Skip to content

Bump the all-dependencies group across 1 directory with 29 updates#1944

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-8d2cd65ac0
Open

Bump the all-dependencies group across 1 directory with 29 updates#1944
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-8d2cd65ac0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026

Bumps the all-dependencies group with 29 updates in the / directory:

Package From To
@amplitude/analytics-browser 2.23.7 2.36.3
@creit.tech/stellar-wallets-kit 1.9.5 2.0.0
@ledgerhq/hw-app-str 7.2.9 7.4.0
@ledgerhq/hw-transport-webhid 6.30.9 6.31.0
@next/third-parties 15.5.7 16.1.6
@sentry/nextjs 10.29.0 10.43.0
@stellar/stellar-sdk 14.3.3 14.6.1
@tanstack/react-query 5.87.4 5.90.21
@tanstack/react-query-devtools 5.87.4 5.91.3
@trezor/connect-web 9.6.4 9.7.2
bignumber.js 9.3.1 10.0.2
dompurify 3.2.6 3.3.2
immer 10.1.3 11.1.4
lossless-json 4.2.0 4.3.0
next 15.5.10 16.1.6
uuid 11.1.0 13.0.0
zustand-querystring 0.0.19 0.6.1
@next/eslint-plugin-next 15.5.3 16.1.6
@playwright/test 1.57.0 1.58.2
@types/node 24.3.1 25.4.0
@types/papaparse 5.3.16 5.5.2
@typescript-eslint/eslint-plugin 8.43.0 8.57.0
eslint 9.35.0 10.0.3
eslint-config-next 15.4.4 16.1.6
eslint-plugin-react-hooks 5.2.0 7.0.1
jest 30.2.0 30.3.0
lint-staged 16.1.6 16.3.3
prettier 3.6.2 3.8.1
sass 1.92.1 1.97.3

Updates @amplitude/analytics-browser from 2.23.7 to 2.36.3

Release notes

Sourced from @​amplitude/analytics-browser's releases.

@​amplitude/analytics-browser@​2.36.3

2.36.3 (2026-03-09)

Bug Fixes

  • analytics-browser: Safari cookie writing race condition + extra exception catching (#1578) (bbcc6d7)
  • analytics-browser: skip known 2lds in TLD check (#1575) (1aaab18)

@​amplitude/analytics-browser@​2.36.2

2.36.2 (2026-03-05)

Bug Fixes

  • make getTopLevelDomain and isEnabled synchronous to avoid re-entrancy (#1564) (ab9b09f)

@​amplitude/analytics-browser@​2.36.1

2.36.1 (2026-03-03)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.36.0

2.36.0 (2026-03-03)

Bug Fixes

  • make default excluded referrers work better (#1559) (4bcca98)

Features

  • analytics-browser: add config attribution.excludeInternalReferrers (#1548) (df16648)
  • analytics-browser: support gzip request body compression (#1542) (0d2a7d2)
  • manual opt in gzip (#1568) (303c130)
Commits
  • 9fcc432 chore(release): publish
  • e07cbe4 fix(analytics-browser): remove zen observable version with bad polyfill (#1580)
  • 1aaab18 fix(analytics-browser): skip known 2lds in TLD check (#1575)
  • bbcc6d7 fix(analytics-browser): Safari cookie writing race condition + extra exceptio...
  • d4f511b chore(release): publish
  • 5f411a6 chore: revert accidental beta version bumps to stable (#1577)
  • fc59b42 chore(release): publish
  • 0afcac6 fix(session-replay): guarantee in-order batch delivery including retries (#1576)
  • 83b2045 chore(release): publish
  • 0021158 fix(unified): promote to GA (#1574)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​amplitude/analytics-browser since your current version.


Updates @creit.tech/stellar-wallets-kit from 1.9.5 to 2.0.0

Release notes

Sourced from @​creit.tech/stellar-wallets-kit's releases.

v2.0.0

2.0.0 (2026-02-11)

Changes

  • Full refactor of the whole repository (with breaking changes)
  • Migrate into a full Deno repository with NPM builds for compatibility
  • Separate the UI, the state, and the SDK
    • The UI (modal, buttons, etc) is now using Preact with HTM instead of Lit
    • The SDK (the class StellarWalletsKit) is now a regular Deno library
    • The state part of the SDK is being used by both the UI and the SDK
  • The UI now uses a series of CSS variables that can be defined by developers to personalize the complete UI (the SDK makes this process easier)
  • The SDK internal state is now using the small preact/signals library instead of RxJS (aiming to reduce the kit's size)
  • The SDK now exports the internal state so developers can update it directly if they need to (tho, still not recommended)
  • We included 3 simple examples using vite-preact, vite-react, and create-react-app so developers can see how to use the library
  • The components used in the library can now be created separately if needed (but like the internal state, not recommended)
  • The openModal method was removed, and we now have authModal. This new method works as a regular Promise, and it returns the address after the user has picked their selected wallet
  • A new profile page is added to the kit's modal, so in the future, we will allow having multiple accounts and wallets connected, so users can switch between accounts directly from the website instead of needing to check their wallets.
  • Include a new logic for events updates from the kit, developers can `subscribe ' to updates from the kit, like changes in the selected address, network, module, or disconnections.
  • The kit now separates the logic between getting the address and fetching the address. This means that if the user hasn't interacted with the AuthModal before, it will throw an error. This will prevent issues with modules that have different authorization logic (for example, Freighter)
  • The kit now keeps more information in the localstorage, for example, it will remember the last Wallet Connect topic it used, so when using Wallet Connect, the user doesn't need to connect again and again.
  • Freighter and Lobstr are now default wallets in the wallet connect modal, this way users will see them first instead of regular EVM wallets.
  • Fully remove both submit and submitUrl parameters
  • And many more.
Changelog

Sourced from @​creit.tech/stellar-wallets-kit's changelog.

2.0.0 (2026-02-11)

Changes

  • Full refactor of the whole repository (with breaking changes)
  • Migrate into a full Deno repository with NPM builds for compatibility
  • Separate the UI, the state, and the SDK
    • The UI (modal, buttons, etc) is now using Preact with HTM instead of Lit
    • The SDK (the class StellarWalletsKit) is now a regular Deno library
    • The state part of the SDK is being used by both the UI and the SDK
  • The UI now uses a series of CSS variables that can be defined by developers to personalize the complete UI (the SDK makes this process easier)
  • The SDK internal state is now using the small preact/signals library instead of RxJS (aiming to reduce the kit's size)
  • The SDK now exports the internal state so developers can update it directly if they need to (tho, still not recommended)
  • We included 3 simple examples using vite-preact, vite-react, and create-react-app so developers can see how to use the library
  • The components used in the library can now be created separately if needed (but like the internal state, not recommended)
  • The openModal method was removed, and we now have authModal. This new method works as a regular Promise, and it returns the address after the user has picked their selected wallet
  • A new profile page is added to the kit's modal, so in the future, we will allow having multiple accounts and wallets connected, so users can switch between accounts directly from the website instead of needing to check their wallets.
  • Include a new logic for events updates from the kit, developers can `subscribe ' to updates from the kit, like changes in the selected address, network, module, or disconnections.
  • The kit now separates the logic between getting the address and fetching the address. This means that if the user hasn't interacted with the AuthModal before, it will throw an error. This will prevent issues with modules that have different authorization logic (for example, Freighter)
  • The kit now keeps more information in the localstorage, for example, it will remember the last Wallet Connect topic it used, so when using Wallet Connect, the user doesn't need to connect again and again.
  • Freighter and Lobstr are now default wallets in the wallet connect modal, this way users will see them first instead of regular EVM wallets.
  • Fully remove both submit and submitUrl parameters
  • And many more.

Fix

  • Update Freighter module signAuthEntry method so it ignores the freighter-api types and follow a similar logic to the signMessage method uses (handle both a string and buffer response)
Commits
  • b863d6c v2.0.0
  • b7a677f Merge remote-tracking branch 'origin/main'
  • 721948c Include example of how to use Nextjs non server side component
  • 847de55 Merge pull request #80 from ByteZhang1024/feat/onekey
  • 39f8d97 feat: support onekey
  • 5c603b5 Update to 2.0.0-beta.9
  • 0eb8ead Update to 2.0.0-beta.9
  • a9663ed Update to 2.0.0-beta.8
  • 9c8bd50 Merge remote-tracking branch 'origin/main'
  • fd1077a Update to 2.0.0-beta.7
  • Additional commits viewable in compare view

Updates @ledgerhq/hw-app-str from 7.2.9 to 7.4.0

Commits

Updates @ledgerhq/hw-transport-webhid from 6.30.9 to 6.31.0

Commits
  • 647c11d Merge release into main
  • f260074 chore(release): 🚀 prepare release [skip ci]
  • 80c3d0c Merge pull request #13733 from LedgerHQ/smartling-translations-20260116094320030
  • 42ac90e File apps/ledger-live-mobile/src/locales/en/common.json was translated to es-...
  • 2c03c83 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to pt-BR...
  • c9d1d26 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to es-ES...
  • 4772f20 File apps/ledger-live-mobile/src/locales/en/common.json was translated to zh-...
  • 3c18ff2 File apps/ledger-live-mobile/src/locales/en/common.json was translated to de-...
  • d6191c9 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to ar-AE...
  • 83e994c File apps/ledger-live-mobile/src/locales/en/common.json was translated to ja-...
  • Additional commits viewable in compare view

Updates @next/third-parties from 15.5.7 to 16.1.6

Release notes

Sourced from @​next/third-parties's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Upgrade to swc 54 (#88207)
  • implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
  • tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.1-canary.36

Core Changes

  • Rename rewroteURL to rewrittenPathname in request metadata: #88751
  • Simplify getImplicitTags to accept pathname instead of url object: #88753
  • Add NEXT_DEPLOYMENT_ID global: #86738
  • Turbopack: remove deployment id suffix from client reference manifest chunks: #88741
  • Inject <html data-dpl-id> and don't inline it into JS anymore: #88761
  • [metadata] match the Metadata and ResolvedMetadata type: #88739

Example Changes

  • Update with-mysql example to Next.js 15, Tailwind 4, Prisma 7: #88475

Misc Changes

  • [ci] Ensure Turbo Remote Cache can be written to: #88794
  • perf(turbopack): optimize resolve plugin handling: #88639
  • Fix buildManifest.js deployment tests: #88806
  • [ci] Merge Cache Components and deploy tests manifests when running CC deploy tests: #88824
  • Turbopack: Extend filesystem watcher fuzzing to cover symlinks and junction points: #88192
  • [test]: add ability to run test-deploy with pre-existing deployment: #88829

Credits

Huge thanks to @​eps1lon, @​SimeonGriggs, @​unstubbable, @​xusd320, @​mischnic, @​sokra, @​huozhi, @​bgw, and @​ztanner for helping!

v16.0.11

Please see this changelog for more information about this security patch.

v15.6.0-canary.61

... (truncated)

Commits

Updates @sentry/nextjs from 10.29.0 to 10.43.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.43.0

Important Changes

  • feat(nextjs): Add Turbopack support for React component name annotation (#19604)

    We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

    This feature requires Next.js 16+ and is currently behind an experimental flag:

    // next.config.ts
import { withSentryConfig } from '@sentry/nextjs';
export default withSentryConfig(nextConfig, {
_experimental: {
turbopackReactComponentAnnotation: {
enabled: true,
ignoredComponents: ['Header', 'Footer'], // optional
},
},
});

  • feat(hono): Instrument middlewares app.use() (#19611)

    Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

  • feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
  • feat(hono): Use parametrized names for errors (#19577)
  • fix(browser): Fix missing traces for user feedback (#19660)
  • fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
  • fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
  • fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
  • fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
  • fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
  • fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
  • fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
  • fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
  • fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
  • fix(vercel-ai): Prevent tool call span map memory leak (#19328)
  • feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.43.0

Important Changes

  • feat(nextjs): Add Turbopack support for React component name annotation (#19604)

    We added experimental support for React component name annotation in Turbopack builds. When enabled, JSX elements are annotated with data-sentry-component, data-sentry-element, and data-sentry-source-file attributes at build time. This enables searching Replays by component name, seeing component names in breadcrumbs, and performance monitoring — previously only available with webpack builds.

    This feature requires Next.js 16+ and is currently behind an experimental flag:

    // next.config.ts
import { withSentryConfig } from '@sentry/nextjs';
export default withSentryConfig(nextConfig, {
_experimental: {
turbopackReactComponentAnnotation: {
enabled: true,
ignoredComponents: ['Header', 'Footer'], // optional
},
},
});

  • feat(hono): Instrument middlewares app.use() (#19611)

    Hono middleware registered via app.use() is now automatically instrumented, creating spans for each middleware invocation.

Other Changes

  • feat(node-core,node): Add tracePropagation option to http and fetch integrations (#19712)
  • feat(hono): Use parametrized names for errors (#19577)
  • fix(browser): Fix missing traces for user feedback (#19660)
  • fix(cloudflare): Use correct Proxy receiver in instrumentDurableObjectStorage (#19662)
  • fix(core): Standardize Vercel AI span descriptions to align with GenAI semantic conventions (#19624)
  • fix(deps): Bump hono to 4.12.5 to fix multiple vulnerabilities (#19653)
  • fix(deps): Bump svgo to 4.0.1 to fix DoS via entity expansion (#19651)
  • fix(deps): Bump tar to 7.5.10 to fix hardlink path traversal (#19650)
  • fix(nextjs): Align Turbopack module metadata injection with webpack behavior (#19645)
  • fix(node): Prevent duplicate LangChain spans from double module patching (#19684)
  • fix(node-core,vercel-edge): Use HEROKU_BUILD_COMMIT env var for default release (#19617)
  • fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • fix(tanstackstart-react): Add workerd and worker export conditions (#19461)
  • fix(vercel-ai): Prevent tool call span map memory leak (#19328)
  • feat(deps): Bump @​sentry/rollup-plugin from 5.1.0 to 5.1.1 (#19658)

... (truncated)

Commits
  • 3fb8102 release: 10.43.0
  • 8706e4e Merge pull request #19716 from getsentry/prepare-release/10.43.0
  • 61d7a84 meta(changelog): Update changelog for 10.43.0
  • f83f288 test(angular): Fix failing canary test (#19639)
  • 2b3ce34 fix(sveltekit): Fix file system race condition in source map cleaning (#19714)
  • 98be6b0 chore(skills): Add bump-size-limit skill (#19715)
  • cdee7a9 chore(sourcemaps): Make sourcemaps e2e test more generic (#19678)
  • b26df86 feat(node-core,node): Add tracePropagation option to http and fetch integrati...
  • 7b69774 chore(ci): Allow triage action to run on issues from external users (#19701)
  • 5651be2 fix(browser): Fix missing traces for user feedback (#19660)
  • Additional commits viewable in compare view

Updates @stellar/stellar-sdk from 14.3.3 to 14.6.1

Release notes

Sourced from @​stellar/stellar-sdk's releases.

v14.6.1

v14.6.1

Fixed

  • Fix assembleTransaction double-counting the resource fee when the input transaction already has Soroban data attached (e.g. when re-assembling a previously simulated transaction) (#1343).
  • Removed adding resourceFee in rpc.assembleTransaction as it's now handled by TransactionBuilder.build() (#1343).

Full Changelog: stellar/js-stellar-sdk@v14.6.0...v14.6.1

v14.6.0

v14.6.0

Added

  • Upgraded underlying @stellar/stellar-base library to include its new features and fixes (release notes).

Full Changelog: stellar/js-stellar-sdk@v14.5.0...v14.6.0

v14.5.0

v14.5.0

Added

  • Introduced CLI functionality for generating smart contract bindings (#1287).
  • Added BindingGeneration class for parsing contract specs into fully typed TypeScript libraries for calling contract methods (#1287).
  • Introduced rpc.Server.fundAddress that supports funding contract and account addresses via Friendbot (#1314).
  • Updated the StellarToml interface with SEP 45 fields WEB_AUTH_FOR_CONTRACTS_ENDPOINT and WEB_AUTH_CONTRACT_ID (#1326).

Fixed

  • X-App-Name and X-App-Version headers are now included when using CallBuilder.stream() (#1317).
  • CallBuilder now correctly uses the configured server URL for all requests, including pagination and linked resources. Previously, URLs returned by Horizon in _links would bypass reverse proxies (#1318).

Deprecated

  • rpc.Server.requestAirdrop is deprecated in favor of rpc.Server.fundAddress (#1314).

Contributors

@​ElliotFriend, @​leighmcculloch, @​Ryang-21, @​wpalmeri made their first contribution in stellar/js-stellar-sdk#1321, and @​joaquinsoza made their first contribution in stellar/js-stellar-sdk#1314

Full Changelog: stellar/js-stellar-sdk@v14.4.3...v14.5.0

v14.4.3

v14.4.3

Fixed

  • Upgraded underlying @stellar/stellar-base library to include its fixes (release notes).

v14.4.2

v14.4.2

Fixed

... (truncated)

Changelog

Sourced from @​stellar/stellar-sdk's changelog.

v14.6.1

Fixed

  • Fix assembleTransaction double-counting the resource fee when the input transaction already has Soroban data attached (e.g. when re-assembling a previously simulated transaction) (#1343).
  • Removed adding resourceFee in assembleTransaction as it's now handled by TransactionBuilder.build() (#1343).

v14.6.0

Added

  • Upgraded underlying @stellar/stellar-base library to include its new features and fixes (release notes).

v14.5.0

Added

  • Introduced CLI functionality for generating smart contract bindings (#1287).
  • Added BindingGeneration class for parsing contract specs into fully typed TypeScript libraries for calling contract methods (#1287).
  • Introduced rpc.Server.fundAddress that supports funding contract and account addresses via Friendbot (#1314).
  • Updated the StellarToml interface with SEP 45 fields WEB_AUTH_FOR_CONTRACTS_ENDPOINT and WEB_AUTH_CONTRACT_ID (#1326).

Fixed

  • X-App-Name and X-App-Version headers are now included when using CallBuilder.stream() (#1317).
  • CallBuilder now correctly uses the configured server URL for all requests, including pagination and linked resources. Previously, URLs returned by Horizon in _links would bypass reverse proxies (#1318).

Deprecated

  • rpc.Server.requestAirdrop is deprecated in favor of rpc.Server.fundAddress (#1314).

v14.4.3

Fixed

  • Upgraded underlying @stellar/stellar-base library to include its fixes (release notes).

v14.4.2

Fixed

  • Fixed package installation for Windows environments (#1306)

v14.4.1

Fixed

  • Set Api.GetEventsRequest.endLedger to be optional to align with RPC behavior (#1304)
  • Added back Typepoint and marked it deprecated in favor of Timepoint (#1303)

v14.4.0

Added

  • Introduced an rpc.Server.getAssetBalance() helper to fetch asset balances both for contracts and accounts (#1286).
  • rpc.Api.BalanceResponse now can include a revocable field in its balanceEntry for when trustlines are fetched (#1286).
  • Added Timepoint and Duration support to Spec (#1288)
  • Api.GetHealthResponse interface now includes latestLedger, ledgerRetentionWindow, and oldestLedger fields (#1297).

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​stellar/stellar-sdk since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @tanstack/react-query from 5.87.4 to 5.90.21

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.21

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.18
    • @​tanstack/react-query@​5.90.19

@​tanstack/react-query@​5.90.21

Patch Changes

  • refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

@​tanstack/react-query-persist-client@​5.90.20

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.17
    • @​tanstack/react-query@​5.90.18

@​tanstack/react-query@​5.90.20

Patch Changes

  • Updated dependencies [e7258c5]:
    • @​tanstack/query-core@​5.90.20

@​tanstack/react-query-persist-client@​5.90.19

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.16
    • @​tanstack/react-query@​5.90.17

@​tanstack/react-query@​5.90.19

Patch Changes

  • Updated dependencies [53fc74e]:
    • @​tanstack/query-core@​5.90.19

@​tanstack/react-query@​5.90.18

Patch Changes

  • Updated dependencies [dea1614]:
    • @​tanstack/query-core@​5.90.18

@​tanstack/react-query@​5.90.17

Patch Changes

  • Updated dependencies [269351b]:
    • @​tanstack/query-core@​5.90.17
Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.21

Patch Changes

  • refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

5.90.20

Patch Changes

  • Updated dependencies [e7258c5]:
    • @​tanstack/query-core@​5.90.20

5.90.19

Patch Changes

  • Updated dependencies [53fc74e]:
    • @​tanstack/query-core@​5.90.19

5.90.18

Patch Changes

  • Updated dependencies [dea1614]:
    • @​tanstack/query-core@​5.90.18

5.90.17

Patch Changes

  • Updated dependencies [269351b]:
    • @​tanstack/query-core@​5.90.17

5.90.16

Patch Changes

  • fix(react-query): allow retryOnMount when throwOnError is function (#9338)

  • Updated dependencies [7f47906]:

    • @​tanstack/query-core@​5.90.16

5.90.15

Patch Changes

  • Updated dependencies [fccef79]:
    • @​tanstack/query-core@​5.90.15

... (truncated)

Commits
  • 08050cb ci: Version Packages (#10115)
  • c5def66 refactor(react-query/useQueries): remove unreachable 'willFetch' branch in su...
  • da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
  • 2a592d2 test(react-query/suspense): add test cases for 'static' staleTime with number...
  • 7e3ea62 test(react-query/QueryResetErrorBoundary): relocate 'issue-9728' test and mig...
  • dee5d3e test(react-query/ssr): add 'useMutation' and 'useMutationState' tests for SSR...
  • 7ac4e20 ci: Version Packages (#10067)
  • 9ff3de7 Upgrade to Vitest v4 (#9862)
  • 0525ad1 ci: Version Packages (#10047)
  • 53fc74e fix(query-core): fix combine not updating when queries change with stable ref...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tanstack/react-query since your current version.


Updates @tanstack/react-query-devtools from 5.87.4 to 5.91.3

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.91.3

Patch Changes

  • Updated dependencies [83366c4]:
    • @​tanstack/query-devtools@​5.93.0
Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.91.3

Patch Changes

  • Updated dependencies [83366c4]:
    • @​tanstack/query-devtools@​5.93.0

5.91.2

Patch Changes

5.91.1

Patch Changes

  • Updated dependencies [b261b6f]:
    • @​tanstack/query-devtools@​5.91.1

5.91.0

Minor Changes

  • feat(devtools): allow passing a theme via prop (#9887)

Patch Changes

  • Updated dependencies [0e9d5b5]:
    • @​tanstack/query-devtools@​5.91.0
Commits Description has been truncated

@dependabot
Bump the all-dependencies group across 1 directory with 29 updates
601cdca 
Bumps the all-dependencies group with 29 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@amplitude/analytics-browser](https://github.com/amplitude/Amplitude-TypeScript) | `2.23.7` | `2.36.3` |
| [@creit.tech/stellar-wallets-kit](https://github.com/Creit-Tech/Stellar-Wallets-Kit) | `1.9.5` | `2.0.0` |
| [@ledgerhq/hw-app-str](https://github.com/LedgerHQ/ledger-live) | `7.2.9` | `7.4.0` |
| [@ledgerhq/hw-transport-webhid](https://github.com/LedgerHQ/ledger-live) | `6.30.9` | `6.31.0` |
| [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) | `15.5.7` | `16.1.6` |
| [@sentry/nextjs](https://github.com/getsentry/sentry-javascript) | `10.29.0` | `10.43.0` |
| [@stellar/stellar-sdk](https://github.com/stellar/js-stellar-sdk) | `14.3.3` | `14.6.1` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.87.4` | `5.90.21` |
| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.87.4` | `5.91.3` |
| [@trezor/connect-web](https://github.com/trezor/trezor-suite) | `9.6.4` | `9.7.2` |
| [bignumber.js](https://github.com/MikeMcl/bignumber.js) | `9.3.1` | `10.0.2` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.3.2` |
| [immer](https://github.com/immerjs/immer) | `10.1.3` | `11.1.4` |
| [lossless-json](https://github.com/josdejong/lossless-json) | `4.2.0` | `4.3.0` |
| [next](https://github.com/vercel/next.js) | `15.5.10` | `16.1.6` |
| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `13.0.0` |
| [zustand-querystring](https://github.com/nitedani/zustand-querystring) | `0.0.19` | `0.6.1` |
| [@next/eslint-plugin-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-plugin-next) | `15.5.3` | `16.1.6` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.57.0` | `1.58.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.1` | `25.4.0` |
| [@types/papaparse](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/papaparse) | `5.3.16` | `5.5.2` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.43.0` | `8.57.0` |
| [eslint](https://github.com/eslint/eslint) | `9.35.0` | `10.0.3` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `15.4.4` | `16.1.6` |
| [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `5.2.0` | `7.0.1` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.3.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.1.6` | `16.3.3` |
| [prettier](https://github.com/prettier/prettier) | `3.6.2` | `3.8.1` |
| [sass](https://github.com/sass/dart-sass) | `1.92.1` | `1.97.3` |



Updates `@amplitude/analytics-browser` from 2.23.7 to 2.36.3
- [Release notes](https://github.com/amplitude/Amplitude-TypeScript/releases)
- [Commits](https://github.com/amplitude/Amplitude-TypeScript/compare/@amplitude/analytics-browser@2.23.7...@amplitude/analytics-browser@2.36.3)

Updates `@creit.tech/stellar-wallets-kit` from 1.9.5 to 2.0.0
- [Release notes](https://github.com/Creit-Tech/Stellar-Wallets-Kit/releases)
- [Changelog](https://github.com/Creit-Tech/Stellar-Wallets-Kit/blob/main/CHANGELOG.md)
- [Commits](Creit-Tech/Stellar-Wallets-Kit@v1.9.5...v2.0.0)

Updates `@ledgerhq/hw-app-str` from 7.2.9 to 7.4.0
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/commits/@ledgerhq/hw-app-str@7.4.0)

Updates `@ledgerhq/hw-transport-webhid` from 6.30.9 to 6.31.0
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/compare/@ledgerhq/hw-transport-http@6.30.9...@ledgerhq/hw-transport-webhid@6.31.0)

Updates `@next/third-parties` from 15.5.7 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.1.6/packages/third-parties)

Updates `@sentry/nextjs` from 10.29.0 to 10.43.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.29.0...10.43.0)

Updates `@stellar/stellar-sdk` from 14.3.3 to 14.6.1
- [Release notes](https://github.com/stellar/js-stellar-sdk/releases)
- [Changelog](https://github.com/stellar/js-stellar-sdk/blob/master/CHANGELOG.md)
- [Commits](stellar/js-stellar-sdk@v14.3.3...v14.6.1)

Updates `@tanstack/react-query` from 5.87.4 to 5.90.21
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.90.21/packages/react-query)

Updates `@tanstack/react-query-devtools` from 5.87.4 to 5.91.3
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.91.3/packages/react-query-devtools)

Updates `@trezor/connect-web` from 9.6.4 to 9.7.2
- [Release notes](https://github.com/trezor/trezor-suite/releases)
- [Commits](https://github.com/trezor/trezor-suite/commits)

Updates `bignumber.js` from 9.3.1 to 10.0.2
- [Release notes](https://github.com/MikeMcl/bignumber.js/releases)
- [Changelog](https://github.com/MikeMcl/bignumber.js/blob/main/CHANGELOG.md)
- [Commits](MikeMcl/bignumber.js@v9.3.1...v10.0.2)

Updates `dompurify` from 3.2.6 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.3.2)

Updates `immer` from 10.1.3 to 11.1.4
- [Release notes](https://github.com/immerjs/immer/releases)
- [Commits](immerjs/immer@v10.1.3...v11.1.4)

Updates `lossless-json` from 4.2.0 to 4.3.0
- [Changelog](https://github.com/josdejong/lossless-json/blob/main/CHANGELOG.md)
- [Commits](josdejong/lossless-json@v4.2.0...v4.3.0)

Updates `next` from 15.5.10 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.10...v16.1.6)

Updates `uuid` from 11.1.0 to 13.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v13.0.0)

Updates `zustand-querystring` from 0.0.19 to 0.6.1
- [Release notes](https://github.com/nitedani/zustand-querystring/releases)
- [Commits](https://github.com/nitedani/zustand-querystring/commits)

Updates `@next/eslint-plugin-next` from 15.5.3 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.1.6/packages/eslint-plugin-next)

Updates `@playwright/test` from 1.57.0 to 1.58.2
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.57.0...v1.58.2)

Updates `@types/node` from 24.3.1 to 25.4.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/papaparse` from 5.3.16 to 5.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/papaparse)

Updates `@typescript-eslint/eslint-plugin` from 8.43.0 to 8.57.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.0/packages/eslint-plugin)

Updates `eslint` from 9.35.0 to 10.0.3
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.35.0...v10.0.3)

Updates `eslint-config-next` from 15.4.4 to 16.1.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.1.6/packages/eslint-config-next)

Updates `eslint-plugin-react-hooks` from 5.2.0 to 7.0.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/HEAD/packages/eslint-plugin-react-hooks)

Updates `jest` from 30.2.0 to 30.3.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest)

Updates `lint-staged` from 16.1.6 to 16.3.3
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.1.6...v16.3.3)

Updates `prettier` from 3.6.2 to 3.8.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.6.2...3.8.1)

Updates `sass` from 1.92.1 to 1.97.3
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.92.1...1.97.3)

---
updated-dependencies:
- dependency-name: "@amplitude/analytics-browser"
  dependency-version: 2.36.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@creit.tech/stellar-wallets-kit"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@ledgerhq/hw-app-str"
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@ledgerhq/hw-transport-webhid"
  dependency-version: 6.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@next/third-parties"
  dependency-version: 16.1.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@sentry/nextjs"
  dependency-version: 10.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@stellar/stellar-sdk"
  dependency-version: 14.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.90.21
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@tanstack/react-query-devtools"
  dependency-version: 5.91.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@trezor/connect-web"
  dependency-version: 9.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: bignumber.js
  dependency-version: 10.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: immer
  dependency-version: 11.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: lossless-json
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: next
  dependency-version: 16.1.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: uuid
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: zustand-querystring
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@next/eslint-plugin-next"
  dependency-version: 16.1.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.58.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.4.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@types/papaparse"
  dependency-version: 5.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.57.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: eslint
  dependency-version: 10.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: eslint-config-next
  dependency-version: 16.1.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 7.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: jest
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: lint-staged
  dependency-version: 16.3.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: prettier
  dependency-version: 3.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: sass
  dependency-version: 1.97.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 10, 2026
Copilot AI review requested due to automatic review settings March 10, 2026 17:56
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 10, 2026
@dependabot dependabot bot review requested due to automatic review settings March 10, 2026 17:56
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Mar 10, 2026
@socket-security
Copy link

socket-security bot commented Mar 10, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednext@​15.5.10 ⏵ 16.1.662 -69991 +19770
Updatedeslint-config-next@​15.4.4 ⏵ 16.1.699 +110067 +398100
Updatedjest@​30.2.0 ⏵ 30.3.0100 +110070 +195 +5100
Updated@​tanstack/​react-query-devtools@​5.87.4 ⏵ 5.91.3100 +110071 +195 -2100
Updated@​next/​eslint-plugin-next@​15.5.3 ⏵ 16.1.61001007399100
Updated@​types/​papaparse@​5.3.16 ⏵ 5.5.2100 +110074 +183 -3100
Updated@​creit.tech/​stellar-wallets-kit@​1.9.5 ⏵ 2.0.083 +210074 -2691 +5100
Updated@​amplitude/​analytics-browser@​2.23.7 ⏵ 2.36.378 -2110094 +1100100
Updatedzustand-querystring@​0.0.19 ⏵ 0.6.180 +1100100 +1091 +13100
Updated@​typescript-eslint/​eslint-plugin@​8.43.0 ⏵ 8.57.099 +110080 +198 +2100
Updated@​types/​node@​24.3.1 ⏵ 25.4.0100 +110081 +196100
Updated@​next/​third-parties@​15.5.7 ⏵ 16.1.6100 +110082 +199100
Updatedlossless-json@​4.2.0 ⏵ 4.3.0100 +1100100 +183100
Addeduuid@​13.0.010010010083100
Updatedimmer@​10.1.3 ⏵ 11.1.49910083 +188 -1100
Updated@​tanstack/​react-query@​5.87.4 ⏵ 5.90.2199 +110088 +198 -2100
Updatedeslint@​9.35.0 ⏵ 10.0.38910010097 +2100
Updatedprettier@​3.6.2 ⏵ 3.8.19010097 +193100
Addedbignumber.js@​10.0.29810010090100
Updatedsass@​1.92.1 ⏵ 1.97.3100 +110010091100
Updated@​sentry/​nextjs@​10.29.0 ⏵ 10.43.093 -610091 +196100
Updateddompurify@​3.2.6 ⏵ 3.3.298 +1100 +31009190
Updated@​trezor/​connect-web@​9.6.2 ⏵ 9.7.2991009296 +190
Updated@​ledgerhq/​hw-app-str@​7.2.9 ⏵ 7.4.095 -110010096 -3100
Updatedlint-staged@​16.1.6 ⏵ 16.3.3100 +110010096 +1100
Updatedeslint-plugin-react-hooks@​5.2.0 ⏵ 7.0.1100 +310010096100
Updated@​stellar/​stellar-sdk@​14.3.3 ⏵ 14.6.199 +510010098 +2100
Updated@​playwright/​test@​1.57.0 ⏵ 1.58.210010010099100
Updated@​ledgerhq/​hw-transport-webhid@​6.30.9 ⏵ 6.31.0100100100100 +1100

View full report

@socket-security
Copy link

socket-security bot commented Mar 10, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm @ethereumjs/rlp under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/rlp@10.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/rlp@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @ethereumjs/tx under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/tx@10.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/tx@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @ethereumjs/util under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/util@10.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/util@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @lit-labs/ssr-dom-shim under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@lit-labs/ssr-dom-shim@1.5.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@lit-labs/ssr-dom-shim@1.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @lit/react under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@lit/react@1.0.8

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@lit/react@1.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @lit/reactive-element under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@lit/reactive-element@2.1.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@lit/reactive-element@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @lobstrco/signer-extension-api under GPL-3.0

License: GPL-3.0 - the applicable license policy does not allow this license (4) (npm metadata)

License: GPL-3.0 - the applicable license policy does not allow this license (4) (package/package.json)

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@lobstrco/signer-extension-api@2.0.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@lobstrco/signer-extension-api@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @phosphor-icons/webcomponents under BSD-3-Clause AND MIT

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/@phosphor-icons/webcomponents@2.1.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@phosphor-icons/webcomponents@2.1.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @sentry/babel-plugin-component-annotate under BSD-3-Clause AND MIT

Location: Package overview

From: pnpm-lock.yamlnpm/@sentry/babel-plugin-component-annotate@5.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/babel-plugin-component-annotate@5.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @sentry/cli under LicenseRef-FSL-1.1-MIT

License: LicenseRef-FSL-1.1-MIT - the applicable license policy does not allow this license (4) (package/LICENSE)

From: pnpm-lock.yamlnpm/@sentry/cli@2.58.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/cli@2.58.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @sentry/webpack-plugin under BSD-3-Clause AND MIT

Location: Package overview

From: pnpm-lock.yamlnpm/@sentry/nextjs@10.43.0npm/@sentry/webpack-plugin@5.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/webpack-plugin@5.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @sinonjs/fake-timers under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/jest@30.3.0npm/@sinonjs/fake-timers@15.1.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sinonjs/fake-timers@15.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @stellar/stellar-sdk

Location: Package overview

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@stellar/stellar-sdk@14.2.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@stellar/stellar-sdk@14.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @stellar/stellar-sdk

Location: Package overview

From: package.jsonnpm/@stellar/stellar-sdk@14.6.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@stellar/stellar-sdk@14.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/blockchain-link under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/blockchain-link@2.6.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/blockchain-link@2.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect-common under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/connect-common@0.5.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-common@0.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect-web under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: package.jsonnpm/@trezor/connect-web@9.7.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-web@9.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/connect@9.7.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect@9.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/transport under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/transport@1.6.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/transport@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/utils under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/utils@9.5.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/utils@9.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/utxo-lib under LicenseRef-T-RSL

License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.2npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/utxo-lib@2.5.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/utxo-lib@2.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm axe-core under MIT AND MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-next@16.1.6npm/axe-core@4.11.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axe-core@4.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm caniuse-lite under CC-BY-4.0

License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (npm metadata)

License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/LICENSE)

License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/package.json)

From: pnpm-lock.yamlnpm/next@16.1.6npm/jest@30.3.0npm/@sentry/nextjs@10.43.0npm/eslint-plugin-react-hooks@7.0.1npm/caniuse-lite@1.0.30001777

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001777. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm esquery under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/eslint@10.0.3npm/esquery@1.7.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/esquery@1.7.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm lit-element under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/lit-element@4.2.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lit-element@4.2.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm lit-html under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/lit-html@3.3.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lit-html@3.3.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm lit under BSD-3-Clause

Location: Package overview

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.0.0npm/lit@3.3.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lit@3.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 6 more rows in the dashboard

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

DevX
Status: Backlog (Not Ready)

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants