Bump the minor group across 1 directory with 16 updates #1230

dependabot · 2025-01-24T18:14:01Z

Bumps the minor group with 15 updates in the / directory:

Package	From	To
@creit.tech/stellar-wallets-kit	`1.2.5`	`1.4.1`
@stellar/stellar-sdk	`13.0.0`	`13.1.0`
@tanstack/react-query	`5.59.0`	`5.64.2`
@tanstack/react-query-devtools	`5.59.0`	`5.64.2`
dompurify	`3.1.7`	`3.2.3`
@types/dompurify	`3.0.5`	`3.2.0`
html-react-parser	`5.1.18`	`5.2.2`
tslib	`2.7.0`	`2.8.1`
zustand-querystring	`0.0.19`	`0.1.0`
@playwright/test	`1.47.2`	`1.50.0`
@types/node	`22.7.4`	`22.10.10`
lint-staged	`15.2.10`	`15.4.2`
prettier	`3.3.3`	`3.4.2`
sass	`1.79.4`	`1.83.4`
typescript	`5.6.2`	`5.7.3`

Updates @creit.tech/stellar-wallets-kit from 1.2.5 to 1.4.1

Release notes

Sourced from @creit.tech/stellar-wallets-kit's releases.

v1.4.1

1.4.1 (2025-01-09)

Fix

Make the Trezor module to work with Webpack projects

v1.4.0

1.4.0 (2024-12-20)

Add

Add Trezor wallets support

Update the returned value from the openAccountSelector method in the Ledger module.

v1.3.0

1.3.0 (2024-12-05)

Add

Add Ledger wallets support

Add new "account selector" component which can be used by wallets based on mnemonic phrases or similar (for example hardware wallets)

Merge PR #48 - Add signMessage support for Hana wallet

Changelog

Sourced from @creit.tech/stellar-wallets-kit's changelog.

1.4.1 (2025-01-09)

Fix

Make the Trezor module to work with Webpack projects

1.4.0 (2024-12-20)

Add

Add Trezor wallets support

Update the returned value from the openAccountSelector method in the Ledger module.

1.3.0 (2024-12-05)

Add

Add Ledger wallets support

Add new "account selector" component which can be used by wallets based on mnemonic phrases or similar (for example hardware wallets)

Merge PR #48 - Add signMessage support for Hana wallet

Commits

0cdcd9f Upgrade to 1.4.1
4d2a2c5 Upgrade to 1.4.1
2d88524 Upgrade to 1.4.0
5c127a3 Add new TrezorModule and update Ledger returned value from the `openAccountSe...
97dbed6 Upgrade to 1.3.0
25ba71f Merge branch 'feature/ledger-module'
df4b109 Merge remote-tracking branch 'origin/main'
397ed62 Add ledger module
62c9c4d Merge pull request #48 from Hana-Technology/hana-wallet-sign-message
6f460b3 Added signMessage support for Hana
See full diff in compare view

Updates @stellar/stellar-sdk from 13.0.0 to 13.1.0

Release notes

Sourced from @stellar/stellar-sdk's releases.

v13.1.0

v13.1.0

Added

Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).

rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

Contributors

@Shaptic, @overcat

@nnsW3 made their first contribution in stellar/js-stellar-sdk#1083

Full Changelog: stellar/js-stellar-sdk@v13.0.0...v13.1.0

Changelog

Sourced from @stellar/stellar-sdk's changelog.

v13.1.0

Added

Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).

rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

Commits

d147768 Prepare v13.1.0 for release (#1123)
548e5c3 Move the cursor field in rpc.Server.getEvents to the right place (#1124)
3988271 Added Horizon.Server.root to obtain information from the Horizon root endpo...
3304995 Fetch metadata via RPC instead of relying on the Friendbot response (#1107)
bb2e5ba Bump the minor-and-patch group across 1 directory with 4 updates (#1111)
25ff204 Fix misc. spelling issues in docs (#1083)
24c5032 Allow npm publish to be run manually (#1105)
83de316 Drop the protocol-22-beta when publishing to npm (#1104)
See full diff in compare view

Updates @tanstack/react-query from 5.59.0 to 5.64.2

Release notes

Sourced from @tanstack/react-query's releases.

v5.64.2

Version 5.64.2 - 1/19/25, 8:45 AM

Changes

Fix

react-query: add missing subscribed option to UseInfiniteQueryOptions (#8546) (3e3fba9) by Seyed Mohammad Asadi

Chore

deps: replace rimraf with premove (#8532) (f04dd19) by Lachlan Collins

Packages

@tanstack/eslint-plugin-query@5.64.2

@tanstack/query-async-storage-persister@5.64.2

@tanstack/query-broadcast-client-experimental@5.64.2

@tanstack/query-core@5.64.2

@tanstack/query-devtools@5.64.2

@tanstack/query-persist-client-core@5.64.2

@tanstack/query-sync-storage-persister@5.64.2

@tanstack/react-query@5.64.2

@tanstack/react-query-devtools@5.64.2

@tanstack/react-query-persist-client@5.64.2

@tanstack/react-query-next-experimental@5.64.2

@tanstack/solid-query@5.64.2

@tanstack/solid-query-devtools@5.64.2

@tanstack/solid-query-persist-client@5.64.2

@tanstack/svelte-query@5.64.2

@tanstack/svelte-query-devtools@5.64.2

@tanstack/svelte-query-persist-client@5.64.2

@tanstack/vue-query@5.64.2

@tanstack/vue-query-devtools@5.64.2

@tanstack/angular-query-devtools-experimental@5.64.2

@tanstack/angular-query-experimental@5.64.2

v5.64.1

Version 5.64.1 - 1/13/25, 1:23 PM

Changes

Fix

types: support both Array and ReadonlyArray for typed query and mutation keys (#8529) (8d174c8) by @neefrehman

Packages

@tanstack/query-core@5.64.1

@tanstack/query-broadcast-client-experimental@5.64.1

... (truncated)

Commits

d4d2466 release: v5.64.2
3e3fba9 fix(react-query): add missing subscribed option to UseInfiniteQueryOptions (#...
f04dd19 chore(deps): replace rimraf with premove (#8532)
e3e8814 release: v5.64.1
4a589bf release: v5.64.0
564e549 release: v5.63.0
e2bc216 feat(react-query): allow useQuery and useQueries to unsubscribe from the quer...
3c5d8e3 release: v5.62.16
c91c590 release: v5.62.14
0503282 fix(react-query): ensureSuspenseTimers should ALWAYS set staleTime to 1000 wh...
Additional commits viewable in compare view

Updates @tanstack/react-query-devtools from 5.59.0 to 5.64.2

Release notes

Sourced from @tanstack/react-query-devtools's releases.

v5.64.2

Version 5.64.2 - 1/19/25, 8:45 AM

Changes

Fix

react-query: add missing subscribed option to UseInfiniteQueryOptions (#8546) (3e3fba9) by Seyed Mohammad Asadi

Chore

deps: replace rimraf with premove (#8532) (f04dd19) by Lachlan Collins

Packages

@tanstack/eslint-plugin-query@5.64.2

@tanstack/query-async-storage-persister@5.64.2

@tanstack/query-broadcast-client-experimental@5.64.2

@tanstack/query-core@5.64.2

@tanstack/query-devtools@5.64.2

@tanstack/query-persist-client-core@5.64.2

@tanstack/query-sync-storage-persister@5.64.2

@tanstack/react-query@5.64.2

@tanstack/react-query-devtools@5.64.2

@tanstack/react-query-persist-client@5.64.2

@tanstack/react-query-next-experimental@5.64.2

@tanstack/solid-query@5.64.2

@tanstack/solid-query-devtools@5.64.2

@tanstack/solid-query-persist-client@5.64.2

@tanstack/svelte-query@5.64.2

@tanstack/svelte-query-devtools@5.64.2

@tanstack/svelte-query-persist-client@5.64.2

@tanstack/vue-query@5.64.2

@tanstack/vue-query-devtools@5.64.2

@tanstack/angular-query-devtools-experimental@5.64.2

@tanstack/angular-query-experimental@5.64.2

v5.64.1

Version 5.64.1 - 1/13/25, 1:23 PM

Changes

Fix

types: support both Array and ReadonlyArray for typed query and mutation keys (#8529) (8d174c8) by @neefrehman

Packages

@tanstack/query-core@5.64.1

@tanstack/query-broadcast-client-experimental@5.64.1

... (truncated)

Commits

d4d2466 release: v5.64.2
f04dd19 chore(deps): replace rimraf with premove (#8532)
e3e8814 release: v5.64.1
4a589bf release: v5.64.0
564e549 release: v5.63.0
3c5d8e3 release: v5.62.16
c91c590 release: v5.62.14
b25a41e release: v5.62.12
8f72f59 release: v5.62.11
4f90639 release: v5.62.10
Additional commits viewable in compare view

Updates @trezor/connect-web from 9.4.4 to 9.4.7

Commits

See full diff in compare view

Updates dompurify from 3.1.7 to 3.2.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.3

Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser

Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

DOMPurify 3.2.2

Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @yaniv-git

Fixed several minor issues with the type definitions, thanks again @reduckted

Fixed a minor issue with the types reference for trusted types, thanks @reduckted

Fixed a minor problem with the template detection regex on some systems, thanks @svdb99

DOMPurify 3.2.1

Fixed several minor issues with the type definitions, thanks @reduckted @ghiscoding @asamuzaK @MiniDigger

Fixed an issue with non-minified dist files and order of imports, thanks @reduckted

DOMPurify 3.2.0

Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others

Fixed a minor issue with the handling of hooks, thanks @kevin-mizu

Commits

f1106aa chore: Preparing 3.2.3 release
9c71e04 fix: Added clobbering check for sanitizeAttribute to prevent an error
c183cd6 fix: Fixed a config-dependent bypass caused by skipped attribute checks, than...
6e76ece fix: Fixed a config-dependent bypass relating to data-attributes, thanks @Slo...
c3879a5 Merge pull request #1041 from CoryHrycko/patch-1
0e1c724 Update tags.ts
8513afd Update README.md
b883b9e Update README.md
3b4b5e9 Merge pull request #1037 from svdb99/main
b9e9087 Fix #1033
Additional commits viewable in compare view

Updates @types/dompurify from 3.0.5 to 3.2.0

Commits

See full diff in compare view

Updates html-react-parser from 5.1.18 to 5.2.2

Release notes

Sourced from html-react-parser's releases.

v5.2.2

5.2.2 (2024-12-25)

Build System

deps: bump html-dom-parser from 5.0.12 to 5.0.13 (#1652) (ff0b897)

v5.2.1

5.2.1 (2024-12-16)

Bug Fixes

package: bump html-dom-parser to 5.0.12 so that \\r isn't escaped (#1642) (a1ef928), closes #1634

v5.2.0

5.2.0 (2024-12-06)

Features

package: add react 19 to package.json peerDependencies (8b6506c), closes #1455 #1501

v5.1.19

5.1.19 (2024-12-04)

Bug Fixes

deps: bump html-dom-parser from 5.0.10 to 5.0.11 (#1623) (f11fa35), closes #864 #1617

Changelog

Sourced from html-react-parser's changelog.

5.2.2 (2024-12-25)

Build System

deps: bump html-dom-parser from 5.0.12 to 5.0.13 (#1652) (ff0b897)

5.2.1 (2024-12-16)

Bug Fixes

package: bump html-dom-parser to 5.0.12 so that \\r isn't escaped (#1642) (a1ef928), closes #1634

5.2.0 (2024-12-06)

Features

package: add react 19 to package.json peerDependencies (8b6506c), closes #1455 #1501

5.1.19 (2024-12-04)

Bug Fixes

deps: bump html-dom-parser from 5.0.10 to 5.0.11 (#1623) (f11fa35), closes #864 #1617

Commits

9e89abc Merge pull request #1653 from remarkablemark/release-please--branches--master...
df83051 chore(master): release 5.2.2
ff0b897 build(deps): bump html-dom-parser from 5.0.12 to 5.0.13 (#1652)
1987ef5 build(deps-dev): bump the typescript-eslint group with 2 updates (#1651)
b551806 build(deps-dev): bump rollup from 4.28.1 to 4.29.1 (#1650)
b362004 build(deps-dev): bump preact from 10.25.2 to 10.25.3 (#1646)
525aef2 build(deps-dev): bump globals from 15.13.0 to 15.14.0 (#1647)
df4408f build(deps-dev): bump the typescript-eslint group with 2 updates (#1645)
2360c28 build(package): correct repository url error
ad1812d Merge pull request #1644 from remarkablemark/release-please--branches--master...
Additional commits viewable in compare view

Updates tslib from 2.7.0 to 2.8.1

Release notes

Sourced from tslib's releases.

v2.8.1

What's Changed

Fix publish workflow by @andrewbranch in microsoft/tslib#271

Include non-enumerable keys in __importStar helper by @rbuckton in microsoft/tslib#272

Remove use of ES2015 syntax by @andrewbranch in microsoft/tslib#275

Full Changelog: microsoft/tslib@v2.8.0...v2.8.1

v2.8.0

What's Changed

Validate export structure of every entrypoint by @andrewbranch in microsoft/tslib#269

Add rewriteRelativeImportExtension helper by @andrewbranch in microsoft/tslib#270

Full Changelog: microsoft/tslib@v2.7.0...v2.8.0

Commits

d72d6f7 2.8.1
11fa982 Merge pull request #275 from microsoft/bug/es5-compat
3c532eb Remove use of ES2015 syntax
b0076c4 Include non-enumerable keys in __importStar helper (#272)
7c11588 Add missing registry-url parameter
1fec667 Merge pull request #271 from microsoft/fix-publish
097e99e Fix publish workflow
ca5f7fb 2.8.0
2334267 Merge pull request #270 from microsoft/rewriteRelativeImportExtension
c4cde74 Missed update
Additional commits viewable in compare view

Updates zustand-querystring from 0.0.19 to 0.1.0

Release notes

Sourced from zustand-querystring's releases.

0.1.0, new URL encoding

0.1.0 is a breaking change. The URL encoding and decoding is simplified. Before 0.1.0, zustand-querystring used a proprietary format to encode the state in the URL. While this made the URL more readable and short, it could cause unexpected issues when other tools/libraries tried to parse it. In this new version, encoding and decoding is handled by encodeURIComponent and decodeURIComponent. This makes the state in the URL unreadable, but should be more compatible with third-party tools.

Commits

68a9dac chore: release v0.1.0
983c6f0 simplify implementation, use plain encodeURIComponent
b604a2b chore: release v0.0.20-beta.0
b6e7342 fix url encoding
See full diff in compare view

Updates @playwright/test from 1.47.2 to 1.50.0

Release notes

Sourced from @playwright/test's releases.

v1.50.0

Test runner
New option timeout allows specifying a maximum run time for an individual test step. A timed-out step will fail the execution of the test.
test('some test', async ({ page }) => {
  await test.step('a step', async () => {
    // This step can time out separately from the test
  }, { timeout: 1000 });
});
New method test.step.skip() to disable execution of a test step.
test('some test', async ({ page }) => {
  await test.step('before running step', async () => {
    // Normal step
  });
await test.step.skip('not yet ready', async () => {
// This step is skipped
});
await test.step('after running step', async () => {
// This step still runs even though the previous one was skipped
});
});
Expanded expect(locator).toMatchAriaSnapshot() to allow storing of aria snapshots in separate YAML files.

Added method expect(locator).toHaveAccessibleErrorMessage() to assert the Locator points to an element with a given aria errormessage.

Option testConfig.updateSnapshots added the configuration enum changed. changed updates only the snapshots that have changed, whereas all now updates all snapshots, regardless of whether there are any differences.
New option testConfig.updateSourceMethod defines the way source code is updated when testConfig.updateSnapshots is configured. Added overwrite and 3-way modes that write the changes into source code, on top of existing patch mode that creates a patch file.
npx playwright test --update-snapshots=changed --update-source-method=3way
Option testConfig.webServer added a gracefulShutdown field for specifying a process kill signal other than the default SIGKILL.

Exposed testStep.attachments from the reporter API to allow retrieval of all attachments created by that step.
UI updates

Updated default HTML reporter to improve display of attachments.

New button for picking elements to produce aria snapshots.

Additional details (such as keys pressed) are now displayed alongside action API calls in traces.

Display of canvas content in traces is error-prone. Display is now disabled by default, and can be enabled via the Display canvas content UI setting.

Call and Network panels now display additional time information.

Breaking

... (truncated)

Commits

9d22178 chore: mark v1.50.0 (#34447)
5d6ac96 cherry-pick(#34442): fix(test runner): respect updateSourceMethod from the co...
97b76b4 cherry-pick(#34440): chore(driver): roll driver to recent Node.js LTS version
7bbcc3c cherry-pick(#34353): chore: move attachment link back to tree item, make it f...
2811a1d cherry-pick(#34430): docs: switch gracefulShutdown to primarily mention SIGTE...
2b8d1ce cherry-pick(#34380): docs: release notes for v1.50 js (#34425)
715eb25 cherry-pick(#34409): fix(aria snapshot): make rebase work when options are sp...
6106ef0 cherry-pick(#34410): fix(list reporter): do not break after output without tr...
09cd74f cherry-pick(#34407): fix(step.skip): show a skipped indicator in UI mode (#34...
cc6eb09 cherry-pick(#34386): chore: step timeout improvements (#34387)
Additional commits viewable in compare view

Updates @types/dompurify from 3.0.5 to 3.2.0

Commits

See full diff in compare view

Updates @types/node from 22.7.4 to 22.10.10

Commits

See full diff in compare view

Updates lint-staged from 15.2.10 to 15.4.2

Release notes

Sourced from lint-staged's releases.

v15.4.2

Patch Changes

#1509 8827ebf Thanks @iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

v15.4.1

Patch Changes

#1504 1c7a45e Thanks @iiroj! - Default TypeScript config filenames match JS equivalents.

#1504 9cc18c9 Thanks @iiroj! - Add missing conditional exports syntax for TypeScript types.

v15.4.0

Minor Changes
#1500 a8ec1dd Thanks @iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:
/**
 * @filename: lint-staged.config.js
 * @type {import('lint-staged').Configuration}
 */
export default {
  '*': 'prettier --write',
}
It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.
export NODE_OPTIONS="--experimental-strip-types"
npx lint-staged --config lint-staged.config.ts
Patch Changes

#1501 9b79364 Thanks @iiroj! - Handle possible failures when logging user shell for debug info.

v15.3.0

Minor Changes
#1495 e69da9e Thanks @iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.
#1493 fa0fe98 Thanks @iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

For example:
% npx lint-staged
✔ Backed up original state in git stash (20addf8)

... (truncated)

Changelog

Sourced from lint-staged's changelog.

15.4.2

Patch Changes

#1509 8827ebf Thanks @iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

15.4.1

Patch Changes

#1504 1c7a45e Thanks @iiroj! - Default TypeScript config filenames match JS equivalents.

#1504 9cc18c9 Thanks @iiroj! - Add missing conditional exports syntax for TypeScript types.

15.4.0

Minor Changes
#1500 a8ec1dd Thanks @iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:
/**
 * @filename: lint-staged.config.js
 * @type {import('lint-staged').Configuration}
 */
export default {
  '*': 'prettier --write',
}
It's also possible to use the .ts file extension for the configuration if your Node.js version supports it. The --experimental-strip-types flag was introduced in Node.js v22.6.0 and unflagged in v23.6.0, enabling Node.js to execute TypeScript files without additional configuration.
export NODE_OPTIONS="--experimental-strip-types"
npx lint-staged --config lint-staged.config.ts
Patch Changes

#1501 9b79364 Thanks @iiroj! - Handle possible failures when logging user shell for debug info.

15.3.0

Minor Changes

#1495 e69da9e Thanks @iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

#1493 fa0fe98 Thanks @iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

... (truncated)

Commits

aef9e5c chore(changeset): release (#1510)
8827ebf build(dependencies): update dependencies and switch to caret ranges (#1509)
7f69b3f docs: generalize description from 'linting' to 'tasks' (#1507)
1c93c9e chore(changeset): release (#1505)
c020664 Merge pull request #1504 from lint-staged/fix-typescript
1c7a45e fix: default TypeScript config filenames match JS equivalents
9cc18c9 fix: add missing conditional export for TypeScript types
7ff1e58 chore(changeset): release (#1502)
b881830 docs: adjust README regarding TypeScript
41c9fee docs: sync changelog and README regarding TypeScript
Additional commits viewable in compare view

Updates prettier from 3.3.3 to 3.4.2

Release notes

Sourced from prettier's releases.

3.4.2

🔗 Changelog

3.4.1

🔗 Changelog

3.4.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.4.2

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#16796 by @tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

C言
語
・
C++
・
Go
・
Rust

C言語・ C++ ・ Go ・ Rust

C言語・C++・Go・Rust
U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#16891 by @fisker)
// Input
class A {
  @decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}
// Prettier 3.4.1
class A {
@decorator
async /**
</tr></table>

... (truncated)

Commits

cca9461 Release 3.4.2
572bebe Fix comments on class methods with decorators (#16891)
359c4f0 chore(deps): update dependency @angular/compiler to v19.0.1 (#16903)
6470996 chore(deps): update dependency @glimmer/syntax to v0.93.1 (#16904)
e13614f Correct fit() for fill() (#16899)
10db357 Remove check on TSImportType.isTypeOf (#16892)
ac46a4f Treat U+30A0 & U+30FB in Katakana Block as CJK (#16796)
d52e905 Add test for #16207 (#16890)
a1e354d Clean changelog_unreleased
99875da Bump Prettier dependenc...
Description has been truncated

Bumps the minor group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@creit.tech/stellar-wallets-kit](https://github.com/Creit-Tech/Stellar-Wallets-Kit) | `1.2.5` | `1.4.1` | | [@stellar/stellar-sdk](https://github.com/stellar/js-stellar-sdk) | `13.0.0` | `13.1.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.59.0` | `5.64.2` | | [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.59.0` | `5.64.2` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.1.7` | `3.2.3` | | [@types/dompurify](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dompurify) | `3.0.5` | `3.2.0` | | [html-react-parser](https://github.com/remarkablemark/html-react-parser) | `5.1.18` | `5.2.2` | | [tslib](https://github.com/Microsoft/tslib) | `2.7.0` | `2.8.1` | | [zustand-querystring](https://github.com/nitedani/zustand-querystring) | `0.0.19` | `0.1.0` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.47.2` | `1.50.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.7.4` | `22.10.10` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `15.2.10` | `15.4.2` | | [prettier](https://github.com/prettier/prettier) | `3.3.3` | `3.4.2` | | [sass](https://github.com/sass/dart-sass) | `1.79.4` | `1.83.4` | | [typescript](https://github.com/microsoft/TypeScript) | `5.6.2` | `5.7.3` | Updates `@creit.tech/stellar-wallets-kit` from 1.2.5 to 1.4.1 - [Release notes](https://github.com/Creit-Tech/Stellar-Wallets-Kit/releases) - [Changelog](https://github.com/Creit-Tech/Stellar-Wallets-Kit/blob/main/CHANGELOG.md) - [Commits](Creit-Tech/Stellar-Wallets-Kit@v1.2.5...v1.4.1) Updates `@stellar/stellar-sdk` from 13.0.0 to 13.1.0 - [Release notes](https://github.com/stellar/js-stellar-sdk/releases) - [Changelog](https://github.com/stellar/js-stellar-sdk/blob/master/CHANGELOG.md) - [Commits](stellar/js-stellar-sdk@v13.0.0...v13.1.0) Updates `@tanstack/react-query` from 5.59.0 to 5.64.2 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.64.2/packages/react-query) Updates `@tanstack/react-query-devtools` from 5.59.0 to 5.64.2 - [Release notes](https://github.com/TanStack/query/releases) - [Commits](https://github.com/TanStack/query/commits/v5.64.2/packages/react-query-devtools) Updates `@trezor/connect-web` from 9.4.4 to 9.4.7 - [Release notes](https://github.com/trezor/trezor-suite/releases) - [Changelog](https://github.com/trezor/trezor-suite/blob/develop/CHANGELOG.md) - [Commits](https://github.com/trezor/trezor-suite/commits) Updates `dompurify` from 3.1.7 to 3.2.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.1.7...3.2.3) Updates `@types/dompurify` from 3.0.5 to 3.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dompurify) Updates `html-react-parser` from 5.1.18 to 5.2.2 - [Release notes](https://github.com/remarkablemark/html-react-parser/releases) - [Changelog](https://github.com/remarkablemark/html-react-parser/blob/master/CHANGELOG.md) - [Commits](remarkablemark/html-react-parser@v5.1.18...v5.2.2) Updates `tslib` from 2.7.0 to 2.8.1 - [Release notes](https://github.com/Microsoft/tslib/releases) - [Commits](microsoft/tslib@v2.7.0...v2.8.1) Updates `zustand-querystring` from 0.0.19 to 0.1.0 - [Release notes](https://github.com/nitedani/zustand-querystring/releases) - [Commits](nitedani/zustand-querystring@v0.0.19...v0.1.0) Updates `@playwright/test` from 1.47.2 to 1.50.0 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.47.2...v1.50.0) Updates `@types/dompurify` from 3.0.5 to 3.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dompurify) Updates `@types/node` from 22.7.4 to 22.10.10 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `lint-staged` from 15.2.10 to 15.4.2 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v15.2.10...v15.4.2) Updates `prettier` from 3.3.3 to 3.4.2 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.3.3...3.4.2) Updates `sass` from 1.79.4 to 1.83.4 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.79.4...1.83.4) Updates `typescript` from 5.6.2 to 5.7.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.6.2...v5.7.3) --- updated-dependencies: - dependency-name: "@creit.tech/stellar-wallets-kit" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@stellar/stellar-sdk" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@tanstack/react-query" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@tanstack/react-query-devtools" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@trezor/connect-web" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor - dependency-name: dompurify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@types/dompurify" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: html-react-parser dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: tslib dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: zustand-querystring dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@playwright/test" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@types/dompurify" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: lint-staged dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: sass dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2025-01-24T18:14:52Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected] 🔁 npm/@babel/[email protected]	None	`0`	246 kB	nicolo-ribaudo
npm/@creit.tech/[email protected] 🔁 npm/@creit.tech/[email protected]	None	`0`	513 kB	earrietadev
npm/@playwright/[email protected] 🔁 npm/@playwright/[email protected]	None	`0`	25.4 kB	dgozman-ms
npm/@solana-program/[email protected]	environment	`0`	1.12 MB	lorisleiva
npm/@solana/[email protected]	None	`0`	167 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	198 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	51.4 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	495 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	756 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	246 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	208 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	18.4 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	1.35 MB	lorisleiva
npm/@solana/[email protected]	None	`0`	43.1 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	33.1 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	85.8 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	118 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	147 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	18.5 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	59.6 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	256 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	21.9 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	111 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	72.1 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	146 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	82.5 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	197 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	263 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	227 kB	lorisleiva
npm/@solana/[email protected]	environment, network	`+1`	205 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	170 kB	lorisleiva
npm/@solana/[email protected]	environment	`0`	129 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	399 kB	lorisleiva
npm/@solana/[email protected]	environment	`0`	126 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	340 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	224 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	735 kB	lorisleiva
npm/@solana/[email protected]	None	`0`	152 kB	lorisleiva
npm/@solana/[email protected] 🔁 npm/@solana/[email protected]	None	`0`	1.67 MB	lorisleiva
npm/@stellar/[email protected] 🔁 npm/@stellar/[email protected]	None	`0`	14.9 MB	stellar-npm-ci
npm/@tanstack/[email protected] 🔁 npm/@tanstack/[email protected]	None	`0`	1.95 MB	nksaraf, tannerlinsley
npm/@tanstack/[email protected] 🔁 npm/@tanstack/[email protected]	None	`0`	2.47 MB	tannerlinsley
npm/@tanstack/[email protected] 🔁 npm/@tanstack/[email protected]	None	`0`	95.4 kB	tannerlinsley
npm/@tanstack/[email protected] 🔁 npm/@tanstack/[email protected]	None	`0`	717 kB	nksaraf, tannerlinsley
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`+1`	84.2 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	60 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	59.9 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	219 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	5.52 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	202 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`+1`	170 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	1.48 MB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	1.01 MB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	168 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	28.1 kB	trezor-ci
npm/@trezor/[email protected] 🔁 npm/@trezor/[email protected]	None	`0`	237 kB	trezor-ci
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	`0`	1.74 kB	types
npm/[email protected] 🔁 npm/[email protected]	None	`0`	2.13 MB	jasonsaayman
npm/[email protected] 🔁 npm/[email protected]	None	`0`	44.2 kB	sindresorhus
npm/[email protected] 🔁 npm/[email protected]	None	`0`	306 kB	cure53
npm/[email protected] 🔁 npm/[email protected]	None	`0`	167 kB	feedic
npm/[email protected]	None	`0`	540 kB	feedic
npm/[email protected] 🔁 npm/[email protected]	None	`0`	57.1 kB	divyamsingh234
npm/[email protected] 🔁 npm/[email protected]	None	`0`	132 kB	remarkablemark
npm/[email protected] 🔁 npm/[email protected]	None	`0`	468 kB	remarkablemark
npm/[email protected] 🔁 npm/[email protected]	None	`0`	489 kB	feedic
npm/[email protected] 🔁 npm/[email protected]	None	`0`	687 kB	leebyron
npm/[email protected] 🔁 npm/[email protected]	None	`0`	18 kB	antonk52
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment	`+1`	329 kB	okonet
npm/[email protected] 🔁 npm/[email protected]	None	`+2`	305 kB	cenk1cenk2
npm/[email protected] 🔁 npm/[email protected]	None	`0`	7.83 MB	dgozman, dgozman-ms, pavelfeldman, ...1 more
npm/[email protected] 🔁 npm/[email protected]	None	`+1`	3.33 MB	dgozman-ms
npm/[email protected] 🔁 npm/[email protected]	None	`0`	7.83 MB	prettier-bot
npm/[email protected] 🔁 npm/[email protected]	Transitive: environment	`+2`	5.95 MB	hcatlin, nex3, sassbot
npm/[email protected] 🔁 npm/[email protected], npm/[email protected]	None	`0`	90.4 kB	typescript-bot
npm/[email protected] 🔁 npm/[email protected]	None	`0`	22.7 MB	typescript-bot
npm/[email protected] 🔁 npm/[email protected]	None	`0`	83.3 kB	matteo.collina
npm/[email protected] 🔁 npm/[email protected]	None	`0`	132 kB	broofa
npm/[email protected] 🔁 npm/[email protected]	None	`0`	681 kB	eemeli
npm/[email protected] 🔁 npm/[email protected]	None	`0`	21.4 kB	nitedani

View full report↗︎

socket-security · 2025-01-24T18:14:54Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Deprecated	npm/@types/[email protected]	Reason: This is a stub types definition. dompurify provides its own type definitions, so you do not need this installed.	`package.json` `yarn.lock`	⚠︎

View full report↗︎

Next steps

What is a deprecated package?

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/@types/[email protected]

dependabot · 2025-02-02T02:43:01Z

Superseded by #1239.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 24, 2025

dependabot bot mentioned this pull request Jan 24, 2025

Bump the minor group across 1 directory with 16 updates #1229

Closed

dependabot bot closed this Feb 2, 2025

dependabot bot deleted the dependabot/npm_and_yarn/minor-d4b997a30f branch February 2, 2025 02:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the minor group across 1 directory with 16 updates #1230

Bump the minor group across 1 directory with 16 updates #1230

dependabot bot commented on behalf of github Jan 24, 2025 •

edited

Loading

socket-security bot commented Jan 24, 2025

socket-security bot commented Jan 24, 2025

dependabot bot commented on behalf of github Feb 2, 2025

Bump the minor group across 1 directory with 16 updates #1230

Bump the minor group across 1 directory with 16 updates #1230

Conversation

dependabot bot commented on behalf of github Jan 24, 2025 • edited Loading

v1.4.1

1.4.1 (2025-01-09)

Fix

v1.4.0

1.4.0 (2024-12-20)

Add

v1.3.0

1.3.0 (2024-12-05)

Add

1.4.1 (2025-01-09)

Fix

1.4.0 (2024-12-20)

Add

1.3.0 (2024-12-05)

Add

v13.1.0

v13.1.0

Added

Fixed

Contributors

v13.1.0

Added

Fixed

v5.64.2

Changes

Fix

Chore

Packages

v5.64.1

Changes

Fix

Packages

v5.64.2

Changes

Fix

Chore

Packages

v5.64.1

Changes

Fix

Packages

DOMPurify 3.2.3

DOMPurify 3.2.2

DOMPurify 3.2.1

DOMPurify 3.2.0

v5.2.2

5.2.2 (2024-12-25)

Build System

v5.2.1

5.2.1 (2024-12-16)

Bug Fixes

v5.2.0

5.2.0 (2024-12-06)

Features

v5.1.19

5.1.19 (2024-12-04)

Bug Fixes

5.2.2 (2024-12-25)

Build System

5.2.1 (2024-12-16)

Bug Fixes

5.2.0 (2024-12-06)

Features

5.1.19 (2024-12-04)

Bug Fixes

v2.8.1

What's Changed

v2.8.0

What's Changed

0.1.0, new URL encoding

v1.50.0

Test runner

UI updates

Breaking

v15.4.2

Patch Changes

dependabot bot commented on behalf of github Jan 24, 2025 •

edited

Loading

Treat U+30A0 & U+30FB in Katakana Block as CJK (#16796 by `@tats-u`)

Fix comments print on class methods with decorators (#16891 by `@fisker`)