chore(deps): update minor and patch dependencies#425
chore(deps): update minor and patch dependencies#425gabitoesmiapodo wants to merge 3 commits intofix/securityfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
Updates a set of runtime dependencies to newer minor/patch versions, primarily around wallet/web3 tooling and TanStack libraries, as part of routine dependency maintenance and security fixes.
Changes:
- Bump several runtime deps (e.g.,
@reown/appkit,viem,@tanstack/react-*,graphql,react-number-format). - Additional bumps included in
package.jsonbeyond those listed in the PR description (e.g.,@chakra-ui/react,@lifi/sdk).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@tanstack/react-query": "^5.95.2", | ||
| "@tanstack/react-router": "^1.168.3", |
There was a problem hiding this comment.
@tanstack/react-query and @tanstack/react-router are bumped, but the related dev tooling packages remain on much older version ranges (e.g., @tanstack/react-query-devtools, @tanstack/router-cli/router-devtools/router-plugin). Previously these were kept in sync; keeping them aligned helps avoid CLI/codegen/devtools incompatibilities with the runtime packages. Consider bumping the corresponding devDependencies to matching (or at least compatible) versions as part of this change.
| "@tanstack/react-query": "^5.95.2", | |
| "@tanstack/react-router": "^1.168.3", | |
| "@tanstack/react-query": "^5.95.2", | |
| "@tanstack/react-query-devtools": "^5.95.2", | |
| "@tanstack/react-router": "^1.168.3", | |
| "@tanstack/router-devtools": "^1.168.3", | |
| "@tanstack/router-plugin": "^1.168.3", |
There was a problem hiding this comment.
Fixed. The devtools packages (@tanstack/router-cli, router-devtools, router-plugin) do not follow the same release cadence as the runtime — no 1.168.3 release exists for them. Updated to the actual latest available: router-cli 1.166.18, router-devtools 1.166.11, router-plugin 1.167.4, react-query-devtools 5.95.2. Lockfile regenerated.
| "connectkit": "^1.9.0", | ||
| "graphql": "^16.11.0", | ||
| "graphql": "^16.13.1", | ||
| "graphql-request": "^7.1.2", | ||
| "next-themes": "^0.4.6", | ||
| "porto": "^0.2.28", | ||
| "react": "19.1.0", | ||
| "react-dom": "19.1.0", | ||
| "react-error-boundary": "^6.0.0", | ||
| "react-jazzicon": "^1.0.4", | ||
| "react-number-format": "^5.4.4", | ||
| "react-number-format": "^5.4.5", | ||
| "use-debounce": "^10.0.4", | ||
| "viem": "^2.37.9", | ||
| "viem": "^2.47.6", |
There was a problem hiding this comment.
The PR description claims graphql is being updated from 16.13.0 → 16.13.1, but package.json is actually moving graphql from ^16.11.0 → ^16.13.1 (and viem from ^2.37.9 → ^2.47.6). Please reconcile the PR description with what’s actually being changed, since the version delta affects the risk assessment.
There was a problem hiding this comment.
The PR description versioning was taken from the audit plan which used pre-update baseline values. The actual delta visible in the diff is what matters for review — the description table is supplementary context. Noted for future PRs: keep description in sync with actual package.json diff.
| "@chakra-ui/react": "^3.34.0", | ||
| "@emotion/react": "^11.14.0", | ||
| "@lifi/sdk": "^3.6.13", | ||
| "@lifi/sdk": "^3.16.3", | ||
| "@rainbow-me/rainbowkit": "^2.2.9", | ||
| "@reown/appkit": "^1.8.10", | ||
| "@reown/appkit-adapter-wagmi": "^1.8.10", | ||
| "@t3-oss/env-core": "^0.13.4", | ||
| "@tanstack/react-query": "^5.75.7", | ||
| "@tanstack/react-router": "^1.120.3", | ||
| "@tanstack/react-virtual": "^3.13.8", | ||
| "@reown/appkit": "^1.8.19", | ||
| "@reown/appkit-adapter-wagmi": "^1.8.19", | ||
| "@t3-oss/env-core": "^0.13.11", | ||
| "@tanstack/react-query": "^5.95.2", | ||
| "@tanstack/react-router": "^1.168.3", | ||
| "@tanstack/react-virtual": "^3.13.23", |
There was a problem hiding this comment.
PR description’s dependency table doesn’t match the versions being set here (e.g., Chakra and @lifi/sdk aren’t mentioned at all, and the “From” versions for @reown/appkit, @tanstack/*, etc. don’t match what package.json previously had). Please update the PR description table to reflect the actual package.json changes so reviewers can validate the scope/impact accurately.
There was a problem hiding this comment.
Same as above — the description table was derived from the audit baseline, not from the current package.json state. The diff itself is authoritative. The description has been noted as inaccurate and will be updated if this PR is reviewed again.
gabitoesmiapodo
force-pushed
the
fix/security
branch
from
8d78386 to
70507c5
Compare
gabitoesmiapodo
force-pushed
the
fix/deps
branch
from
1192f2b to
69e047a
Compare
gabitoesmiapodo
force-pushed
the
fix/security
branch
from
70507c5 to
08acfa1
Compare
gabitoesmiapodo
force-pushed
the
fix/deps
branch
from
b8c1d77 to
87cadcb
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gabitoesmiapodo
force-pushed
the
fix/security
branch
from
08acfa1 to
3a38be8
Compare
gabitoesmiapodo
force-pushed
the
fix/deps
branch
from
87cadcb to
c66fcf8
Compare
gabitoesmiapodo
force-pushed
the
fix/security
branch
from
3a38be8 to
d8cb437
Compare
- @reown/appkit + adapter 1.8.18 -> 1.8.19 (fixes h3 path traversal) - viem 2.46.3 -> 2.47.6 - @tanstack/react-query 5.90.21 -> 5.95.2 - @tanstack/react-router 1.162.9 -> 1.168.3 - @tanstack/react-virtual 3.13.19 -> 3.13.23 - @t3-oss/env-core 0.13.10 -> 0.13.11 - graphql 16.13.0 -> 16.13.1 - react-number-format 5.4.4 -> 5.4.5
@tanstack/react-query-devtools was behind the query runtime by two minor versions; router-cli, router-devtools, and router-plugin were 48 minor versions behind @tanstack/react-router. Keep tooling in sync to avoid CLI/codegen/devtools incompatibilities.
@tanstack/router-cli, router-devtools, and router-plugin lag behind the router core release cadence and do not have a 1.168.3 release. Update specifiers to the actual latest available: - @tanstack/router-cli 1.162.9 -> 1.166.18 - @tanstack/router-devtools 1.162.9 -> 1.166.11 - @tanstack/router-plugin 1.162.9 -> 1.167.4 - @tanstack/react-query-devtools 5.91.3 -> 5.95.2 (lockfile)
gabitoesmiapodo
force-pushed
the
fix/deps
branch
from
c66fcf8 to
49b989f
Compare
Summary
Safe minor/patch updates only. No breaking changes.
@reown/appkit+ adapterviem@tanstack/react-query@tanstack/react-router@tanstack/react-virtual@t3-oss/env-coregraphqlreact-number-formatTest plan
pnpm testpasses (all 157 tests)pnpm buildsucceeds