Skip to content

fix(deps): update dependency viem to v2#33

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/viem-2.x
Open

fix(deps): update dependency viem to v2#33
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/viem-2.x

Conversation

@renovate

@renovate renovate Bot commented Dec 16, 2024

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
viem (source) ^1.19.9^2.0.0 age confidence

Release Notes

wevm/viem (viem)

v2.55.0

Compare Source

Minor Changes
Patch Changes

v2.54.6

Compare Source

Patch Changes
  • #​4807 f1ac4480d0c1c6f29bf709f116068e903643ecad Thanks @​jxom! - viem/tempo: Supported calling token .call builders without a Client (restores the pre-2.54 call signature). When the Client is omitted, token must be a TIP20 token id or contract address, and formatted amounts require explicit decimals.

v2.54.5

Compare Source

Patch Changes

v2.54.4

Compare Source

Patch Changes

v2.54.3

Compare Source

Patch Changes

v2.54.2

Compare Source

Patch Changes

v2.54.1

Compare Source

Patch Changes

v2.54.0

Compare Source

Minor Changes
  • #​4767 0def05663277a93e645bc28740a78bfc916810ec Thanks @​jxom! - Breaking (viem/tempo): Changed Tempo token balance and allowance reads to return Amount objects.

    -const balance = await client.token.getBalance({ token })
    -// ^? bigint
    +const balance = await client.token.getBalance({ token })
    +// ^? { amount: bigint; decimals: number; formatted: string }
    
    -const allowance = await client.token.getAllowance({ account, spender, token })
    -// ^? bigint
    +const allowance = await client.token.getAllowance({ account, spender, token })
    +// ^? { amount: bigint; decimals: number; formatted: string }
  • #​4767 0def05663277a93e645bc28740a78bfc916810ec Thanks @​jxom! - Breaking (viem/tempo): Changed Tempo token .call helpers to take the client before their action arguments.

    -Actions.token.transfer.call({ token, to, amount })
    +Actions.token.transfer.call(client, { token, to, amount })
    
    -Actions.token.getBalance.call({ account, token })
    +Actions.token.getBalance.call(client, { account, token })
  • #​4767 0def05663277a93e645bc28740a78bfc916810ec Thanks @​jxom! - Breaking: Changed ERC-20 token actions to resolve token symbols from the Client tokens array instead of built-in chain tokens config.

     import { createPublicClient, http } from 'viem'
     import { mainnet } from 'viem/chains'
    +import { usdc } from 'viem/tokens'
    
    -const client = createPublicClient({ chain: mainnet, transport: http() })
    +const client = createPublicClient({
    +  chain: mainnet,
    +  tokens: [usdc],
    +  transport: http(),
    +})
    
     const balance = await client.token.getBalance({ account, token: 'usdc' })
  • #​4767 0def05663277a93e645bc28740a78bfc916810ec Thanks @​jxom! - Added viem/tokens entrypoint.

Patch Changes

v2.53.1

Compare Source

Patch Changes

v2.52.2

Compare Source

Patch Changes

v2.52.0

Compare Source

Minor Changes

v2.51.3

Compare Source

Patch Changes

v2.51.2

Compare Source

Patch Changes

v2.51.0

Compare Source

Minor Changes
Patch Changes

v2.50.4

Compare Source

Patch Changes

v2.50.3

Compare Source

Patch Changes

v2.49.3

Compare Source

Patch Changes

v2.49.2

Compare Source

Patch Changes

v2.49.0

Compare Source

Minor Changes
Patch Changes
  • #​4608 0e282d69d534e7fc277300260e31c07c4d8cb325 Thanks @​jxom! - viem/tempo: Updated Actions.wallet.send parameters to match the latest wallet RPC schema: renamed value to amount, added an optional memo field (UTF-8, max 32 bytes; rejected for non-TIP-20 tokens), and widened token to also accept curated tokenlist symbols.

    await Actions.wallet.send(client, {
    +  amount: '1.5',
    +  memo: 'thanks',
       to: '0x...',
    -  token: '0x...',
    +  token: 'pathUsd',
    -  value: '1.5',
    })

v2.48.11

Compare Source

Patch Changes

v2.48.8

Compare Source

Patch Changes

v2.48.7

Compare Source

Patch Changes

v2.48.6

Compare Source

Patch Changes

v2.48.4

Compare Source

Patch Changes
  • #​4532 cb3206e1039b21e45e4ed17898aa1ff561cdecb4 Thanks @​jxom! - viem/tempo: Added virtual address actions for the TIP-1022 Address Registry precompile: virtualAddress.getMasterAddress, virtualAddress.resolve, virtualAddress.registerMaster, virtualAddress.registerMasterSync. Re-exported VirtualAddress and VirtualMaster from ox/tempo.

v2.48.3

Compare Source

Patch Changes

v2.48.2

Compare Source

Patch Changes

v2.48.1

Compare Source

Patch Changes

v2.48.0

Compare Source

Minor Changes

v2.47.19

Compare Source

Patch Changes

v2.47.18

Compare Source

Patch Changes

v2.47.17

Compare Source

Patch Changes

v2.47.16

Compare Source

Patch Changes

v2.47.15

Compare Source

Patch Changes

v2.47.14

Compare Source

Patch Changes

v2.47.12

Compare Source

Patch Changes

v2.47.11

Compare Source

Patch Changes

v2.47.10

Compare Source

Patch Changes

v2.47.6

Compare Source

Patch Changes

v2.47.5

Compare Source

Patch Changes

v2.47.4

Compare Source

Patch Changes

v2.47.2

Compare Source

Patch Changes

v2.47.1

Compare Source

Patch Changes

v2.47.0

Compare Source

Minor Changes
  • 1adb83804d5f6c3f36d5f293de88532330d52dc7 Thanks @​jxom! - Breaking (viem/tempo): chainId is now required when signing access key authorizations with signKeyAuthorization. It is recommended to use client.accessKey.signAuthorization instead for inferred chain ID.

    import { client } from './viem.config'
    import { Account } from 'viem/tempo'
    
    const account = Account.from({ privateKey: '0x...' })
    const accessKey = Account.fromP256(generatePrivateKey(), {
      access: account,
    })
    
    - const keyAuthorization = await account.signKeyAuthorization(accessKey)
    + const keyAuthorization = await client.accessKey.signAuthorization({
    +   account,
    +   accessKey,
    + })
Patch Changes

v2.46.3

Compare Source

Patch Changes

v2.46.2

Compare Source

Patch Changes

v2.46.1

Compare Source

Patch Changes

v2.46.0

Compare Source

Minor Changes
  • #​4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

    TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

    await sendTransaction(client, {
      account,
    - nonceKey: 'random',
    + nonceKey: 'expiring',
      to: '0x...',
    })

[v2.45.3](https://redirect.github.com

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security

socket-security Bot commented Dec 16, 2024

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedisows@​1.0.3 ⏵ 1.0.71001007582100
Updatedabitype@​0.9.8 ⏵ 1.1.0100 +1100100 +288100
Added@​noble/​ciphers@​1.3.010010010091100
Addedox@​0.9.31001009997100
Updatedviem@​1.21.4 ⏵ 2.37.5100 +610010097 +1100

View full report

@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from cf7e599 to cd495a4 Compare July 28, 2025 15:05
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 502f706 to af382dc Compare August 10, 2025 09:50
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from af382dc to 8402be8 Compare August 19, 2025 11:34
@socket-security

socket-security Bot commented Aug 19, 2025

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Low
viem@2.37.5 is a AI-detected potential code anomaly.

Notes: The code appears to be a legitimate, feature-rich Ethereum call utility with support for deployless calls and multicall scheduling. No hardcoded credentials or malicious backdoors are evident. The dynamic require in the error path (ccip.js) is a legitimate pattern for CCIP workflows but represents a dynamic dependency surface that should be monitored. Overall, the module shows standard security-risk characteristics for a blockchain-facing library, with a moderate risk due to complexity and dynamic module loading, but no direct malware indicators.

Confidence: 1.00

Severity: 0.60

From: package.jsonnpm/viem@2.37.5

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@2.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
viem@2.37.5 is a AI-detected potential code anomaly.

Notes: The code implements a cross-chain deposit flow with proper validations, artifact reads, and on-chain interactions. There is no evidence of hidden backdoors, data exfiltration, or malware. The main security considerations relate to token approval logic and correct configuration of flags to avoid granting excessive allowances. Overall, the module appears legitimate for a bridge deposit flow, with moderate risk primarily around configuration of approvals and correct handling of gas/fees.

Confidence: 1.00

Severity: 0.60

From: package.jsonnpm/viem@2.37.5

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@2.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/viem-2.x branch from 8402be8 to 0005bfa Compare August 28, 2025 00:09
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from fbe5514 to 65956d6 Compare September 10, 2025 11:10
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from fa1f9a5 to d9ff5d1 Compare September 23, 2025 11:40
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from 02700f8 to 26c6d81 Compare October 6, 2025 06:52
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from bb41331 to 6ebad9f Compare October 15, 2025 23:10
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from 6ebad9f to 1b43908 Compare October 17, 2025 07:00
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 15c43c3 to e63dcca Compare October 31, 2025 14:02
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from e63dcca to d85ccc0 Compare November 4, 2025 18:40
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from a76ce78 to b848e09 Compare November 21, 2025 02:37
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from d478898 to 189a133 Compare December 3, 2025 15:06
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from 189a133 to bef0617 Compare December 5, 2025 22:33
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 1ec0f6a to 8a34d82 Compare December 20, 2025 02:58
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from f84c6c5 to 0dc661e Compare February 18, 2026 07:07
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 6476f4b to 9231992 Compare March 5, 2026 16:53
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 6f3f935 to 1c94452 Compare March 15, 2026 02:16
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from be58d2f to 53ec085 Compare March 24, 2026 10:59
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from ce22f45 to e96aabc Compare April 13, 2026 03:04
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 1f1f763 to 281fe15 Compare April 18, 2026 06:56
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from 281fe15 to 3b0b38b Compare April 24, 2026 03:02
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 2059078 to cd0f7e5 Compare May 10, 2026 22:14
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 3 times, most recently from c6f787c to 5556d16 Compare May 22, 2026 02:50
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 2 times, most recently from 6820ea2 to 89e7027 Compare June 2, 2026 00:10
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from 89e7027 to fa99a33 Compare June 7, 2026 18:46
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from fa99a33 to 0c50a10 Compare June 23, 2026 08:37
@renovate renovate Bot force-pushed the renovate/viem-2.x branch 4 times, most recently from d25b264 to f05224e Compare July 9, 2026 03:38
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/viem-2.x branch from f05224e to e2778d6 Compare July 12, 2026 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants