Skip to content

chore(deps): bump the npm-production group with 10 updates#360

Closed
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/npm_and_yarn/npm-production-f36a0e93de
Closed

chore(deps): bump the npm-production group with 10 updates#360
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/npm_and_yarn/npm-production-f36a0e93de

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps the npm-production group with 10 updates:

Package From To
incur 0.3.23 0.3.25
ox 0.14.7 0.14.15
@types/node 25.5.0 25.6.0
vite 8.0.5 8.0.8
bun 1.3.11 1.3.12
@metamask/sdk 0.33.1 0.34.0
@tanstack/react-query 5.96.2 5.99.0
wagmi 3.6.1 3.6.2
@stripe/stripe-js 8.7.0 9.1.0
accounts 0.4.12 0.6.1

Updates incur from 0.3.23 to 0.3.25

Release notes

Sourced from incur's releases.

incur@0.3.25

Patch Changes

  • abfa8c7: Fixed Root CLIs created with Cli.create and aliases not registering those aliases as command aliases when mounted via cli.command().

incur@0.3.24

Patch Changes

  • 250e65f: Added command-level aliases option for subcommands (e.g. aliases: ['extensions', 'ext'] on an extension command).
  • 26d7bf8: Fixed root fetch/command fallback bypassing "Did you mean?" suggestions when the input is a typo of a known command.
Changelog

Sourced from incur's changelog.

0.3.25

Patch Changes

  • abfa8c7: Fixed Root CLIs created with Cli.create and aliases not registering those aliases as command aliases when mounted via cli.command().

0.3.24

Patch Changes

  • 250e65f: Added command-level aliases option for subcommands (e.g. aliases: ['extensions', 'ext'] on an extension command).
  • 26d7bf8: Fixed root fetch/command fallback bypassing "Did you mean?" suggestions when the input is a typo of a known command.
Commits

Updates ox from 0.14.7 to 0.14.15

Release notes

Sourced from ox's releases.

ox@0.14.15

Patch Changes

  • d073091 Thanks @​jxom! - Fixed TransactionRequest.blobVersionedHashes to include | undefined for exactOptionalPropertyTypes compatibility.

ox@0.14.14

Patch Changes

  • 14137f7 Thanks @​jxom! - Added RpcSchema.ToViem and RpcSchema.FromViem type utilities for converting between Ox and Viem RPC schema formats. Added tempo_simulateV1 RPC schema to ox/tempo.

ox@0.14.13

Patch Changes

  • 68f8fa0 Thanks @​jxom! - viem/tempo: Renamed contractAddress to address on KeyAuthorization.Scope. Added support for human-readable ABI signatures in selector (e.g. 'transfer(address,uint256)'), which are automatically encoded into 4-byte selectors.

ox@0.14.12

Patch Changes

  • #208 30537f8 Thanks @​dgca! - Added serviceCodes field to ERC-8021 Attribution schema.

  • #211 9d0d676 Thanks @​jxom! - viem/tempo: Added support for period and call scopes on KeyAuthorization.

ox@0.14.11

Patch Changes

  • #209 52d985e Thanks @​jxom! - Fixed Credential.serialize to extract authenticatorData from the CBOR-encoded attestationObject when the browser/passkey provider doesn't expose it on the response object (e.g. Firefox + 1Password).

ox@0.14.10

Patch Changes

  • #204 9aec6a9 Thanks @​jxom! - Added Ed25519.toX25519PublicKey and Ed25519.toX25519PrivateKey for converting Ed25519 keys to X25519 keys. Useful for performing X25519 Diffie-Hellman key exchange using an Ed25519 signing key pair.

ox@0.14.9

Patch Changes

  • #201 ea94ea6 Thanks @​decofe! - Fixed KeyAuthorization.fromRpc to preserve undefined expiry instead of defaulting to 0.

ox@0.14.8

Patch Changes

  • 0d0575e Thanks @​jxom! - Added ERC-8021 Schema 2 (CBOR-encoded) attribution support to the Attribution module.
Commits
  • c10bae5 chore: version packages (#215)
  • d073091 fix: add undefined to blobVersionedHashes for exactOptionalPropertyTypes
  • 25b4cbe rename tempo RpcSchema to RpcSchemaTempo
  • acacde8 fix: dead link to /api/RpcSchema in json-rpc guide
  • 1193caf chore: version packages (#214)
  • e9c77c9 Update tempo-rpc-schema.md
  • 14137f7 feat: add tempo_simulateV1 RpcSchema + ToViem/FromViem conversions
  • fc0a3b9 chore: version packages (#213)
  • 09affde fix: remaining contractAddress references in e2e tests
  • 68f8fa0 feat(tempo): rename Scope.contractAddress to address, support signatures in s...
  • Additional commits viewable in compare view

Updates @types/node from 25.5.0 to 25.6.0

Commits

Updates vite from 8.0.5 to 8.0.8

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

Bug Fixes

  • avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
  • ssr: class property keys hoisting matching imports (#22199) (e137601)

8.0.7 (2026-04-07)

Bug Fixes

  • use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

Bug Fixes

Performance Improvements

  • early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

Commits

Updates bun from 1.3.11 to 1.3.12

Release notes

Sourced from bun's releases.

Bun v1.3.12

To install Bun v1.3.12

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.12:

bun upgrade

Read Bun v1.3.12's release notes on Bun's blog

Thanks to 8 contributors!

Commits
  • 700fc11 wip builds (#28826)
  • 4ee606e ci: switch Windows arm64 to Dpdsv6 (local NVMe, ephemeral OS disk) (#29062)
  • c6e2bf8 fix(usockets): release addrinfo request and cancel pending DNS when a connect...
  • 218bf20 fix(usockets): hold a context ref for the lifetime of pending_resolve_callbac...
  • 6f649d6 Tweak claude-find-issues-for-pr action
  • fa6f69f Add markdown ANSI pretty-printer for bun ./file.md (#28833)
  • 94d1253 docs(CLAUDE.md): add code review self-check section (#29063)
  • 490e237 fix crash reading fd of a TLS listener (#28934)
  • fd75aa4 Fix assertion failure in Bun.dns.setServers with non-int32 values (#28926)
  • a3b22b3 cli: make --elide-lines a no-op in non-terminal environments (#28977)
  • Additional commits viewable in compare view

Updates @metamask/sdk from 0.33.1 to 0.34.0

Changelog

Sourced from @​metamask/sdk's changelog.

[0.34.0]

Added

  • Introduces a new hideReturnToAppNotification option (default false) and passes it through to deeplink/QR URLs (#1350)
Commits

Updates @tanstack/react-query from 5.96.2 to 5.99.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.99.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.99.0
    • @​tanstack/react-query@​5.99.0

@​tanstack/react-query-next-experimental@​5.99.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.99.0

@​tanstack/react-query-persist-client@​5.99.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.99.0
    • @​tanstack/react-query@​5.99.0

@​tanstack/react-query@​5.99.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.99.0

@​tanstack/react-query-devtools@​5.98.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.98.0
    • @​tanstack/react-query@​5.98.0

@​tanstack/react-query-next-experimental@​5.98.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.98.0

@​tanstack/react-query-persist-client@​5.98.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.98.0
    • @​tanstack/react-query@​5.98.0

@​tanstack/react-query@​5.98.0

Patch Changes

  • Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.99.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.99.0

5.98.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.98.0

5.97.0

Patch Changes

  • Updated dependencies [2bfb12c]:
    • @​tanstack/query-core@​5.97.0
Commits
  • adc2543 ci: Version Packages (#10454)
  • 6040278 ci: Version Packages (#10451)
  • 125067c ci: Version Packages (#10436)
  • f699190 test(react-query): replace hardcoded query keys with 'queryKey()' utility (#1...
  • f3d3eea test(*): replace deprecated 'toMatchTypeOf' with 'toExtend' (#10413)
  • 3d6e001 test(react-query/useSuspenseQueries): replace 'async/await sleep' with 'sleep...
  • 7d7a21c test(react-query): replace 'async/await sleep' with 'sleep().then()' in test ...
  • See full diff in compare view

Updates wagmi from 3.6.1 to 3.6.2

Release notes

Sourced from wagmi's releases.

wagmi@3.6.2

Patch Changes

Changelog

Sourced from wagmi's changelog.

3.6.2

Patch Changes

Commits

Updates @stripe/stripe-js from 8.7.0 to 9.1.0

Release notes

Sourced from @​stripe/stripe-js's releases.

v9.1.0

New features

  • Update type to have percentage (#911)
  • Add unit amount decimal (#907)

v9.0.1

New features

  • Add Contributing section to README (#901)

Fixes

  • Include klarna in TermsOption (#905)
  • Add verification types for TaxIdElement (#904)

Changed

  • Bump picomatch from 2.2.2 to 2.3.2 (#902)
  • Bump picomatch from 2.2.2 to 2.3.2 in /examples/rollup (#903)

v9.0.0

New features

  • Change elements.update() return type from void to Promise (#888)

Changed

  • Updated types for Dahlia (#883, #898)
  • update type for createEmbeddedCheckoutPage rename (#890)
  • add format to getValue for addressElement (#886)
  • Remove boolean from RadiosOption type for Dahlia (#885)
  • Remove createSource and retrieveSource types for Dahlia (#892)

v8.11.0

New features

Fixes

Changed

  • [Payment Form Element] Add paymentMethods and rename wallets to expressCheckout (#894)

... (truncated)

Commits

Updates accounts from 0.4.12 to 0.6.1

Release notes

Sourced from accounts's releases.

accounts@0.6.1

Patch Changes

  • 1aa18fe: Added feePayer to wallet_sendCalls capabilities and wallet_getCapabilities response.
  • 1aa18fe: Support feePayer: false to opt out of fee payers on a per-transaction basis when a provider-level fee payer is configured.

accounts@0.6.0

Minor Changes

  • 36db0d9: Breaking: Renamed feePayerUrl to feePayer.

accounts@0.5.9

Patch Changes

  • 901cfee: Fixed iframe dialog getting stuck on "Check prompt" when the store is swapped during React re-renders.

accounts@0.5.8

Patch Changes

  • b4c87a3: Fixed iframe dialog getting stuck on "Check prompt" when the store is swapped during React re-renders.
  • 567bf0a: Added accounts/react-native entrypoint with React Native adapter and storage implementation.

accounts@0.5.7

Patch Changes

  • cc334ff: Injected active chainId into transaction requests when the consumer does not provide one.

accounts@0.5.6

Patch Changes

  • 6eff229: Added privateKey support to dangerous_secp256k1() so wagmi configs could pin distinct signers per connector.

accounts@0.5.5

Patch Changes

  • b03c228: Bumped deps

accounts@0.5.4

Patch Changes

  • 4936c12: Fixed Dialog.iframe() injecting duplicate iframes by caching the instance as a singleton keyed by host.

accounts@0.5.3

Patch Changes

  • 7134f07: Updated internal dependencies.

accounts@0.5.2

Patch Changes

... (truncated)

Changelog

Sourced from accounts's changelog.

0.6.1

Patch Changes

  • 1aa18fe: Added feePayer to wallet_sendCalls capabilities and wallet_getCapabilities response.
  • 1aa18fe: Support feePayer: false to opt out of fee payers on a per-transaction basis when a provider-level fee payer is configured.

0.6.0

Minor Changes

  • 36db0d9: Breaking: Renamed feePayerUrl to feePayer.

0.5.9

Patch Changes

  • 901cfee: Fixed iframe dialog getting stuck on "Check prompt" when the store is swapped during React re-renders.

0.5.8

Patch Changes

  • b4c87a3: Fixed iframe dialog getting stuck on "Check prompt" when the store is swapped during React re-renders.
  • 567bf0a: Added accounts/react-native entrypoint with React Native adapter and storage implementation.

0.5.7

Patch Changes

  • cc334ff: Injected active chainId into transaction requests when the consumer does not provide one.

0.5.6

Patch Changes

  • 6eff229: Added privateKey support to dangerous_secp256k1() so wagmi configs could pin distinct signers per connector.

0.5.5

Patch Changes

  • b03c228: Bumped deps

0.5.4

Patch Changes

  • 4936c12: Fixed Dialog.iframe() injecting duplicate iframes by caching the instance as a singleton keyed by host.

... (truncated)

Commits
  • b9a121f chore: version packages (#181)
  • 1aa18fe feat: support feePayer: false opt-out; add feePayer capabilities (#180)
  • 9fd6988 chore: version packages (#179)
  • 36db0d9 feat: rename feePayerUrl to feePayer with precedence support (#178)
  • a41e590 chore: version packages (#177)
  • 901cfee fix: search previous stores for in-flight responses on iframe re-entry (#176)
  • d7737c4 chore(deps): bump actions/cache from 4.3.0 to 5.0.4 (#169)
  • 6d6901e chore: version packages (#174)
  • b4c87a3 fix: migrate pending requests on iframe singleton re-entry (#175)
  • 567bf0a feat: add accounts/react-native entrypoint (#155)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm-production group with 10 updates
c6e2b7a 
Bumps the npm-production group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [incur](https://github.com/wevm/incur) | `0.3.23` | `0.3.25` |
| [ox](https://github.com/wevm/ox) | `0.14.7` | `0.14.15` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.6.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.5` | `8.0.8` |
| [bun](https://github.com/oven-sh/bun) | `1.3.11` | `1.3.12` |
| [@metamask/sdk](https://github.com/MetaMask/metamask-sdk/tree/HEAD/packages/sdk) | `0.33.1` | `0.34.0` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.96.2` | `5.99.0` |
| [wagmi](https://github.com/wevm/wagmi/tree/HEAD/packages/react) | `3.6.1` | `3.6.2` |
| [@stripe/stripe-js](https://github.com/stripe/stripe-js) | `8.7.0` | `9.1.0` |
| [accounts](https://github.com/tempoxyz/accounts) | `0.4.12` | `0.6.1` |


Updates `incur` from 0.3.23 to 0.3.25
- [Release notes](https://github.com/wevm/incur/releases)
- [Changelog](https://github.com/wevm/incur/blob/main/CHANGELOG.md)
- [Commits](https://github.com/wevm/incur/compare/incur@0.3.23...incur@0.3.25)

Updates `ox` from 0.14.7 to 0.14.15
- [Release notes](https://github.com/wevm/ox/releases)
- [Commits](https://github.com/wevm/ox/compare/ox@0.14.7...ox@0.14.15)

Updates `@types/node` from 25.5.0 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `vite` from 8.0.5 to 8.0.8
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite)

Updates `bun` from 1.3.11 to 1.3.12
- [Release notes](https://github.com/oven-sh/bun/releases)
- [Commits](oven-sh/bun@bun-v1.3.11...bun-v1.3.12)

Updates `@metamask/sdk` from 0.33.1 to 0.34.0
- [Release notes](https://github.com/MetaMask/metamask-sdk/releases)
- [Changelog](https://github.com/MetaMask/metamask-sdk/blob/main/packages/sdk/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/metamask-sdk/commits/@metamask/sdk@0.34.0/packages/sdk)

Updates `@tanstack/react-query` from 5.96.2 to 5.99.0
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.99.0/packages/react-query)

Updates `wagmi` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/wevm/wagmi/releases)
- [Changelog](https://github.com/wevm/wagmi/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/wevm/wagmi/commits/wagmi@3.6.2/packages/react)

Updates `@stripe/stripe-js` from 8.7.0 to 9.1.0
- [Release notes](https://github.com/stripe/stripe-js/releases)
- [Commits](stripe/stripe-js@v8.7.0...v9.1.0)

Updates `accounts` from 0.4.12 to 0.6.1
- [Release notes](https://github.com/tempoxyz/accounts/releases)
- [Changelog](https://github.com/tempoxyz/accounts/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tempoxyz/accounts/compare/accounts@0.4.12...accounts@0.6.1)

---
updated-dependencies:
- dependency-name: incur
  dependency-version: 0.3.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: ox
  dependency-version: 0.14.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: vite
  dependency-version: 8.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: bun
  dependency-version: 1.3.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: "@metamask/sdk"
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.99.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
- dependency-name: wagmi
  dependency-version: 3.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
- dependency-name: "@stripe/stripe-js"
  dependency-version: 9.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-production
- dependency-name: accounts
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 17, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 17, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​typescript/​native-preview@​7.0.0-dev.20260416.110010072100100
Updatedincur@​0.3.23 ⏵ 0.3.2576 -310010097100
Updatedaccounts@​0.4.12 ⏵ 0.6.179 +110099 +197 +2100
Updatedwagmi@​3.6.1 ⏵ 3.6.280 +110079 +198 +1100
Updatedbun@​1.3.11 ⏵ 1.3.12911008097100
Updatedvite@​8.0.5 ⏵ 8.0.894 +110082 +198 +1100
Updated@​tanstack/​react-query@​5.96.2 ⏵ 5.99.09910088100 +1100
Updated@​stripe/​stripe-js@​8.9.0 ⏵ 9.1.010010010099 -1100

View full report

@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented Apr 17, 2026
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/mppx@360

commit: 81388fc

@brendanjryan
fix: update charge-wagmi example for accounts@0.6 / wagmi@3.6.2
96d11cc 
- Remove KeyManager (no longer exported from wagmi/tempo)
- Remove keyManager option from webAuthn() connector
- Remove capabilities.type from connect() calls (no longer in API)
@brendanjryan brendanjryan force-pushed the dependabot/npm_and_yarn/npm-production-f36a0e93de branch from e67c957 to 96d11cc Compare April 17, 2026 17:06
@brendanjryan
chore: pin example dependency versions
81388fc 
Replace "latest" specifiers with pinned ^versions so dependabot can
properly update the lockfile. Prevents ERR_PNPM_OUTDATED_LOCKFILE in CI.
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 20, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 20, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-production-f36a0e93de branch April 20, 2026 03:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brendanjryan