Skip to content

Update ui deps sync #694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update ui deps sync #694

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 17, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@rollup/plugin-commonjs (source) ^28.0.8 -> ^28.0.9 age adoption passing confidence
@rollup/plugin-replace (source) ^6.0.2 -> ^6.0.3 age adoption passing confidence
@rollup/plugin-typescript (source) ^12.1.4 -> ^12.3.0 age adoption passing confidence
@types/node (source) ^20.19.21 -> ^20.19.25 age adoption passing confidence
autoprefixer ^10.4.21 -> ^10.4.22 age adoption passing confidence
rollup (source) ^4.52.4 -> ^4.53.3 age adoption passing confidence

Release Notes

rollup/plugins (@​rollup/plugin-commonjs)

v28.0.9

2025-10-24

Bugfixes
  • fix: handle node: builtins with strictRequires: auto (#​1930)
rollup/plugins (@​rollup/plugin-replace)

v6.0.3

2025-10-29

Bugfixes
  • fix: update delimiters to respect valid js identifier chars (#​1938)
rollup/plugins (@​rollup/plugin-typescript)

v12.3.0

2025-10-23

Features
  • feat: expose latest Program to transformers in watch mode (#​1923)

v12.2.0

2025-10-22

Features
  • feat: process .js when allowJs is enabled (#​1920)
postcss/autoprefixer (autoprefixer)

v10.4.22

Compare Source

  • Fixed stretch prefixes on new Can I Use database.
  • Updated fraction.js.
rollup/rollup (rollup)

v4.53.3

Compare Source

2025-11-19

Bug Fixes
  • Fix an error where too many modules where flagged for having an unused external import (#​6182)
  • Fix an error where an assignment was wrongly tree-shaken when mutating it (#​6183)
Pull Requests

v4.53.2

Compare Source

2025-11-10

Bug Fixes
  • Do not throw when using invalid escape sequences in template literals (#​6177)
Pull Requests

v4.53.1

Compare Source

2025-11-07

Bug Fixes
Pull Requests

v4.53.0

Compare Source

2025-11-07

Features
  • Improve rendering performance by caching generated variable names (#​5947)
Pull Requests

v4.52.5

Compare Source

2025-10-18

Bug Fixes
  • Always produce valid UUIDs as debugIds in sourcemaps (#​6144)
Pull Requests

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner October 17, 2025 02:41
@socket-security
Copy link

socket-security bot commented Oct 17, 2025
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block High
High CVE: Axios is vulnerable to DoS attack through lack of data size check

CVE: GHSA-4hjh-wcwx-xvwj Axios is vulnerable to DoS attack through lack of data size check (HIGH)

Affected versions: >= 1.0.0 < 1.12.0; < 0.30.2

Patched version: 1.12.0

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm amdefine is 100.0% likely to have a medium risk anomaly

Notes: The code implements a global module loader hook that prepends a require('amdefine')(module) shim to nearly all .js modules before they are compiled. This is not directly overtly malicious, but it is a high-impact supply-chain/style modification: it alters every module load, can obscure behavior from static analysis, and increases attack surface if an attacker can modify this package or the amdefine module. Use of this module should be considered a risk in environments that require strict control of execution semantics or provenance; review and pin amdefine and this loader carefully. No clear evidence of direct data exfiltration or backdoor in this fragment.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm asynckit is 100.0% likely to have a medium risk anomaly

Notes: The analyzed code is a standard wrapper/adapter for long-signature iterators in a streaming context. It includes proper handling to avoid duplicate callbacks, emits errors correctly, and finalizes the stream appropriately. There is no indication of malicious behavior, data exfiltration, or backdoor-like mechanisms. The risk is minimal and primarily relates to correct usage by downstream code (e.g., ensuring stream object has the expected properties).

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm axios is 100.0% likely to have a medium risk anomaly

Notes: The code appears to be a standard, well-scoped progress-event utility used to report progress (upload/download) to a consumer listener. It reads input from the event object and computes metrics, then forwards a structured payload to a listener. A minor data exposure risk exists due to passing the raw event object to the listener; mitigations include sanitizing the payload or removing the event object before emission. Overall security risk remains modest, with malware likelihood negligible in this isolated module.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm axios is 100.0% likely to have a medium risk anomaly

Notes: The code is a legitimate, self-contained throttling transformer designed for Axios-like streaming workflows. It throttles data output based on maxRate and timeWindow, preserves data integrity by splitting chunks when necessary, and emits optional progress telemetry. No malicious activity or data leakage is detected in this fragment. Security risk remains moderate due to throttling complexity and potential misconfiguration in real deployments, but the module itself does not introduce obvious security flaws.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm chalk is 100.0% likely to have a medium risk anomaly

Notes: This is a conventional Chalk-like color-styling module. It exhibits expected behavior for terminal styling, uses environment checks for compatibility, and does not demonstrate malicious activity, data leakage, or external communications. Security risk is low in isolation; the primary considerations are safe usage in environments where ANSI sequences could affect log readability or concealment, and ensuring trusted template renderingCode integrity. Overall, the component appears benign within its described scope.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm fs-extra is 100.0% likely to have a medium risk anomaly

Notes: The copy.js module appears to be a legitimate and secure filesystem copy utility with appropriate safeguards and options. No malicious activity detected, and typical supply-chain risk is limited to the general risk of filesystem operations. The code is suitable for inclusion in a package like fs-extra with normal risk expectations.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm node-addon-api is 100.0% likely to have a medium risk anomaly

Notes: The script is a legitimate formatting helper within a Node.js project. It orchestrates clang-format via git-clang-format, supports fix and diff modes, and provides actionable feedback to the developer. While operational dependencies exist, no malicious activity or data leakage is evident based on the provided code and typical usage.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@openzeppelin/[email protected]npm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm pbkdf2 is 72.0% likely to have a medium risk anomaly

Notes: The code is a straightforward and correct PBKDF2 implementation using HMAC with support for multiple digests and standard input handling. No malicious behavior detected. Security risk mainly derives from correct usage (encodings, salt handling, and proper key length) and from the absence of explicit side-channel hardening within the function. Recommendations focus on careful integration and memory hygiene, and optional refinements for side-channel resilience in high-assurance contexts.

Confidence: 0.72

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@openzeppelin/[email protected]npm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm sc-istanbul is 100.0% likely to have a medium risk anomaly

Notes: No direct malicious actions (network exfiltration, reverse shells, or hard-coded credentials) are present in this fragment. However, the module intentionally monkeypatches Node's module loader and VM APIs to transform and execute code at load time. Those capabilities are high-risk: if a malicious transformer/matcher is supplied (or if the package itself is replaced with a malicious version), it can inject arbitrary code into any loaded module, enabling supply-chain attacks, data theft, or backdoors. Reviewers should treat usage of this module as a high-privilege operation, ensure transformers are trusted, and limit hook usage to controlled environments.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm undici is 100.0% likely to have a medium risk anomaly

Notes: The analyzed code appears to implement a standard in-memory cache batch operation flow (put/delete) with careful handling of response bodies by buffering and storing bytes for caching. No signs of malware, data exfiltration, backdoors, or obfuscated behavior were found. The primary security considerations relate to memory usage from buffering potentially large response bodies and ensuring robust validation within batch operations to prevent cache state corruption. Overall risk is moderate, driven by in-memory data handling rather than external communication.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/upgradeable/package-lock.jsonnpm/@openzeppelin/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm viem is 100.0% likely to have a medium risk anomaly

Notes: The code implements a cross-chain deposit flow with proper validations, artifact reads, and on-chain interactions. There is no evidence of hidden backdoors, data exfiltration, or malware. The main security considerations relate to token approval logic and correct configuration of flags to avoid granting excessive allowances. Overall, the module appears legitimate for a bridge deposit flow, with moderate risk primarily around configuration of approvals and correct handling of gas/fees.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm ws is 100.0% likely to have a medium risk anomaly

Notes: The code implements a standard EventTarget-like mixin for wrapping event listeners and dispatching events to user callbacks. There are no suspicious patterns such as dynamic code execution, hardcoded secrets, or network activity. The risk is contingent on what the consumer does inside their handlers; the snippet itself does not introduce malware or data leakage mechanisms beyond normal event dispatch. Overall security risk is low in isolation.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@openzeppelin/[email protected]npm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm ws is 100.0% likely to have a medium risk anomaly

Notes: The code implements a standard EventTarget-like mixin for wrapping event listeners and dispatching events to user callbacks. There are no suspicious patterns such as dynamic code execution, hardcoded secrets, or network activity. The risk is contingent on what the consumer does inside their handlers; the snippet itself does not introduce malware or data leakage mechanisms beyond normal event dispatch. Overall security risk is low in isolation.

Confidence: 1.00

Severity: 0.60

From: packages/core/solidity/src/environments/hardhat/package-lock.jsonnpm/@nomicfoundation/[email protected]npm/@nomicfoundation/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm buffer is 96.0% likely obfuscated

Confidence: 0.96

Location: Package overview

From: packages/core/solidity/src/environments/hardhat/upgradeable/package-lock.jsonnpm/@openzeppelin/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 17, 2025
edited
Loading

Walkthrough

Package.json devDependencies updated: @types/node from ^20.19.21 to ^20.19.22 and rollup from ^4.52.4 to ^4.52.5. These are patch version updates with no runtime behavior changes.

Changes

Cohort / File(s) Summary
DevDependency version updates
packages/ui/package.json		 @types/node: ^20.19.21 → ^20.19.22; rollup: ^4.52.4 → ^4.52.5

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested reviewers

  • ericglau
  • collins-w

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title "Update ui deps sync" is directly related to the changeset, which updates dependencies in the packages/ui/package.json file (@types/node and rollup versions). The title accurately indicates the primary change involves updating UI package dependencies, and a teammate scanning the commit history would understand this is about dependency updates for the UI package. While the term "sync" is somewhat informal and could be more explicit about which dependencies are affected, the title is sufficiently clear and specific to describe the main change.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
Description check ✅ Passed The pull request description clearly outlines dependency updates with a detailed table and release notes, directly relating to the changeset.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/ui-deps-sync

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot changed the title Update dependency @types/node to ^20.19.22 Update ui deps sync Oct 18, 2025
@renovate renovate bot force-pushed the renovate/ui-deps-sync branch 6 times, most recently from 48f60b5 to 3a00523 Compare October 24, 2025 14:45
@renovate renovate bot force-pushed the renovate/ui-deps-sync branch 8 times, most recently from 8c719e6 to e42c08d Compare November 3, 2025 20:14
@renovate renovate bot force-pushed the renovate/ui-deps-sync branch 12 times, most recently from c81f512 to 2acb5f1 Compare November 12, 2025 04:13
@renovate renovate bot force-pushed the renovate/ui-deps-sync branch 5 times, most recently from 4d03f74 to 738a136 Compare November 18, 2025 11:06
@renovate renovate bot force-pushed the renovate/ui-deps-sync branch from 738a136 to 090c603 Compare November 19, 2025 10:03
@socket-security
Copy link

socket-security bot commented Nov 19, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​nomicfoundation/​hardhat-toolbox@​6.1.0981007679100
Added@​openzeppelin/​hardhat-upgrades@​3.9.19910010086100
Updatedhardhat@​2.26.3 ⏵ 2.26.594 +110092 +297 +180

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant