chore: update reported packages#17
Conversation
Updated dependencies and lockfile, keeping Vite on 8.1.4 and setting node >=24.0.0 in package.json:61. Added overrides for vulnerable transitive packages, including CosmJS, ws, axios, hono, vite, etc. Also adjusted the EIP-712 test mocks in src/evm/eip712.test.ts:78 so they work with Vitest 4 constructor mocking. Verification: - socket npm i: passed, “found no new risks” - npm audit --json: 0 vulnerabilities
📝 WalkthroughWalkthroughChangesToolchain and EVM test updates
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR refreshes the project’s dependency set (and lockfile) to newer versions, adds npm overrides to pin vulnerable transitive packages, and updates EIP-712 unit test mocks to remain compatible with Vitest 4’s constructor-mocking behavior.
Changes:
- Bumped runtime and dev dependencies (notably
@injectivelabs/*,@modelcontextprotocol/sdk,typescript,vitest). - Added
overridesto pin specific transitive package versions (e.g., CosmJS, axios, ws, hono, vite). - Updated
src/evm/eip712.test.tsmocks to use function constructors (instead of arrow/mockImplementation) for classes instantiated vianew.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/evm/eip712.test.ts | Adjusts mocked constructors (Wallet, ChainRest*Api) to work with Vitest 4 when code calls them with new. |
| package.json | Updates dependency versions, adds overrides, and bumps Node engine requirement to >=24.0.0. |
| package-lock.json | Reflects the updated dependency graph and the new pinned transitive versions from overrides. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Updated dependencies and lockfile, keeping Vite on 8.1.4 and setting
node >=24.0.0. Added overrides for vulnerable transitive packages, including CosmJS, ws, axios, hono, vite, etc. Also adjusted the EIP-712 test mocks in so they work with Vitest 4 constructor mocking.Verification:
socket npm i: passed, “found no new risks”npm audit --json: 0 vulnerabilities