[Snyk] Security upgrade happy-dom from 17.4.4 to 20.0.0 by Dargon789 · Pull Request #367 · Dargon789/thirdweb-dev

Dargon789 · 2025-10-12T15:15:48Z

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

packages/thirdweb/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-HAPPYDOM-13535083	304

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13535083

gemini-code-assist · 2025-10-12T15:16:00Z

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request is a security-focused update initiated by Snyk, aiming to bolster the project's defenses against a known 'Arbitrary Code Injection' vulnerability. It involves a significant version bump for the happy-dom library, which, while crucial for security, also necessitates a thorough review to ensure compatibility and prevent any unintended side effects due to potential breaking changes in the new major version.

Highlights

Security Upgrade: This pull request upgrades the happy-dom dependency from version 17.4.4 to 20.0.0 to address a critical security vulnerability.
Vulnerability Fixed: The upgrade specifically fixes an 'Arbitrary Code Injection' vulnerability (SNYK-JS-HAPPYDOM-13535083) which had a score of 304.
Automated PR: This pull request was automatically generated by Snyk to propose the security fix.
Potential Breaking Change: The upgrade to a new major version of happy-dom (20.0.0) is noted as a potential breaking change, requiring careful review.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

snyk-io · 2025-10-12T15:16:18Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

gemini-code-assist

Code Review

This pull request upgrades happy-dom to resolve a security vulnerability. While the security fix is important, the upgrade spans three major versions (from v17 to v20) and is marked as a breaking change. This introduces a critical risk of breaking the test suite. My review comment on package.json emphasizes the necessity of running all tests and fixing any failures before merging to ensure the stability of the project's CI pipeline.

gemini-code-assist · 2025-10-12T15:23:41Z

packages/thirdweb/package.json

    "expo-linking": "7.0.5",
    "expo-web-browser": "14.0.2",
-    "happy-dom": "17.4.4",
+    "happy-dom": "20.0.0",


This is a major version upgrade from v17 to v20. The Snyk metadata for this PR also indicates isBreakingChange:true. Such a large version jump for a testing environment like happy-dom has a high probability of introducing breaking changes that will cause tests to fail. Before merging, it is critical to run the full test suite and resolve any failures to avoid breaking the main branch.

github-actions · 2025-10-20T02:10:11Z

This PR has been inactive for 7 days. It is now marked as stale and will be closed in 2 days if no further activity occurs.

* WIP passkey signer * cleanup * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * [Experiment] Chart fetching strategies * Create codeql.yml Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * update dependencies * feat: upgrade nextjs-toploader from 1.6.12 to 3.8.16 (#135) Snyk has created this PR to upgrade nextjs-toploader from 1.6.12 to 3.8.16. See this package in npm: nextjs-toploader See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade shiki from 1.27.0 to 3.2.1 (#133) Snyk has created this PR to upgrade shiki from 1.27.0 to 3.2.1. See this package in npm: shiki See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade flexsearch from 0.7.43 to 0.8.143 (#134) Snyk has created this PR to upgrade flexsearch from 0.7.43 to 0.8.143. See this package in npm: flexsearch See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2 (#136) Snyk has created this PR to upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2. See this package in npm: @walletconnect/sign-client See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2 (#138) Snyk has created this PR to upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2. See this package in npm: @coinbase/wallet-sdk See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/playground-web/package.json to reduce vulnerabilities (#148) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/portal/package.json to reduce vulnerabilities (#150) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#149) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1 (#153) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade tailwindcss from 3.4.17 to 4.1.3 (#154) Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.3. See this package in npm: tailwindcss See this project in Snyk: https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump @radix-ui/react-hover-card from 1.1.7 to 1.1.11 (#145) Bumps [@radix-ui/react-hover-card](https://github.com/radix-ui/primitives) from 1.1.7 to 1.1.11. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-hover-card" dependency-version: 1.1.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @chakra-ui/cli from 2.5.6 to 3.16.1 (#146) Bumps [@chakra-ui/cli](https://github.com/chakra-ui/chakra-ui) from 2.5.6 to 3.16.1. - [Release notes](https://github.com/chakra-ui/chakra-ui/releases) - [Commits](https://github.com/chakra-ui/chakra-ui/compare/@chakra-ui/system@2.5.6...@chakra-ui/cli@3.16.1) --- updated-dependencies: - dependency-name: "@chakra-ui/cli" dependency-version: 3.16.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump vite (#155) Bumps the npm_and_yarn group with 1 update in the /packages/thirdweb directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.6 to 6.2.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.7/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.7 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Create nextjs.yml (#160) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create fluffy-rats-jog.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create static.yml Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create seven-goats-move.md (#164) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create jekyll-gh-pages.yml (#166) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * chore(deps-dev): bump vite from 6.3.2 to 6.3.4 in the npm_and_yarn group Bumps the npm_and_yarn group with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.3.2 to 6.3.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.4 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Patch 1 (#165) * [NEB-69] Nebula: Add UI for Swap and Approve transactions * Create happy-dodos-reflect.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Manan Tank <manantankm@gmail.com> * Create old-ants-melt.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.806.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.806.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#220) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: packages/thirdweb/package.json to reduce vulnerabilities (#223) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-7573289 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade tailwindcss from 3.4.17 to 4.1.11 (#239) Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.11. See this package in npm: tailwindcss See this project in Snyk: https://app.snyk.io/org/dargon789/project/0cb37033-dec9-46d7-ae3a-94e1b0ed5ca6?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#307) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-12299318 - https://snyk.io/vuln/SNYK-JS-NEXT-12301496 - https://snyk.io/vuln/SNYK-JS-NEXT-12265451 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Playground: Fix build error * fix: packages/thirdweb/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13559227 * fix: packages/thirdweb/package.json to reduce vulnerabilities (#367) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13535083 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @aws-sdk/credential-providers from 3.606.0 to 3.908.0 (#396) Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.606.0 to 3.908.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#436) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/portal/package.json to reduce vulnerabilities (#453) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Version Packages * Bump tailwind-merge from 2.6.0 to 3.4.0 (#475) Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 2.6.0 to 3.4.0. - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v3.4.0) --- updated-dependencies: - dependency-name: tailwind-merge dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Dargon789 patch 1 (#477) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create nextjs.yml Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Circleci project setup (#121) * Add .circleci/config.yml * Add .circleci/config.yml * Create tender-tigers-smash.md (#157) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .changeset/tender-tigers-smash.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Demo test app (#478) * Expand FAQ with Dedicated Relayer FAQs Added information about gas sponsorship and dedicated relayer features. Signed-off-by: samina <57885104+saminacodes@users.noreply.github.com> * Update apps/portal/src/app/wallets/faq/page.mdx Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: samina <57885104+saminacodes@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: samina <57885104+saminacodes@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Alert autofix 3 (#479) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 63: Creating biased random numbers from a cryptographically secure source Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Bump the npm_and_yarn group across 1 directory with 3 updates (#468) Bumps the npm_and_yarn group with 3 updates in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [next](https://github.com/vercel/next.js). Updates `happy-dom` from 17.4.4 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](https://github.com/capricorn86/happy-dom/compare/v17.4.4...v20.0.2) Updates `vite` from 7.1.7 to 7.1.11 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite) Updates `next` from 15.3.8 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.3.8...v15.4.10) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.1.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade posthog-js from 1.256.1 to 1.301.0 Snyk has created this PR to upgrade posthog-js from 1.256.1 to 1.301.0. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/9e426fda-67e3-407b-97c7-31a7f23d354f?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr * Alert autofix 3 (#495) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 63: Creating biased random numbers from a cryptographically secure source Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update apps/nebula/src/app/(app)/chat/history/ChatHistoryPage.stories.tsx Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/client-lambda from 3.592.0 to 3.945.0 Snyk has created this PR to upgrade @aws-sdk/client-lambda from 3.592.0 to 3.945.0. See this package in npm: @aws-sdk/client-lambda See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr * 2025 wrapped * coderabbit fix + lint fix * feat: upgrade @next/mdx from 15.3.8 to 16.0.9 (#529) Snyk has created this PR to upgrade @next/mdx from 15.3.8 to 16.0.9. See this package in npm: @next/mdx See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @next/eslint-plugin-next from 15.3.8 to 16.0.9 (#528) Snyk has created this PR to upgrade @next/eslint-plugin-next from 15.3.8 to 16.0.9. See this package in npm: @next/eslint-plugin-next See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade typescript from 5.8.3 to 5.9.3 (#501) Snyk has created this PR to upgrade typescript from 5.8.3 to 5.9.3. See this package in npm: typescript See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * [Snyk] Upgrade ox from 0.4.2 to 0.6.9 (#31) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade ox from 0.4.2 to 0.6.9 Snyk has created this PR to upgrade ox from 0.4.2 to 0.6.9. See this package in npm: ox See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#533) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @types/node from 22.14.1 to 24.3.0 (#534) * feat: upgrade @types/node from 22.14.1 to 24.3.0 Snyk has created this PR to upgrade @types/node from 22.14.1 to 24.3.0. See this package in npm: @types/node See this project in Snyk: https://app.snyk.io/org/dargon789/project/9a56ac76-05fd-4540-8761-ad10dfd5dfdf?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 60: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 46: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 56: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 61: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 54: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 53: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update apps/dashboard/src/@/actions/auth-actions.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 64: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 55: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#536) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @wagmi/core from 2.21.2 to 3.0.0 (#482) Snyk has created this PR to upgrade @wagmi/core from 2.21.2 to 3.0.0. See this package in npm: @wagmi/core See this project in Snyk: https://app.snyk.io/org/dargon789/project/876361dc-4d03-4b90-aa57-cef3ee7c9ef8?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Fix: `useWalletBalance` and the `useActiveAccount` to work with (#541) `0x{string}` addresses instead of strings. Co-authored-by: Alex T <aletapia@proton.me> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#547) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump the npm_and_yarn group across 4 directories with 2 updates (#532) Bumps the npm_and_yarn group with 2 updates in the /apps/dashboard directory: [next](https://github.com/vercel/next.js) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /apps/nebula directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /packages/thirdweb directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /packages/ui directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: upgrade @next/eslint-plugin-next from 15.2.0 to 16.0.10 (#546) Snyk has created this PR to upgrade @next/eslint-plugin-next from 15.2.0 to 16.0.10. See this package in npm: @next/eslint-plugin-next See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.948.0 (#524) Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.948.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * fix: upgrade posthog-js from 1.67.1 to 1.306.1 (#544) Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.306.1. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0 (#543) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0 (#527) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.948.0 (#525) Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.948.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Bump @storybook/react from 8.5.0 to 10.1.11 (#514) Bumps [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) from 8.5.0 to 10.1.11. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.1.11/code/renderers/react) --- updated-dependencies: - dependency-name: "@storybook/react" dependency-version: 10.1.11 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: upgrade @types/node from 22.14.1 to 24.0.15 (#550) Snyk has created this PR to upgrade @types/node from 22.14.1 to 24.0.15. See this package in npm: @types/node See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump toshimaru/auto-author-assign from 2.1.1 to 3.0.1 (#513) Bumps [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/toshimaru/auto-author-assign/releases) - [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md) - [Commits](https://github.com/toshimaru/auto-author-assign/compare/16f0022cf3d7970c106d8d1105f75a1165edb516...4d585cc37690897bd9015942ed6e766aa7cdb97f) --- updated-dependencies: - dependency-name: toshimaru/auto-author-assign dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/upload-pages-artifact from 3 to 4 (#512) Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4 to 6 (#511) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @hey-api/client-fetch from 0.10.0 to 0.13.1 (#460) Bumps [@hey-api/client-fetch](https://github.com/hey-api/openapi-ts) from 0.10.0 to 0.13.1. - [Release notes](https://github.com/hey-api/openapi-ts/releases) - [Changelog](https://github.com/hey-api/openapi-ts/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/hey-api/openapi-ts/compare/@hey-api/client-fetch@0.10.0...@hey-api/client-fetch@0.13.1) --- updated-dependencies: - dependency-name: "@hey-api/client-fetch" dependency-version: 0.13.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump knip from 5.60.2 to 5.76.3 (#473) Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.60.2 to 5.76.3. - [Release notes](https://github.com/webpro-nl/knip/releases) - [Commits](https://github.com/webpro-nl/knip/commits/5.76.3/packages/knip) --- updated-dependencies: - dependency-name: knip dependency-version: 5.76.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 (#474) * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 Bumps [@radix-ui/react-checkbox](https://github.com/radix-ui/primitives) from 1.3.2 to 1.3.3. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-checkbox" dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 Bumps [@radix-ui/react-checkbox](https://github.com/radix-ui/primitives) from 1.3.2 to 1.3.3. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-checkbox" dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * feat: upgrade @next/bundle-analyzer from 15.2.0 to 16.0.10 (#545) Snyk has created this PR to upgrade @next/bundle-analyzer from 15.2.0 to 16.0.10. See this package in npm: @next/bundle-analyzer See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * build(deps-dev): bump vite from 6.0.3 to 6.0.10 (thirdweb-dev#6002) (#537) * build(deps-dev): bump vite from 6.0.3 to 6.0.10 (thirdweb-dev#6002) (#535) * [MNY-243] Update /pay page to render BuyWidget (#8297) * Update airdrop tokens reference link (#8197) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: prithvish <prithvish@thirdweb.com> * [Docs] Add guide for using ConnectButton with wagmi application (#8294) * [SDK] Add EIP-5792 support for EIP1193.toProvider() (#8298) * [SDK] Fix: update React Native Send Funds screen to allow decimal amounts (#8299) * Version Packages (#8300) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update factory (#8301)   --- ## PR-Codex overview This PR introduces a patch for the `thirdweb` package, adding a new factory address for the `create2` deployment on the Neura testnet. ### Detailed summary - Added a new factory address for `267`: `0x4e59b44847b379578588920cA78FbF26c0B4956C` to the `FACTORIES` record in `create-2-factory.ts`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **New Features** * Added support for Neura testnet in Create2 factory deployments.  * [MNY-237] SDK: Update theme colors, minor UI tweaks (#8305)   --- ## PR-Codex overview This PR focuses on updating theme colors and making minor UI tweaks across various React components in the `thirdweb` package. ### Detailed summary - Updated `weight` from `600` to `500` in multiple components' `Text`. - Adjusted `border` styles in `Container` components. - Modified padding and margin in several layout elements. - Enhanced UI elements with consistent `letterSpacing` and `fontSize`. - Added new theme stories for `darkThemeObj` and `lightThemeObj`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit - **New Features** - Added Storybook theme showcase displaying color tokens and design system palette - **Bug Fixes** - Improved loading skeleton UI with better scrollable layout and visual consistency - **Style** - Refactored theme system with explicit color objects - Updated button styling with adjusted border radius and padding - Refined typography (font weights) across UI components - Adjusted layout spacing and padding throughout Bridge and wallet components - Increased QR code size for improved visibility - **Chores** - Added changeset documentation for patch release  * Dashboard: Fix horizontal overflow in /bridge page (#8302)   --- ## PR-Codex overview This PR focuses on enhancing the styling of the `bridge-page` component by adding an `overflow-hidden` class to a `div`, which likely improves the layout and prevents overflow issues. ### Detailed summary - Added `overflow-hidden` class to the `div` in the `bridge-page` component to manage overflow behavior. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Style** * Updated the bridge page container to refine content display behavior and ensure consistent visual presentation.  * [MNY-289] SDK: Fix token selection UI loading state when wallet is connected to a chain that is not supported by tw bridge (#8304)   --- ## PR-Codex overview This PR addresses an issue with the `Select Token` UI being stuck in a loading state when the wallet is connected to an unsupported chain by the `thirdweb Bridge`. It modifies the logic for selecting the default chain in various widgets. ### Detailed summary - Updated the function from `getDefaultSelectedChain` to `findChain` for clarity. - Improved logic to handle cases where `activeChainId` is undefined. - Adjusted the selection of `selectedChain` to use the new `findChain` function, ensuring proper fallback options. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit ## Bug Fixes * Fixed Select Token components from remaining in loading state when the connected wallet chain is not supported by thirdweb Bridge. This affects BuyWidget, SwapWidget, and BridgeWidget.  * [Playground] Use production API URL (#8307) * Filter out null-ish values from ERC721 and ERC1155 getNFTs() arrays (#8311) * Handle null metadata in ERC721 and ERC1155 getNFT functions (#8312) * [X402] Fix network comparison in decodePaymentRequest (#8313) * Version Packages (#8303) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * [SDK] Enhance compatibility with third party x402 libs (#8314) * Version Packages (#8315) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Dashboard: /pay/<id> page UI improvements, SDK: CheckoutWidget minor UI tweaks (#8310)   --- ## PR-Codex overview This PR focuses on UI enhancements and minor adjustments in the `CheckoutWidget` and related components of the payment dashboard, improving styling, layout, and functionality. ### Detailed summary - Minor UI adjustments in `CheckoutWidget`. - Updated `formatTokenBalance.ts` to allow more flexible currency formatting. - Added `trackingTight` prop to `Text` in `FiatValue.tsx`. - Enhanced `PayPageWidget` with new class names for styling. - Adjusted color values in SDK theme definitions. - Improved layout and spacing in `WithHeader.tsx`. - Modified text properties in `DirectPayment.tsx` for better readability. - Created a new `PayIdPageHeader` component for improved header structure. - Replaced complex JSX in `PayPage` with cleaner component structure, including `DotsBackgroundPattern`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **New Features** * Theme toggle added to Pay page headers; streamlined Pay page header and layout with decorative background. * **Style** * Refined secondary/tertiary button and background colors, typography weights/letter spacing, spacing and divider styles. * Adjusted price and label styling, currency formatting precision, and visual spacing around branding. * Pay widget now uses a fallback image when no project image is provided. * **Chores** * Added changelog entry documenting a patch release.  * Update x402 default payment validity window (#8317) * [SDK] Update x402 dependency and export additional types (#8319) * Version Packages (#8318) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * SDK: Fix Safe wallet connection issues with WalletConnect (#8327)   --- ## PR-Codex overview This PR addresses issues with the Safe wallet connection when using `WalletConnect`, ensuring better handling of account retrieval. ### Detailed summary - Updated the comment for `account` retrieval to clarify that it grabs the address from mainnet if available. - Modified the `firstAccountOn` function to return the first account from the session if no matching account is found. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Bug Fixes** * Fixed Safe wallet connection issues with WalletConnect  * Dashboard: Update faucet amount for arc testnet (#8326)   --- ## PR-Codex overview This PR adds a new entry for the `Arc testnet` in the `faucet.ts` file, enhancing the functionality to support an additional test network alongside the existing `Sophon testnet`. ### Detailed summary - Added a comment for `Arc testnet`. - Introduced a new entry `5042002: 1` for the `Arc testnet`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit - **New Features** - Introduced faucet support for the Arc testnet, allowing users connected to this network to claim test funds. - The claim amount on Arc is set to 1, ensuring consistent and predictable claims on that network. - Existing networks and the default claim behavior remain unchanged, preserving current user flows while expanding testnet coverage.  * Dashboard: Use monotone curve type for AreaChart to avoid clipping (#8329)   --- ## PR-Codex overview This PR focuses on updating the `type` property for charts from `natural` to `monotone` in various components to improve the visual representation of the data. ### Detailed summary - In `empty-chart-state.tsx`, changed `type` from `natural` to `monotone`. - In `area-chart.tsx`, changed `type` from `natural` to `monotone`. - In `ErrorRate.tsx`, changed `type` from `natural` to `monotone`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Style** * Updated chart line rendering across multiple dashboard components for improved visual consistency. Area and bar charts now use refined curve interpolation for smoother data visualization.  * add arc testnet to chains package (#8325) * [Paywall] Support string price format when tokenAddress is not provided (#8330) * [X402] Simplify FacilitatorNetworkSchema to accept any string (#8331) * Version Packages (#8328) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update implementations (#8334)   --- ## PR-Codex overview This PR focuses on updating the `MarketplaceV3` contract addresses and the `ZKSYNC_WETH` token addresses in the `implementations.ts` file. ### Detailed summary - Updated `MarketplaceV3` address for network `232` from `0x9742f5ac11958cFAd151eBF0Fc31302fA409036E` to `0xB7387cF425eC8Da1b04b8E34De86245cb32bCA6D`. - Updated `MarketplaceV3` address for network `37111` from `0x56Abb6a3f25DCcdaDa106191053b1CC54C196DEE` to `0xF8fd1016420c2B7832714241d36Efe55D41df126`. - Updated `ZKSYNC_WETH` address for network `232` from `0xE5ecd226b3032910CEaa43ba92EE8232f8237553` to `0x6bDc36E20D267Ff0dd6097799f82e78907105e2F`. - Updated `ZKSYNC_WETH` address for network `37111` from `0xaA91D645D7a6C1aeaa5988e0547267B77d33fe16` to `0xeee5a340Cdc9c179Db25dea45AcfD5FE8d4d3eB8`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Chores** * Updated contract addresses for zkSync networks: MarketplaceV3 and WETH addresses replaced for chain 232 and chain 37111. * Added a changeset marking a patch release (release metadata). * No public A…

* [Experiment] Chart fetching strategies (#631) * WIP passkey signer * cleanup * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * [Experiment] Chart fetching strategies * Create codeql.yml Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * update dependencies * feat: upgrade nextjs-toploader from 1.6.12 to 3.8.16 (#135) Snyk has created this PR to upgrade nextjs-toploader from 1.6.12 to 3.8.16. See this package in npm: nextjs-toploader See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade shiki from 1.27.0 to 3.2.1 (#133) Snyk has created this PR to upgrade shiki from 1.27.0 to 3.2.1. See this package in npm: shiki See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade flexsearch from 0.7.43 to 0.8.143 (#134) Snyk has created this PR to upgrade flexsearch from 0.7.43 to 0.8.143. See this package in npm: flexsearch See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2 (#136) Snyk has created this PR to upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2. See this package in npm: @walletconnect/sign-client See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2 (#138) Snyk has created this PR to upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2. See this package in npm: @coinbase/wallet-sdk See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/playground-web/package.json to reduce vulnerabilities (#148) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/portal/package.json to reduce vulnerabilities (#150) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#149) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1 (#153) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade tailwindcss from 3.4.17 to 4.1.3 (#154) Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.3. See this package in npm: tailwindcss See this project in Snyk: https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump @radix-ui/react-hover-card from 1.1.7 to 1.1.11 (#145) Bumps [@radix-ui/react-hover-card](https://github.com/radix-ui/primitives) from 1.1.7 to 1.1.11. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-hover-card" dependency-version: 1.1.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @chakra-ui/cli from 2.5.6 to 3.16.1 (#146) Bumps [@chakra-ui/cli](https://github.com/chakra-ui/chakra-ui) from 2.5.6 to 3.16.1. - [Release notes](https://github.com/chakra-ui/chakra-ui/releases) - [Commits](https://github.com/chakra-ui/chakra-ui/compare/@chakra-ui/system@2.5.6...@chakra-ui/cli@3.16.1) --- updated-dependencies: - dependency-name: "@chakra-ui/cli" dependency-version: 3.16.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump vite (#155) Bumps the npm_and_yarn group with 1 update in the /packages/thirdweb directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.2.6 to 6.2.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.7/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.7 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Create nextjs.yml (#160) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create fluffy-rats-jog.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create static.yml Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create seven-goats-move.md (#164) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Create jekyll-gh-pages.yml (#166) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * chore(deps-dev): bump vite from 6.3.2 to 6.3.4 in the npm_and_yarn group Bumps the npm_and_yarn group with 1 update: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.3.2 to 6.3.4 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.4 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * Patch 1 (#165) * [NEB-69] Nebula: Add UI for Swap and Approve transactions * Create happy-dodos-reflect.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Manan Tank <manantankm@gmail.com> * Create old-ants-melt.md Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.806.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.806.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#220) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: packages/thirdweb/package.json to reduce vulnerabilities (#223) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FASTXMLPARSER-7573289 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade tailwindcss from 3.4.17 to 4.1.11 (#239) Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.11. See this package in npm: tailwindcss See this project in Snyk: https://app.snyk.io/org/dargon789/project/0cb37033-dec9-46d7-ae3a-94e1b0ed5ca6?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#307) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-12299318 - https://snyk.io/vuln/SNYK-JS-NEXT-12301496 - https://snyk.io/vuln/SNYK-JS-NEXT-12265451 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Playground: Fix build error * fix: packages/thirdweb/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13559227 * fix: packages/thirdweb/package.json to reduce vulnerabilities (#367) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13535083 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @aws-sdk/credential-providers from 3.606.0 to 3.908.0 (#396) Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.606.0 to 3.908.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/wallet-ui/package.json to reduce vulnerabilities (#436) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14173355 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: apps/portal/package.json to reduce vulnerabilities (#453) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Version Packages * Bump tailwind-merge from 2.6.0 to 3.4.0 (#475) Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 2.6.0 to 3.4.0. - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v3.4.0) --- updated-dependencies: - dependency-name: tailwind-merge dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Dargon789 patch 1 (#477) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create nextjs.yml Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Circleci project setup (#121) * Add .circleci/config.yml * Add .circleci/config.yml * Create tender-tigers-smash.md (#157) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * Update SECURITY.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .changeset/tender-tigers-smash.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Demo test app (#478) * Expand FAQ with Dedicated Relayer FAQs Added information about gas sponsorship and dedicated relayer features. Signed-off-by: samina <57885104+saminacodes@users.noreply.github.com> * Update apps/portal/src/app/wallets/faq/page.mdx Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: samina <57885104+saminacodes@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: samina <57885104+saminacodes@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> * Alert autofix 3 (#479) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 63: Creating biased random numbers from a cryptographically secure source Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Bump the npm_and_yarn group across 1 directory with 3 updates (#468) Bumps the npm_and_yarn group with 3 updates in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [next](https://github.com/vercel/next.js). Updates `happy-dom` from 17.4.4 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](https://github.com/capricorn86/happy-dom/compare/v17.4.4...v20.0.2) Updates `vite` from 7.1.7 to 7.1.11 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite) Updates `next` from 15.3.8 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.3.8...v15.4.10) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.1.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade posthog-js from 1.256.1 to 1.301.0 Snyk has created this PR to upgrade posthog-js from 1.256.1 to 1.301.0. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/9e426fda-67e3-407b-97c7-31a7f23d354f?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr * Alert autofix 3 (#495) * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 3: Insecure randomness Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 63: Creating biased random numbers from a cryptographically secure source Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update apps/nebula/src/app/(app)/chat/history/ChatHistoryPage.stories.tsx Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/client-lambda from 3.592.0 to 3.945.0 Snyk has created this PR to upgrade @aws-sdk/client-lambda from 3.592.0 to 3.945.0. See this package in npm: @aws-sdk/client-lambda See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr * 2025 wrapped * coderabbit fix + lint fix * feat: upgrade @next/mdx from 15.3.8 to 16.0.9 (#529) Snyk has created this PR to upgrade @next/mdx from 15.3.8 to 16.0.9. See this package in npm: @next/mdx See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @next/eslint-plugin-next from 15.3.8 to 16.0.9 (#528) Snyk has created this PR to upgrade @next/eslint-plugin-next from 15.3.8 to 16.0.9. See this package in npm: @next/eslint-plugin-next See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade typescript from 5.8.3 to 5.9.3 (#501) Snyk has created this PR to upgrade typescript from 5.8.3 to 5.9.3. See this package in npm: typescript See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * [Snyk] Upgrade ox from 0.4.2 to 0.6.9 (#31) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade ox from 0.4.2 to 0.6.9 Snyk has created this PR to upgrade ox from 0.4.2 to 0.6.9. See this package in npm: ox See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#533) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @types/node from 22.14.1 to 24.3.0 (#534) * feat: upgrade @types/node from 22.14.1 to 24.3.0 Snyk has created this PR to upgrade @types/node from 22.14.1 to 24.3.0. See this package in npm: @types/node See this project in Snyk: https://app.snyk.io/org/dargon789/project/9a56ac76-05fd-4540-8761-ad10dfd5dfdf?utm_source=github&utm_medium=referral&page=upgrade-pr * Update package.json Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 60: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 46: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 56: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 61: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 54: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 53: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update apps/dashboard/src/@/actions/auth-actions.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 64: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 55: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#536) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * feat: upgrade @wagmi/core from 2.21.2 to 3.0.0 (#482) Snyk has created this PR to upgrade @wagmi/core from 2.21.2 to 3.0.0. See this package in npm: @wagmi/core See this project in Snyk: https://app.snyk.io/org/dargon789/project/876361dc-4d03-4b90-aa57-cef3ee7c9ef8?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Fix: `useWalletBalance` and the `useActiveAccount` to work with (#541) `0x{string}` addresses instead of strings. Co-authored-by: Alex T <aletapia@proton.me> * Snyk upgrade 17006d71110c1034fc178f5d18144bc8 (#547) * update * build(deps): bump shiki from 1.27.0 to 2.3.2 Bumps [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) from 1.27.0 to 2.3.2. - [Release notes](https://github.com/shikijs/shiki/releases) - [Commits](https://github.com/shikijs/shiki/commits/v2.3.2/packages/shiki) --- updated-dependencies: - dependency-name: shiki dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0 Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.734.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/e7fa878f-9d48-45bd-a72d-921183752fef?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade posthog-js from 1.67.1 to 1.210.2 Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.210.2. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade viem from 2.21.55 to 2.22.15 Snyk has created this PR to upgrade viem from 2.21.55 to 2.22.15. See this package in npm: viem See this project in Snyk: https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Kien Ngo <github@kien.ngo> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump the npm_and_yarn group across 4 directories with 2 updates (#532) Bumps the npm_and_yarn group with 2 updates in the /apps/dashboard directory: [next](https://github.com/vercel/next.js) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /apps/nebula directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /packages/thirdweb directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 1 update in the /packages/ui directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `next` from 15.2.0 to 15.4.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/compare/v15.2.0...v15.4.10) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 8.6.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `storybook` from 9.0.15 to 9.1.17 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.4.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 9.1.17 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: upgrade @next/eslint-plugin-next from 15.2.0 to 16.0.10 (#546) Snyk has created this PR to upgrade @next/eslint-plugin-next from 15.2.0 to 16.0.10. See this package in npm: @next/eslint-plugin-next See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/credential-providers from 3.592.0 to 3.948.0 (#524) Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.592.0 to 3.948.0. See this package in npm: @aws-sdk/credential-providers See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * fix: upgrade posthog-js from 1.67.1 to 1.306.1 (#544) Snyk has created this PR to upgrade posthog-js from 1.67.1 to 1.306.1. See this package in npm: posthog-js See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0 (#543) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0 (#527) Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.49.0. See this package in npm: @typescript-eslint/parser See this project in Snyk: https://app.snyk.io/org/dargon789/project/8e2d836e-87a2-45e4-84cc-3e8e3d441352?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.948.0 (#525) Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.948.0. See this package in npm: @aws-sdk/client-kms See this project in Snyk: https://app.snyk.io/org/dargon789/project/43dedf32-8474-4b27-9807-1476b30ddc33?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * Bump @storybook/react from 8.5.0 to 10.1.11 (#514) Bumps [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) from 8.5.0 to 10.1.11. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.1.11/code/renderers/react) --- updated-dependencies: - dependency-name: "@storybook/react" dependency-version: 10.1.11 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: upgrade @types/node from 22.14.1 to 24.0.15 (#550) Snyk has created this PR to upgrade @types/node from 22.14.1 to 24.0.15. See this package in npm: @types/node See this project in Snyk: https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Bump toshimaru/auto-author-assign from 2.1.1 to 3.0.1 (#513) Bumps [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) from 2.1.1 to 3.0.1. - [Release notes](https://github.com/toshimaru/auto-author-assign/releases) - [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md) - [Commits](https://github.com/toshimaru/auto-author-assign/compare/16f0022cf3d7970c106d8d1105f75a1165edb516...4d585cc37690897bd9015942ed6e766aa7cdb97f) --- updated-dependencies: - dependency-name: toshimaru/auto-author-assign dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/upload-pages-artifact from 3 to 4 (#512) Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4 to 6 (#511) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @hey-api/client-fetch from 0.10.0 to 0.13.1 (#460) Bumps [@hey-api/client-fetch](https://github.com/hey-api/openapi-ts) from 0.10.0 to 0.13.1. - [Release notes](https://github.com/hey-api/openapi-ts/releases) - [Changelog](https://github.com/hey-api/openapi-ts/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/hey-api/openapi-ts/compare/@hey-api/client-fetch@0.10.0...@hey-api/client-fetch@0.13.1) --- updated-dependencies: - dependency-name: "@hey-api/client-fetch" dependency-version: 0.13.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump knip from 5.60.2 to 5.76.3 (#473) Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.60.2 to 5.76.3. - [Release notes](https://github.com/webpro-nl/knip/releases) - [Commits](https://github.com/webpro-nl/knip/commits/5.76.3/packages/knip) --- updated-dependencies: - dependency-name: knip dependency-version: 5.76.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 (#474) * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 Bumps [@radix-ui/react-checkbox](https://github.com/radix-ui/primitives) from 1.3.2 to 1.3.3. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-checkbox" dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @radix-ui/react-checkbox from 1.3.2 to 1.3.3 Bumps [@radix-ui/react-checkbox](https://github.com/radix-ui/primitives) from 1.3.2 to 1.3.3. - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) --- updated-dependencies: - dependency-name: "@radix-ui/react-checkbox" dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * feat: upgrade @next/bundle-analyzer from 15.2.0 to 16.0.10 (#545) Snyk has created this PR to upgrade @next/bundle-analyzer from 15.2.0 to 16.0.10. See this package in npm: @next/bundle-analyzer See this project in Snyk: https://app.snyk.io/org/dargon789/project/4d6acffe-6303-4c14-bc35-3a7b6f6e9d17?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * build(deps-dev): bump vite from 6.0.3 to 6.0.10 (thirdweb-dev#6002) (#537) * build(deps-dev): bump vite from 6.0.3 to 6.0.10 (thirdweb-dev#6002) (#535) * [MNY-243] Update /pay page to render BuyWidget (#8297) * Update airdrop tokens reference link (#8197) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: prithvish <prithvish@thirdweb.com> * [Docs] Add guide for using ConnectButton with wagmi application (#8294) * [SDK] Add EIP-5792 support for EIP1193.toProvider() (#8298) * [SDK] Fix: update React Native Send Funds screen to allow decimal amounts (#8299) * Version Packages (#8300) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update factory (#8301)   --- ## PR-Codex overview This PR introduces a patch for the `thirdweb` package, adding a new factory address for the `create2` deployment on the Neura testnet. ### Detailed summary - Added a new factory address for `267`: `0x4e59b44847b379578588920cA78FbF26c0B4956C` to the `FACTORIES` record in `create-2-factory.ts`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **New Features** * Added support for Neura testnet in Create2 factory deployments.  * [MNY-237] SDK: Update theme colors, minor UI tweaks (#8305)   --- ## PR-Codex overview This PR focuses on updating theme colors and making minor UI tweaks across various React components in the `thirdweb` package. ### Detailed summary - Updated `weight` from `600` to `500` in multiple components' `Text`. - Adjusted `border` styles in `Container` components. - Modified padding and margin in several layout elements. - Enhanced UI elements with consistent `letterSpacing` and `fontSize`. - Added new theme stories for `darkThemeObj` and `lightThemeObj`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit - **New Features** - Added Storybook theme showcase displaying color tokens and design system palette - **Bug Fixes** - Improved loading skeleton UI with better scrollable layout and visual consistency - **Style** - Refactored theme system with explicit color objects - Updated button styling with adjusted border radius and padding - Refined typography (font weights) across UI components - Adjusted layout spacing and padding throughout Bridge and wallet components - Increased QR code size for improved visibility - **Chores** - Added changeset documentation for patch release  * Dashboard: Fix horizontal overflow in /bridge page (#8302)   --- ## PR-Codex overview This PR focuses on enhancing the styling of the `bridge-page` component by adding an `overflow-hidden` class to a `div`, which likely improves the layout and prevents overflow issues. ### Detailed summary - Added `overflow-hidden` class to the `div` in the `bridge-page` component to manage overflow behavior. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Style** * Updated the bridge page container to refine content display behavior and ensure consistent visual presentation.  * [MNY-289] SDK: Fix token selection UI loading state when wallet is connected to a chain that is not supported by tw bridge (#8304)   --- ## PR-Codex overview This PR addresses an issue with the `Select Token` UI being stuck in a loading state when the wallet is connected to an unsupported chain by the `thirdweb Bridge`. It modifies the logic for selecting the default chain in various widgets. ### Detailed summary - Updated the function from `getDefaultSelectedChain` to `findChain` for clarity. - Improved logic to handle cases where `activeChainId` is undefined. - Adjusted the selection of `selectedChain` to use the new `findChain` function, ensuring proper fallback options. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit ## Bug Fixes * Fixed Select Token components from remaining in loading state when the connected wallet chain is not supported by thirdweb Bridge. This affects BuyWidget, SwapWidget, and BridgeWidget.  * [Playground] Use production API URL (#8307) * Filter out null-ish values from ERC721 and ERC1155 getNFTs() arrays (#8311) * Handle null metadata in ERC721 and ERC1155 getNFT functions (#8312) * [X402] Fix network comparison in decodePaymentRequest (#8313) * Version Packages (#8303) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * [SDK] Enhance compatibility with third party x402 libs (#8314) * Version Packages (#8315) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Dashboard: /pay/<id> page UI improvements, SDK: CheckoutWidget minor UI tweaks (#8310)   --- ## PR-Codex overview This PR focuses on UI enhancements and minor adjustments in the `CheckoutWidget` and related components of the payment dashboard, improving styling, layout, and functionality. ### Detailed summary - Minor UI adjustments in `CheckoutWidget`. - Updated `formatTokenBalance.ts` to allow more flexible currency formatting. - Added `trackingTight` prop to `Text` in `FiatValue.tsx`. - Enhanced `PayPageWidget` with new class names for styling. - Adjusted color values in SDK theme definitions. - Improved layout and spacing in `WithHeader.tsx`. - Modified text properties in `DirectPayment.tsx` for better readability. - Created a new `PayIdPageHeader` component for improved header structure. - Replaced complex JSX in `PayPage` with cleaner component structure, including `DotsBackgroundPattern`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **New Features** * Theme toggle added to Pay page headers; streamlined Pay page header and layout with decorative background. * **Style** * Refined secondary/tertiary button and background colors, typography weights/letter spacing, spacing and divider styles. * Adjusted price and label styling, currency formatting precision, and visual spacing around branding. * Pay widget now uses a fallback image when no project image is provided. * **Chores** * Added changelog entry documenting a patch release.  * Update x402 default payment validity window (#8317) * [SDK] Update x402 dependency and export additional types (#8319) * Version Packages (#8318) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * SDK: Fix Safe wallet connection issues with WalletConnect (#8327)   --- ## PR-Codex overview This PR addresses issues with the Safe wallet connection when using `WalletConnect`, ensuring better handling of account retrieval. ### Detailed summary - Updated the comment for `account` retrieval to clarify that it grabs the address from mainnet if available. - Modified the `firstAccountOn` function to return the first account from the session if no matching account is found. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Bug Fixes** * Fixed Safe wallet connection issues with WalletConnect  * Dashboard: Update faucet amount for arc testnet (#8326)   --- ## PR-Codex overview This PR adds a new entry for the `Arc testnet` in the `faucet.ts` file, enhancing the functionality to support an additional test network alongside the existing `Sophon testnet`. ### Detailed summary - Added a comment for `Arc testnet`. - Introduced a new entry `5042002: 1` for the `Arc testnet`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit - **New Features** - Introduced faucet support for the Arc testnet, allowing users connected to this network to claim test funds. - The claim amount on Arc is set to 1, ensuring consistent and predictable claims on that network. - Existing networks and the default claim behavior remain unchanged, preserving current user flows while expanding testnet coverage.  * Dashboard: Use monotone curve type for AreaChart to avoid clipping (#8329)   --- ## PR-Codex overview This PR focuses on updating the `type` property for charts from `natural` to `monotone` in various components to improve the visual representation of the data. ### Detailed summary - In `empty-chart-state.tsx`, changed `type` from `natural` to `monotone`. - In `area-chart.tsx`, changed `type` from `natural` to `monotone`. - In `ErrorRate.tsx`, changed `type` from `natural` to `monotone`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Style** * Updated chart line rendering across multiple dashboard components for improved visual consistency. Area and bar charts now use refined curve interpolation for smoother data visualization.  * add arc testnet to chains package (#8325) * [Paywall] Support string price format when tokenAddress is not provided (#8330) * [X402] Simplify FacilitatorNetworkSchema to accept any string (#8331) * Version Packages (#8328) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update implementations (#8334)   --- ## PR-Codex overview This PR focuses on updating the `MarketplaceV3` contract addresses and the `ZKSYNC_WETH` token addresses in the `implementations.ts` file. ### Detailed summary - Updated `MarketplaceV3` address for network `232` from `0x9742f5ac11958cFAd151eBF0Fc31302fA409036E` to `0xB7387cF425eC8Da1b04b8E34De86245cb32bCA6D`. - Updated `MarketplaceV3` address for network `37111` from `0x56Abb6a3f25DCcdaDa106191053b1CC54C196DEE` to `0xF8fd1016420c2B7832714241d36Efe55D41df126`. - Updated `ZKSYNC_WETH` address for network `232` from `0xE5ecd226b3032910CEaa43ba92EE8232f8237553` to `0x6bDc36E20D267Ff0dd6097799f82e78907105e2F`. - Updated `ZKSYNC_WETH` address for network `37111` from `0xaA91D645D7a6C1aeaa5988e0547267B77d33fe16` to `0xeee5a340Cdc9c179Db25dea45AcfD5FE8d4d3eB8`. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`   ## Summary by CodeRabbit * **Chores** * Updated contract addresses for zkSync networks: MarketplaceV3 and WETH addresses replaced for chain 232 and chain 37111. * Added a changeset mar…

fix: packages/thirdweb/package.json to reduce vulnerabilities

300f6e8

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAPPYDOM-13535083

github-actions bot assigned Dargon789 Oct 12, 2025

github-actions bot added packages sdk labels Oct 12, 2025

gemini-code-assist bot reviewed Oct 12, 2025

View reviewed changes

github-actions bot added the Stale label Oct 20, 2025

Dargon789 merged commit a2a9272 into main Oct 21, 2025
13 of 16 checks passed

Dargon789 deleted the snyk-fix-fba3b64eb849e5cc0dd620782691783d branch October 21, 2025 07:10

Dargon789 mentioned this pull request Feb 1, 2026

[Experiment] Chart fetching strategies (#631) #632

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade happy-dom from 17.4.4 to 20.0.0#367

[Snyk] Security upgrade happy-dom from 17.4.4 to 20.0.0#367
Dargon789 merged 1 commit intomainfrom
snyk-fix-fba3b64eb849e5cc0dd620782691783d

Dargon789 commented Oct 12, 2025

Uh oh!

gemini-code-assist bot commented Oct 12, 2025

Uh oh!

snyk-io bot commented Oct 12, 2025

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

gemini-code-assist bot Oct 12, 2025

Uh oh!

github-actions bot commented Oct 20, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Dargon789 commented Oct 12, 2025

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

gemini-code-assist bot commented Oct 12, 2025

Summary of Changes

Highlights

Footnotes

Uh oh!

snyk-io bot commented Oct 12, 2025

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Oct 12, 2025

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Oct 20, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants