Skip to content

Snyk upgrade 291e43177663c8a0bc581c14bbe675b4 #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 24 commits into from
Jan 4, 2026
Merged

Snyk upgrade 291e43177663c8a0bc581c14bbe675b4 #556

Dargon789 merged 24 commits into from
Jan 4, 2026

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Jan 4, 2026

No description provided.

Dargon789 and others added 23 commits April 20, 2025 22:31
@Dargon789 @snyk-bot
feat: upgrade nextjs-toploader from 1.6.12 to 3.8.16 (#135)
3966579 
Snyk has created this PR to upgrade nextjs-toploader from 1.6.12 to 3.8.16.

See this package in npm:
nextjs-toploader

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
feat: upgrade shiki from 1.27.0 to 3.2.1 (#133)
f84f8e3 
Snyk has created this PR to upgrade shiki from 1.27.0 to 3.2.1.

See this package in npm:
shiki

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: upgrade flexsearch from 0.7.43 to 0.8.143 (#134)
241c2d5 
Snyk has created this PR to upgrade flexsearch from 0.7.43 to 0.8.143.

See this package in npm:
flexsearch

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/a19f499f-38be-44a8-b151-119edbfc95d2?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2 (#136)
c8230e9 
Snyk has created this PR to upgrade @walletconnect/sign-client from 2.19.1 to 2.19.2.

See this package in npm:
@walletconnect/sign-client

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2 (#138)
dc6163d 
Snyk has created this PR to upgrade @coinbase/wallet-sdk from 4.3.0 to 4.3.2.

See this package in npm:
@coinbase/wallet-sdk

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: apps/playground-web/package.json to reduce vulnerabilities (#148)
dbe2f78 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: apps/portal/package.json to reduce vulnerabilities (#150)
48c183a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
fix: apps/wallet-ui/package.json to reduce vulnerabilities (#149)
b15a77a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
feat: upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1 (#153)
7bf02b5 
Snyk has created this PR to upgrade @typescript-eslint/parser from 7.14.1 to 8.29.1.

See this package in npm:
@typescript-eslint/parser

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789 @snyk-bot
feat: upgrade tailwindcss from 3.4.17 to 4.1.3 (#154)
37f86c3 
Snyk has created this PR to upgrade tailwindcss from 3.4.17 to 4.1.3.

See this package in npm:
tailwindcss

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/55409c6b-2ed0-4583-b8cd-a5bcabfd7aaa?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
@Dargon789
Merge branch 'thirdweb-dev:main' into main
5a4fa9f
@dependabot
chore(deps): bump @radix-ui/react-hover-card from 1.1.7 to 1.1.11 (#145)
ffd6c92 
Bumps [@radix-ui/react-hover-card](https://github.com/radix-ui/primitives) from 1.1.7 to 1.1.11.
- [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md)
- [Commits](https://github.com/radix-ui/primitives/commits)

---
updated-dependencies:
- dependency-name: "@radix-ui/react-hover-card"
  dependency-version: 1.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump @chakra-ui/cli from 2.5.6 to 3.16.1 (#146)
8acd285 
Bumps [@chakra-ui/cli](https://github.com/chakra-ui/chakra-ui) from 2.5.6 to 3.16.1.
- [Release notes](https://github.com/chakra-ui/chakra-ui/releases)
- [Commits](https://github.com/chakra-ui/chakra-ui/compare/@chakra-ui/system@2.5.6...@chakra-ui/cli@3.16.1)

---
updated-dependencies:
- dependency-name: "@chakra-ui/cli"
  dependency-version: 3.16.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps-dev): bump vite (#155)
52b04c5 
Bumps the npm_and_yarn group with 1 update in the /packages/thirdweb directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 6.2.6 to 6.2.7
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.2.7/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.2.7/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 6.2.7
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Dargon789
Create nextjs.yml (#160)
94b6829 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Create fluffy-rats-jog.md
6004c73 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Create static.yml
81026a2 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Merge pull request #163 from Dargon789/Dargon789-patch-3
1fbed41 
Create static.yml
@Dargon789
Create seven-goats-move.md (#164)
0904c4c 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Create jekyll-gh-pages.yml (#166)
d0d3189 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Merge branch 'thirdweb-dev:main' into main
0c0e2c9
@Dargon789 @MananTank
Patch 1 (#165)
10ed7f4 
* [NEB-69] Nebula: Add UI for Swap and Approve transactions

* Create happy-dodos-reflect.md

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

---------

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Manan Tank <manantankm@gmail.com>
@snyk-bot
fix: upgrade @aws-sdk/client-kms from 3.592.0 to 3.787.0
4a421a7 
Snyk has created this PR to upgrade @aws-sdk/client-kms from 3.592.0 to 3.787.0.

See this package in npm:
@aws-sdk/client-kms

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/b2aa4281-7627-443a-bbf2-b110a878f4b9?utm_source=github&utm_medium=referral&page=upgrade-pr
sourcery-ai[bot]
sourcery-ai bot reviewed Jan 4, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @Dargon789, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@gemini-code-assist
Copy link

gemini-code-assist bot commented Jan 4, 2026

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Nebula application by integrating new user interface capabilities for 'Swap' and 'Approve' transactions, allowing users to interact with decentralized exchange functionalities directly within the app. Alongside this feature addition, a comprehensive update of project dependencies has been performed across several core packages, ensuring the codebase is up-to-date with the latest libraries and their improvements.

Highlights

  • Nebula Swap and Approve UI: Introduced new UI components and logic within the Nebula application to support 'Swap' and 'Approve' transactions. This includes new data types for swap information, updated API handling for 'sign_swap' events, and dedicated cards for displaying and executing these transaction types.
  • Dependency Upgrades: Performed a broad update of various dependencies across multiple packages, including major version bumps for @chakra-ui/cli, eslint, flexsearch, nextjs-toploader, shiki, @typescript-eslint/parser, and tailwindcss, ensuring the project uses the latest versions.
  • Transaction Card Refactor: Refactored the ExecuteTransactionCard component to utilize a new shared utility (Swap/common.tsx) for handling transaction status and hash display, improving code reusability and maintainability for transaction-related UI.
Ignored Files
  • Ignored by pattern: .github/workflows/** (3)
    • .github/workflows/jekyll-gh-pages.yml
    • .github/workflows/nextjs.yml
    • .github/workflows/static.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 4, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces UI and backend support for 'Swap' and 'Approve' transactions within the Nebula application, alongside general dependency updates across several packages. Key changes include defining a new NebulaSwapData type, modifying message streaming and handling logic to differentiate between sign_transaction and sign_swap actions, and refactoring the chat message rendering to use dedicated components for these new transaction types. The review comments highlight a critical concern regarding the removal of data validation for incoming transaction and swap data, recommending the reintroduction of robust validation (e.g., using Zod) to prevent runtime errors from malformed external data. Additionally, a minor issue was noted where onTxSettled was incorrectly called in a transaction failure path, which needs to be corrected as it implies success.

Repository owner deleted a comment from vercel bot Jan 4, 2026
@Dargon789 Dargon789 merged commit 7673e57 into main Jan 4, 2026
8 of 12 checks passed
@Dargon789 Dargon789 deleted the snyk-upgrade-291e43177663c8a0bc581c14bbe675b4 branch January 4, 2026 05:13
@Dargon789 Dargon789 linked an issue Jan 4, 2026 that may be closed by this pull request
# Flow diagram for the Next.js GitHub Actions deployment workflow #561
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dashboard Ecosystem Portal packages playground portal sdk

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

# Flow diagram for the Next.js GitHub Actions deployment workflow

2 participants

@Dargon789 @snyk-bot