From 65086005cb9aeb289007b35f92f1743f26daef5c Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 10 Apr 2026 10:25:08 -0300
Subject: [PATCH 1/2] chore: fix 15 dependabot alerts with version overrides

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 examples/expo-multichain/package-lock.json | 20 +++++----
 examples/expo-multichain/package.json      |  8 ++--
 package.json                               |  9 +++--
 yarn.lock                                  | 47 +++++++++-------------
 4 files changed, 43 insertions(+), 41 deletions(-)

diff --git a/examples/expo-multichain/package-lock.json b/examples/expo-multichain/package-lock.json
index 85f0d811..0a7946ab 100644
--- a/examples/expo-multichain/package-lock.json
+++ b/examples/expo-multichain/package-lock.json
@@ -7763,7 +7763,9 @@
       }
     },
     "node_modules/@xmldom/xmldom": {
-      "version": "0.8.11",
+      "version": "0.8.12",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.12.tgz",
+      "integrity": "sha512-9k/gHF6n/pAi/9tqr3m3aqkuiNosYTurLLUtc7xQ9sxB/wm7WPygCv8GYa6mS0fLJEHhqMC1ATYhz++U/lRHqg==",
       "license": "MIT",
       "engines": {
         "node": ">=10.0.0"
@@ -9396,7 +9398,9 @@
       }
     },
     "node_modules/defu": {
-      "version": "6.1.4",
+      "version": "6.1.5",
+      "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.5.tgz",
+      "integrity": "sha512-pwdBJxJuJXmqrLO6s0VBmfbRz+G7FUzkjldAsdi9Yrv86mPyzq0ll1o8+8gB4Gsr6GJHbK1Lh3ngllgTInDCjA==",
       "license": "MIT"
     },
     "node_modules/delay": {
@@ -11885,9 +11889,9 @@
       }
     },
     "node_modules/hono": {
-      "version": "4.12.7",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.7.tgz",
-      "integrity": "sha512-jq9l1DM0zVIvsm3lv9Nw9nlJnMNPOcAtsbsgiUhWcFzPE99Gvo6yRTlszSLLYacMeQ6quHD6hMfId8crVHvexw==",
+      "version": "4.12.12",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.12.tgz",
+      "integrity": "sha512-p1JfQMKaceuCbpJKAPKVqyqviZdS0eUxH9v82oWo1kb9xjQ5wA6iP3FNVAPDFlz5/p7d45lO+BpSk1tuSZMF4Q==",
       "license": "MIT",
       "engines": {
         "node": ">=16.9.0"
@@ -13217,9 +13221,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
       "license": "MIT"
     },
     "node_modules/lodash.debounce": {
diff --git a/examples/expo-multichain/package.json b/examples/expo-multichain/package.json
index c13dac40..d898f1af 100644
--- a/examples/expo-multichain/package.json
+++ b/examples/expo-multichain/package.json
@@ -77,7 +77,7 @@
   },
   "overrides": {
     "react": "19.1.0",
-    "hono": "4.12.7",
+    "hono": "4.12.12",
     "h3": "1.15.9",
     "tar": "7.5.11",
     "node-forge": "1.4.0",
@@ -85,7 +85,7 @@
     "preact": "10.28.2",
     "js-yaml": "3.14.2",
     "valibot": "1.2.0",
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "bn.js": "5.2.3",
     "minimatch": "10.2.3",
     "picomatch@^2": "2.3.2",
@@ -93,7 +93,9 @@
     "flatted": "3.4.2",
     "socket.io-parser": "4.2.6",
     "yaml": "2.8.3",
-    "brace-expansion": "5.0.5"
+    "brace-expansion": "5.0.5",
+    "@xmldom/xmldom": "0.8.12",
+    "defu": "6.1.5"
   },
   "private": true
 }
diff --git a/package.json b/package.json
index aaf58385..cc3d5c8d 100644
--- a/package.json
+++ b/package.json
@@ -107,12 +107,15 @@
     "js-yaml": "3.14.2",
     "valibot": "1.2.0",
     "schema-utils/ajv": "8.18.0",
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "webpack": "5.104.1",
     "flatted": "3.4.2",
     "socket.io-parser": "4.2.6",
-    "minimatch": "3.1.3",
+    "minimatch": "3.1.4",
     "yaml": "1.10.3",
-    "storybook": "8.6.17"
+    "storybook": "8.6.17",
+    "@xmldom/xmldom": "0.8.12",
+    "defu": "6.1.5",
+    "brace-expansion": "1.1.13"
   }
 }
diff --git a/yarn.lock b/yarn.lock
index b0b811cf..f4fa76f6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6770,17 +6770,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@xmldom/xmldom@npm:^0.8.8":
-  version: 0.8.10
-  resolution: "@xmldom/xmldom@npm:0.8.10"
-  checksum: 4c136aec31fb3b49aaa53b6fcbfe524d02a1dc0d8e17ee35bd3bf35e9ce1344560481cd1efd086ad1a4821541482528672306d5e37cdbd187f33d7fadd3e2cf0
-  languageName: node
-  linkType: hard
-
-"@xmldom/xmldom@npm:~0.7.7":
-  version: 0.7.13
-  resolution: "@xmldom/xmldom@npm:0.7.13"
-  checksum: b4054078530e5fa8ede9677425deff0fce6d965f4c477ca73f8490d8a089e60b8498a15560425a1335f5ff99ecb851ed2c734b0a9a879299a5694302f212f37a
+"@xmldom/xmldom@npm:0.8.12":
+  version: 0.8.12
+  resolution: "@xmldom/xmldom@npm:0.8.12"
+  checksum: 609bbcd6f31fa24023f5cc836e804d49c60e3df83ca73f744da9caff7fed516221dcf2f23de44e5289d715951781ec35fa90adf57008c3eae944a7550c39e325
   languageName: node
   linkType: hard
 
@@ -7825,13 +7818,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"brace-expansion@npm:^1.1.7":
-  version: 1.1.12
-  resolution: "brace-expansion@npm:1.1.12"
+"brace-expansion@npm:1.1.13":
+  version: 1.1.13
+  resolution: "brace-expansion@npm:1.1.13"
   dependencies:
     balanced-match: ^1.0.0
     concat-map: 0.0.1
-  checksum: 12cb6d6310629e3048cadb003e1aca4d8c9bb5c67c3c321bafdd7e7a50155de081f78ea3e0ed92ecc75a9015e784f301efc8132383132f4f7904ad1ac529c562
+  checksum: b5f4329fdbe9d2e25fa250c8f866ebd054ba946179426e99b86dcccddabdb1d481f0e40ee5430032e62a7d0a6c2837605ace6783d015aa1d65d85ca72154d936
   languageName: node
   linkType: hard
 
@@ -9101,10 +9094,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"defu@npm:^6.1.4":
-  version: 6.1.4
-  resolution: "defu@npm:6.1.4"
-  checksum: 40e3af6338f195ac1564f53d1887fa2d0429ac7e8c081204bc4d29191180059d3952b5f4e08fe5df8d59eb873aa26e9c88b56d4fac699673d4a372c93620b229
+"defu@npm:6.1.5":
+  version: 6.1.5
+  resolution: "defu@npm:6.1.5"
+  checksum: 40117c02cc5cdf034978fd08fdd335fde56db10a7807d1db2c8831d0fc14981712dbf3ba1b9419f35d2b0caac5fe5b1bcdc23ad71b5a151ad84007a0bb1dfb00
   languageName: node
   linkType: hard
 
@@ -13588,10 +13581,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lodash@npm:4.17.23":
-  version: 4.17.23
-  resolution: "lodash@npm:4.17.23"
-  checksum: 7daad39758a72872e94651630fbb54ba76868f904211089721a64516ce865506a759d9ad3d8ff22a2a49a50a09db5d27c36f22762d21766e47e3ba918d6d7bab
+"lodash@npm:4.18.1":
+  version: 4.18.1
+  resolution: "lodash@npm:4.18.1"
+  checksum: bb5f5b49aad29614e709af02b64c56b0f8b78c6a81434a3c1ae527d2f0f78ca08f9d9fb22aa825a053876c9d2166e9c01f31c356014b5e2bdc0556c057433102
   languageName: node
   linkType: hard
 
@@ -14401,12 +14394,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:3.1.3":
-  version: 3.1.3
-  resolution: "minimatch@npm:3.1.3"
+"minimatch@npm:3.1.4":
+  version: 3.1.4
+  resolution: "minimatch@npm:3.1.4"
   dependencies:
     brace-expansion: ^1.1.7
-  checksum: bd71cf6615b87fed4795d3650c6dcd22ababe29ac1e28065dca500b365ca9568fde6637782f8e80707640eee4a96c537eece99d491e2e8d10e72e376c37e77bb
+  checksum: 8bc9993c9bff57c5be8a9cb380af295a50a483ec378f481f2953dd389a8d6250f23bd09f2b06456add14935db9703222a95bad2224a60e97a2a61d47e9a2bbf9
   languageName: node
   linkType: hard
 

From 9a5422d827ec082d42c3a758f302ef56c245aebc Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 10 Apr 2026 10:50:24 -0300
Subject: [PATCH 2/2] chore: scope minimatch resolution to ^3 range only

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 package.json |  2 +-
 yarn.lock    | 26 ++++++++++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index cc3d5c8d..16aa3dd3 100644
--- a/package.json
+++ b/package.json
@@ -111,7 +111,7 @@
     "webpack": "5.104.1",
     "flatted": "3.4.2",
     "socket.io-parser": "4.2.6",
-    "minimatch": "3.1.4",
+    "minimatch@^3": "3.1.4",
     "yaml": "1.10.3",
     "storybook": "8.6.17",
     "@xmldom/xmldom": "0.8.12",
diff --git a/yarn.lock b/yarn.lock
index f4fa76f6..a10d2088 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -14394,12 +14394,30 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:3.1.4":
-  version: 3.1.4
-  resolution: "minimatch@npm:3.1.4"
+"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4, minimatch@npm:^3.0.5, minimatch@npm:^3.1.1, minimatch@npm:^3.1.2":
+  version: 3.1.5
+  resolution: "minimatch@npm:3.1.5"
   dependencies:
     brace-expansion: ^1.1.7
-  checksum: 8bc9993c9bff57c5be8a9cb380af295a50a483ec378f481f2953dd389a8d6250f23bd09f2b06456add14935db9703222a95bad2224a60e97a2a61d47e9a2bbf9
+  checksum: 47ef6f412c08be045a7291d11b1c40777925accf7252dc6d3caa39b1bfbb3a7ea390ba7aba464d762d783265c644143d2c8a204e6b5763145024d52ee65a1941
+  languageName: node
+  linkType: hard
+
+"minimatch@npm:^5.0.1":
+  version: 5.1.9
+  resolution: "minimatch@npm:5.1.9"
+  dependencies:
+    brace-expansion: ^2.0.1
+  checksum: 418438bd7701ba811f1108f28fcd3a638a6065c7b1245b85e25bcdb674410b4bebd8763c90c91bc8d22d93260c02cc129b354267a463c3399be5732d6e11e120
+  languageName: node
+  linkType: hard
+
+"minimatch@npm:^9.0.4":
+  version: 9.0.9
+  resolution: "minimatch@npm:9.0.9"
+  dependencies:
+    brace-expansion: ^2.0.2
+  checksum: 5292681ba1e14544ca9214ba5e412bb346214fb783354b22752f2d1e5c176e4a2c0bfcafeb1046389b816009ab73ba5410b176ce605632e8aa695db25f87f6b9
   languageName: node
   linkType: hard