) * refactor exports for relayer (0xsequence#900) * Add Arc Testnet * Fix changelog config * Sessionless connection upgrade and error handling in DappClient (0xsequence#902) * dapp-client: add sessionless snapshot restore flow * Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (0xsequence#906) * Pass request to PromptCodeHandler in guard registerUI (0xsequence#909) * Pass request to PromptCodeHandler in guard registerUI * Fixing guard registerUI test * guard: allow using recovery code as 2FA token (0xsequence#910) * guard: allow using recovery code as 2FA token * Cleanup types of ResponseFn --------- Co-authored-by: Corban Riley <corbanbrook@gmail.com> * Add a way to reset 2fa when using a backup code (0xsequence#911) * Add a way to reset 2fa when using a backup code * use the GuardToken type instead of breaking out the props * Add rc4 contracts * Set rc4 as default and add it to lists * Session enhanced replay protection * New sessions replay protection hashes payload * Use the 4337 factory wrapper * Update keymachine url in dapp-client constants * Update keymachine url in Provider constructor * SSR safety (0xsequence#915) * Guard dapp-client for SSR (lazy transport, browser checks, gated storage) * Fix guard topology (0xsequence#918) * Use proper guard topology * Test and fixes * login and setup tests * Switch prod manager settings (0xsequence#917) * Add prod guard and identity instrument info * Remove completed TODOs * Small JS tweaks (0xsequence#919) * Fix type exports to built declarations * Update repository links to current package paths * Improve Next app tooling and React typings * Expose primitives CLI bin and use base lint config * Update relayer.gen.ts and TransactionPrecondition interface * Update relayer.gen.ts and TransactionPrecondition interface (0xsequence#920) * 3.0.0-beta.1 * identity-instrument: generate nonce from current time (0xsequence#921) * Remove publish-dists.yml github action (0xsequence#923) * 3.0.0-beta.2 * Clean up changeset config * Improve test stability by removing race conditions * Ensure build before test * Updating happy-dom to 20.0.10 (0xsequence#926) * Add support for custom auth providers (authcode & authcode-pkce only) (0xsequence#894) * Add support for custom auth providers (authcode & authcode-pkce only) * fix authcode tests * Updating Deps November 2025 (0xsequence#927) * Updating deps for the workspace root * Updating deps for wallet/wdk * Fixing sessions test for latest vitest * Lets not upgrade to the latest typescript quite yet * Updating to latest vitest * Updating deps for wallet/core * Updating deps for wallet/primitives-cli * Updating deps for wallet/dapp-client * Adding syncpack to check for dep version inconsistencies * Setup syncpack versionGroups for pnpm workspace:^ * Fixing dep versions mismatches * Fixing @types/node mismatches * Adding syncpack to pre commit hook * Remove the syncpack format script. * Update ox to v9.17.0 (0xsequence#928) * Upgrading ox to 9.17.0 * WrappedSignature renamed to SignatureErc6492 * Fixing PasskeySignatureValidator interface * Lock ox lib dep to use the same version with pnpm overrides and update viem to latest * Fix explicitSessionRequested check in dapp client * Typescript 5.9.3 (0xsequence#930) * Upgrading to typescript v5.9.3 * Fix type errors that arose from typescript upgrade related to Bytes and Buffer source typings. * Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP (0xsequence#931) * Update pnpm * Mark @0xsequence/wallet-primitives-cli as private * 3.0.0-beta.3 * changeset cleanup * Fix rc4 4337 factory (0xsequence#933) * Add rc5 and set it as default (0xsequence#934) * 3.0.0-beta.4 * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Bump next from 15.5.5 to 15.5.7 (0xsequence#936) Bumps [next](https://github.com/vercel/next.js) from 15.5.5 to 15.5.7. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.5...v15.5.7) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add userdata service client (0xsequence#940) * Skip LocalDevice identity signers not on current device (0xsequence#942) * Skip LocalDevice identity signers not on current device * Update log * 3.0.0-beta.5 * Update config.yml (#102) * Update config.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .circleci/config.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Update config.yml (#103) * Update config.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .circleci/config.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * fix: extras/web/package.json to reduce vulnerabilities (#101) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: extras/docs/package.json to reduce vulnerabilities (#100) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#104) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697 - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-IMAGESIZE-9634164 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14114940 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125097 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125745 - https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729 - https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-SEND-7926862 - https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Revert "Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/npm_and_yarn-318c02e2da'" This reverts commit fd0fdf9, reversing changes made to cba7894. * fix: extras/web/package.json to reduce vulnerabilities (#109) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: extras/docs/package.json to reduce vulnerabilities (#106) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump next in the npm_and_yarn group across 1 directory (#110) Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.5.7 to 15.5.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.7...v15.5.9) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Delete .github/workflows/fortify.yml (#111) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * fix: extras/web/package.json to reduce vulnerabilities (#107) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump the npm_and_yarn group across 1 directory with 3 updates (#115) Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.5.5 to 15.5.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.5...v15.5.9) Updates `happy-dom` from 17.6.3 to 20.0.11 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.11) Updates `vite` from 7.1.10 to 7.2.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.2.7/packages/vite) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.2.7 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump next from 15.5.7 to 15.5.9 (0xsequence#944) Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.7...v15.5.9) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Pin foundry to v1.5.0 instead of nightly (0xsequence#947) * Include repo and extras in syncpack config to ensure deps are synced (0xsequence#945) * Include repo and extras in syncpack config to ensure deps are synced across all * Updating support deps * Updating deps * Updating pnpm lock * Fixing type errors within wdk tests * Short circuit 404s (0xsequence#949) * skip witness on signers that don't support it * add passkey to test * 3.0.0-beta.6 * Update tests.yml (#119) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update config.yml (#120) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/services/identity-instrument/src/index.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * feat: upgrade @wagmi/cli from 0.1.15 to 2.8.0 (#126) Snyk has created this PR to upgrade @wagmi/cli from 0.1.15 to 2.8.0. See this package in npm: @wagmi/cli See this project in Snyk: https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Potential fix for code scanning alert no. 82: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 62: Information exposure through a stack trace Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Patryk Kalinowski <patryk@kalinowski.dev> Co-authored-by: Corban Riley <corbanbrook@gmail.com> Co-authored-by: tolgahan-arikan <tolgahan.arikan@gmail.com> Co-authored-by: Agusx1211 <agusgit@pm.me> Co-authored-by: Michael Standen <screaminghawk@gmail.com> Co-authored-by: William Hua <william@attente.ca> Co-authored-by: Michael Standen <mstan@horizon.io> Co-authored-by: Patryk Kalinowski <pkal@horizon.io> Co-authored-by: Taylan Pince <taylanpince@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <56271768+VGabriel45@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update extras/docs/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update extras/web/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * 0xsequence-1.9.19 # 0xsequence-#1.9.19 * Update packages/0xsequence/tests/browser/wallet-provider/dapp.test.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/auth/src/session.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update tests.yml (#187) ea7e889 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 61: Cross-window communication with unrestricted target origin Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Patryk Kalinowski <patryk@kalinowski.dev> Co-authored-by: Corban Riley <corbanbrook@gmail.com> Co-authored-by: tolgahan-arikan <tolgahan.arikan@gmail.com> Co-authored-by: Agusx1211 <agusgit@pm.me> Co-authored-by: Michael Standen <screaminghawk@gmail.com> Co-authored-by: William Hua <william@attente.ca> Co-authored-by: Michael Standen <mstan@horizon.io> Co-authored-by: Patryk Kalinowski <pkal@horizon.io> Co-authored-by: Taylan Pince <taylanpince@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <56271768+VGabriel45@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Dargon789
added a commit
that referenced
this pull request
Feb 3, 2026
* 2.3.7 (#131) * fix broken guard private key * Expose access to passkey credential list * Dapp client direct txn request (0xsequence#856) * Signature request refactor * WIP * Refactor * Update dapp-client exports (0xsequence#858) * Add hasPermission method to DappClient (0xsequence#859) * Save discovered passkey credentials upon login * Expose name property in PasskeySignupArgs * Fix blacklist sort * Add multi server script * relayer: /SimulateV3 (0xsequence#857) * Add await for handleOpenDB scheduleExpiration * Update increment to always include native once used * Fix session tests * Adding lastLoginAt to PasskeyCredential * LoginToPasskeyArgs now accept a credentialId which is used to specify which credential to use * Adding onSignatureRequestStatus function to register single use callbacks for when a request reaches a terminal state of completed or cancelled * When a login is cancelled we can remove the wallet which is logging-in * Add RC3 contracts * Sessions space restriction * Dedupe signers for encoding * Support RC3 sessions * Tightly increment call validation * CLI defaults to RC3 wallet code * Rc3 address test * Fix hashing tests * Add deprecated encoding test * wdk: throw errors from otp respond callback (0xsequence#864) * wdk: throw errors from otp respond callback * wdk: otp auth error and handler refactor * Handle guard 2FA (0xsequence#861) * guard: return a specific error when auth required * core: pass guard token to the service * wdk: handle prompting for guard 2FA code * dapp-client: handle prompting for guard 2FA code * guard 2fa tests * wdk: separate wallet and sessions guards * dapp-client: remove guard 2fa * dapp-client: fix imports * fix guard tests * wdk: remove unneeded promise resolve * Update relayer and api gen.ts, force public packages * Add standalone fetch queued payloads * Replacing GuardRole enum with string union type, as well as replacing guardAddresses Map with Record<GuardRole, Address> * Fallback to chain for non-logged in recovery * Add Katana, Sandbox Tesnet, Incentiv Testnet v2 (0xsequence#873) * Update a few remaining dev1 contract addresses to rc3 (0xsequence#874) * Remove unnecessary console.error where we already throw error * Improve DappClient hasPermission method * Wallet db try checksum and lowercase * Update dapp client json utils to include Map reviver and replacer * Bump next in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.4.2 to 15.4.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.2...v15.4.7) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.7 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Update type name, update exports for dapp client * Expired explicit sessions can't sign * Improve session validity test * session isValid returns invalid reason * InvalidReason is typed * Support multiple identity signers in sessions configuration * Device signers can approve implicit sessions * Remove invalid test * Fix recursion * Fix comment * Improve test stability by reducing race conditions * Do not set passkey signer as identity signer * Use length checks * Throw on missing identity signer * Encoding requires identity signer to encode * Fix test * Refactor/types namings tsdoc redundant code (0xsequence#880) * refactor types, namings, ts doc * fix session response payload * change parameter name * change parameter name * change type in tests * improve types and dapp client methods * fix session test to use new types * refactor * refactor implicit sessions array in chain session manager * remove unused types * remove unused types and add ConnectionError * update pnpm lock * move reusable session types to wallet-core * Update some imports and update some response type names --------- Co-authored-by: Tolgahan Arikan <tolgahan.arikan@gmail.com> * Fix check for explicit session for the updated type in dapp-client * Update api.gen.ts and relayer.gen.ts * Add missing chainId for dapp client event * Fix initializing new chain session manager on redirect * Add support for non-viem, custom Sequence chains (0xsequence#882) * Update issue templates * Provider sent to prepareBlankEnvelope * Add session signature decoding * Add feeTokens endpoint to relayer (0xsequence#885) * const for node length * Clearer blacklist size encoding * identity signer node length * Potential fix for code scanning alert no. 84: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * add getFeeTokens to dapp client (0xsequence#889) * add getFeeTokens to dapp client * fix typo * make getFeeTokens independent of chain session manager and initialize state (0xsequence#890) * make getFeeTokens independent of chain session manager and initialized state * remove getFeeTokens from chain session manager * Throw specific error when trying to sign with an expired session (0xsequence#887) * Throw when supported session signer is expired * Fix tests * Make dapp-client implicit sessions chain agnostic (0xsequence#893) * Add Monad, remove LAOS and Root Network * Bump the npm_and_yarn group across 3 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Bump happy-dom in the npm_and_yarn group across 1 directory (#69) Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 20.0.0 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.0.0...v20.0.2) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Create SECURITY.md for security policy (#70) * Create SECURITY.md for security policy Add a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Add support for sessionless dapp connection (0xsequence#896) * Refactor relayer package & update dependant packages (0xsequence#891) * refactor exports for relayer (0xsequence#900) * Add Arc Testnet * Fix changelog config * Sessionless connection upgrade and error handling in DappClient (0xsequence#902) * dapp-client: add sessionless snapshot restore flow * Bump the npm_and_yarn group across 3 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) Updates `happy-dom` from 17.6.3 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.2) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (0xsequence#906) * Pass request to PromptCodeHandler in guard registerUI (0xsequence#909) * Pass request to PromptCodeHandler in guard registerUI * Fixing guard registerUI test * guard: allow using recovery code as 2FA token (0xsequence#910) * guard: allow using recovery code as 2FA token * Cleanup types of ResponseFn --------- Co-authored-by: Corban Riley <corbanbrook@gmail.com> * Add a way to reset 2fa when using a backup code (0xsequence#911) * Add a way to reset 2fa when using a backup code * use the GuardToken type instead of breaking out the props * Update SECURITY.md Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/wallet/dapp-client/src/DappTransport.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/src/App.tsx Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create FUNDING.json (#90) Enhancements: Include FUNDING.json to display GitHub sponsorship options in the repository Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Create config.yml (#91) Add initial CircleCI configuration to enable automated builds using a custom Docker executor and a defined workflow. Build: Add .circleci/config.yml with version 2.1 specification and custom Docker executor. CI: Define web3-defi-game-project job with checkout step. Set up my-custom-workflow to run the job. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Add rc4 contracts * Set rc4 as default and add it to lists * Session enhanced replay protection * New sessions replay protection hashes payload * Use the 4337 factory wrapper * Update keymachine url in dapp-client constants * Update keymachine url in Provider constructor * SSR safety (0xsequence#915) * SSR safety test * Fix CI job * Guard dapp-client for SSR (lazy transport, browser checks, gated storage) * Fix guard topology (0xsequence#918) * Use proper guard topology * Test and fixes * login and setup tests * Switch prod manager settings (0xsequence#917) * Add prod guard and identity instrument info * Remove completed TODOs * Small JS tweaks (0xsequence#919) * Fix type exports to built declarations * Update repository links to current package paths * Improve Next app tooling and React typings * Expose primitives CLI bin and use base lint config * Update relayer.gen.ts and TransactionPrecondition interface * Update api.gen.ts * Update metadata.gen.ts * Update marketplace.gen.ts * Update guard.gen.ts * Support multiple identity signers in sessions configuration * Device signers can approve implicit sessions * Remove invalid test * Fix recursion * Fix comment * Improve test stability by reducing race conditions * Do not set passkey signer as identity signer * Use length checks * Throw on missing identity signer * Encoding requires identity signer to encode * Fix test * Refactor/types namings tsdoc redundant code (0xsequence#880) * refactor types, namings, ts doc * fix session response payload * change parameter name * change parameter name * change type in tests * improve types and dapp client methods * fix session test to use new types * refactor * refactor implicit sessions array in chain session manager * remove unused types * remove unused types and add ConnectionError * update pnpm lock * move reusable session types to wallet-core * Update some imports and update some response type names --------- Co-authored-by: Tolgahan Arikan <tolgahan.arikan@gmail.com> * Fix check for explicit session for the updated type in dapp-client * Update api.gen.ts and relayer.gen.ts * Add missing chainId for dapp client event * Fix initializing new chain session manager on redirect * Add support for non-viem, custom Sequence chains (0xsequence#882) * Provider sent to prepareBlankEnvelope * Add session signature decoding * const for node length * Clearer blacklist size encoding * identity signer node length * Add feeTokens endpoint to relayer (0xsequence#885) * add getFeeTokens to dapp client (0xsequence#889) * add getFeeTokens to dapp client * fix typo * make getFeeTokens independent of chain session manager and initialize state (0xsequence#890) * make getFeeTokens independent of chain session manager and initialized state * remove getFeeTokens from chain session manager * Throw specific error when trying to sign with an expired session (0xsequence#887) * Throw when supported session signer is expired * Fix tests * Make dapp-client implicit sessions chain agnostic (0xsequence#893) * Add Monad, remove LAOS and Root Network * Add support for sessionless dapp connection (0xsequence#896) * Refactor relayer package & update dependant packages (0xsequence#891) * refactor exports for relayer (0xsequence#900) * Add Arc Testnet * Fix changelog config * Sessionless connection upgrade and error handling in DappClient (0xsequence#902) * dapp-client: add sessionless snapshot restore flow * Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (0xsequence#906) * Pass request to PromptCodeHandler in guard registerUI (0xsequence#909) * Pass request to PromptCodeHandler in guard registerUI * Fixing guard registerUI test * guard: allow using recovery code as 2FA token (0xsequence#910) * guard: allow using recovery code as 2FA token * Cleanup types of ResponseFn --------- Co-authored-by: Corban Riley <corbanbrook@gmail.com> * Add a way to reset 2fa when using a backup code (0xsequence#911) * Add a way to reset 2fa when using a backup code * use the GuardToken type instead of breaking out the props * Add rc4 contracts * Set rc4 as default and add it to lists * Session enhanced replay protection * New sessions replay protection hashes payload * Use the 4337 factory wrapper * Update keymachine url in dapp-client constants * Update keymachine url in Provider constructor * SSR safety (0xsequence#915) * Guard dapp-client for SSR (lazy transport, browser checks, gated storage) * Fix guard topology (0xsequence#918) * Use proper guard topology * Test and fixes * login and setup tests * Switch prod manager settings (0xsequence#917) * Add prod guard and identity instrument info * Remove completed TODOs * Small JS tweaks (0xsequence#919) * Fix type exports to built declarations * Update repository links to current package paths * Improve Next app tooling and React typings * Expose primitives CLI bin and use base lint config * Update relayer.gen.ts and TransactionPrecondition interface * Update relayer.gen.ts and TransactionPrecondition interface (0xsequence#920) * 3.0.0-beta.1 * identity-instrument: generate nonce from current time (0xsequence#921) * Remove publish-dists.yml github action (0xsequence#923) * 3.0.0-beta.2 * Clean up changeset config * Improve test stability by removing race conditions * Ensure build before test * Updating happy-dom to 20.0.10 (0xsequence#926) * Add support for custom auth providers (authcode & authcode-pkce only) (0xsequence#894) * Add support for custom auth providers (authcode & authcode-pkce only) * fix authcode tests * Updating Deps November 2025 (0xsequence#927) * Updating deps for the workspace root * Updating deps for wallet/wdk * Fixing sessions test for latest vitest * Lets not upgrade to the latest typescript quite yet * Updating to latest vitest * Updating deps for wallet/core * Updating deps for wallet/primitives-cli * Updating deps for wallet/dapp-client * Adding syncpack to check for dep version inconsistencies * Setup syncpack versionGroups for pnpm workspace:^ * Fixing dep versions mismatches * Fixing @types/node mismatches * Adding syncpack to pre commit hook * Remove the syncpack format script. * Update ox to v9.17.0 (0xsequence#928) * Upgrading ox to 9.17.0 * WrappedSignature renamed to SignatureErc6492 * Fixing PasskeySignatureValidator interface * Lock ox lib dep to use the same version with pnpm overrides and update viem to latest * Fix explicitSessionRequested check in dapp client * Typescript 5.9.3 (0xsequence#930) * Upgrading to typescript v5.9.3 * Fix type errors that arose from typescript upgrade related to Bytes and Buffer source typings. * Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP (0xsequence#931) * Update pnpm * Mark @0xsequence/wallet-primitives-cli as private * 3.0.0-beta.3 * changeset cleanup * Fix rc4 4337 factory (0xsequence#933) * Add rc5 and set it as default (0xsequence#934) * 3.0.0-beta.4 * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update wagmi-project/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Bump next from 15.5.5 to 15.5.7 (0xsequence#936) Bumps [next](https://github.com/vercel/next.js) from 15.5.5 to 15.5.7. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.5...v15.5.7) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add userdata service client (0xsequence#940) * Skip LocalDevice identity signers not on current device (0xsequence#942) * Skip LocalDevice identity signers not on current device * Update log * 3.0.0-beta.5 * Update config.yml (#102) * Update config.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .circleci/config.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Update config.yml (#103) * Update config.yml Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .circleci/config.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * fix: extras/web/package.json to reduce vulnerabilities (#101) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: extras/docs/package.json to reduce vulnerabilities (#100) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#104) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697 - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-IMAGESIZE-9634164 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14114940 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125097 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125745 - https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729 - https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-SEND-7926862 - https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Revert "Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/npm_and_yarn-318c02e2da'" This reverts commit fd0fdf9, reversing changes made to cba7894. * fix: extras/web/package.json to reduce vulnerabilities (#109) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: extras/docs/package.json to reduce vulnerabilities (#106) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump next in the npm_and_yarn group across 1 directory (#110) Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.5.7 to 15.5.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.7...v15.5.9) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Delete .github/workflows/fortify.yml (#111) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * fix: extras/web/package.json to reduce vulnerabilities (#107) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump the npm_and_yarn group across 1 directory with 3 updates (#115) Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.5.5 to 15.5.9 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.5...v15.5.9) Updates `happy-dom` from 17.6.3 to 20.0.11 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.11) Updates `vite` from 7.1.10 to 7.2.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.2.7/packages/vite) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.2.7 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump next from 15.5.7 to 15.5.9 (0xsequence#944) Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.7...v15.5.9) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Pin foundry to v1.5.0 instead of nightly (0xsequence#947) * Include repo and extras in syncpack config to ensure deps are synced (0xsequence#945) * Include repo and extras in syncpack config to ensure deps are synced across all * Updating support deps * Updating deps * Updating pnpm lock * Fixing type errors within wdk tests * Short circuit 404s (0xsequence#949) * skip witness on signers that don't support it * add passkey to test * 3.0.0-beta.6 * Update tests.yml (#119) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update config.yml (#120) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/services/identity-instrument/src/index.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * feat: upgrade @wagmi/cli from 0.1.15 to 2.8.0 (#126) Snyk has created this PR to upgrade @wagmi/cli from 0.1.15 to 2.8.0. See this package in npm: @wagmi/cli See this project in Snyk: https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Potential fix for code scanning alert no. 82: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 62: Information exposure through a stack trace Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Patryk Kalinowski <patryk@kalinowski.dev> Co-authored-by: Corban Riley <corbanbrook@gmail.com> Co-authored-by: tolgahan-arikan <tolgahan.arikan@gmail.com> Co-authored-by: Agusx1211 <agusgit@pm.me> Co-authored-by: Michael Standen <screaminghawk@gmail.com> Co-authored-by: William Hua <william@attente.ca> Co-authored-by: Michael Standen <mstan@horizon.io> Co-authored-by: Patryk Kalinowski <pkal@horizon.io> Co-authored-by: Taylan Pince <taylanpince@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <56271768+VGabriel45@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update extras/docs/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update extras/web/package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * 0xsequence-1.9.19 # 0xsequence-#1.9.19 * Update packages/0xsequence/tests/browser/wallet-provider/dapp.test.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/auth/src/session.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update tests.yml (#187) ea7e889 Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 61: Cross-window communication with unrestricted target origin Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update packages/deployer/src/UniversalDeployer.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Patryk Kalinowski <patryk@kalinowski.dev> Co-authored-by: Corban Riley <corbanbrook@gmail.com> Co-authored-by: tolgahan-arikan <tolgahan.arikan@gmail.com> Co-authored-by: Agusx1211 <agusgit@pm.me> Co-authored-by: Michael Standen <screaminghawk@gmail.com> Co-authored-by: William Hua <william@attente.ca> Co-authored-by: Michael Standen <mstan@horizon.io> Co-authored-by: Patryk Kalinowski <pkal@horizon.io> Co-authored-by: Taylan Pince <taylanpince@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <56271768+VGabriel45@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ea7e889
Summary by Sourcery
Simplify and modernize the CI test workflow configuration.
Build:
CI: