Skip to content

Bump the all-dependencies group across 1 directory with 30 updates#2132

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dependencies-26a73f9044
Open

Bump the all-dependencies group across 1 directory with 30 updates#2132
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dependencies-26a73f9044

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-dependencies group with 30 updates in the / directory:

Package From To
@amplitude/analytics-browser 2.23.7 2.44.4
@creit.tech/stellar-wallets-kit 2.2.0 2.5.0
@ledgerhq/hw-app-str 7.2.9 7.7.5
@ledgerhq/hw-transport-webhid 6.30.9 6.36.0
@next/third-parties 15.5.7 16.2.9
@sentry/nextjs 10.29.0 10.63.0
@tanstack/react-query 5.87.4 5.101.2
@tanstack/react-query-devtools 5.87.4 5.101.2
@trezor/connect-web 9.6.4 9.7.3
bignumber.js 9.3.1 11.1.4
dompurify 3.2.6 3.4.11
html-react-parser 5.2.6 6.1.3
immer 10.1.3 11.1.9
lodash 4.17.21 4.18.1
@types/lodash 4.17.20 4.17.24
lossless-json 4.2.0 4.3.0
next 15.5.15 16.2.9
uuid 11.1.0 14.0.1
zustand-querystring 0.0.19 0.7.0
@next/eslint-plugin-next 15.5.3 16.2.9
@playwright/test 1.57.0 1.61.1
@types/node 24.3.1 26.1.0
eslint 9.35.0 10.6.0
eslint-config-next 15.4.4 16.2.9
eslint-plugin-react-hooks 5.2.0 7.1.1
jest 30.2.0 30.4.2
lint-staged 16.1.6 17.0.8
prettier 3.6.2 3.9.4
sass 1.92.1 1.101.0
typescript 5.9.2 6.0.3

Updates @amplitude/analytics-browser from 2.23.7 to 2.44.4

Release notes

Sourced from @​amplitude/analytics-browser's releases.

@​amplitude/analytics-browser@​2.44.4

2.44.4 (2026-06-30)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.44.3

2.44.3 (2026-06-25)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.44.2

2.44.2 (2026-06-24)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.44.2-element-path-v1.0

2.44.2-element-path-v1.0 (2026-06-23)

Note: Version bump only for package @​amplitude/analytics-browser

Commits
  • b20abd0 chore(release): publish
  • 5c4d1d7 feat(session-replay-browser): custom transport hooks for authenticated proxie...
  • dbc4422 refactor(analytics-core): implement a Heartbeat class (#1837)
  • 9c90104 chore(release): publish
  • 93df7dc feat(analytics-react-native): Android native connectivity module + Robolectri...
  • 2055e0c test(analytics-react-native): native iOS XCTest coverage for connectivity mod...
  • e5638eb feat(analytics-react-native): iOS native connectivity module (SDKRN-5) [2/5] ...
  • 4235485 test(sr-react-native): add New Architecture verification example app (#1855)
  • 670111d feat(analytics-react-native): offline connectivity plugin + JS wiring (SDKRN-...
  • e49e8b6 feat(session-replay-react-native): add New Architecture support (#1854)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​amplitude/analytics-browser since your current version.


Updates @creit.tech/stellar-wallets-kit from 2.2.0 to 2.5.0

Release notes

Sourced from @​creit.tech/stellar-wallets-kit's releases.

v2.5.0

2.5.0 (2026-06-24)

Add

  • Add new D'CENT wallet module (PR #89)

Change

  • Update the wallet connect dependencies (Upgrade reown/appkit to 1.8.21)
  • Disable tests when building the NPM module, tests run with Deno. We will move the tests to the @​std library from Deno so they can run on all platforms

v2.4.0

2.4.0 (2026-06-24)

Change

  • Remove the library @​stellar/stellar-base and install @​stellar/stellar-sdk (the base version has been deprecated by Stellar)

v2.3.0

2.3.0 (2026-06-05)

Add

Fix

  • It upgrades the Trezor libraries to the latest ALPHA releases. This is because when a website is using modern bundling (ESM only), the process breaks since the @trezor/connect-plugin-stellar package is looking for ESM code that isn't available in old @trezor/connect-web versions.
Changelog

Sourced from @​creit.tech/stellar-wallets-kit's changelog.

2.5.0 (2026-06-24)

Add

  • Add new D'CENT wallet module (PR #89)

Change

  • Update the wallet connect dependencies (Upgrade reown/appkit to 1.8.21)
  • Disable tests when building the NPM module, tests run with Deno. We will move the tests to the @​std library from Deno so they can run on all platforms

2.4.0 (2026-06-24)

Change

  • Remove the library @​stellar/stellar-base and install @​stellar/stellar-sdk (the base version has been deprecated by Stellar)

2.3.0 (2026-06-05)

Add

Fix

  • It upgrades the Trezor libraries to the latest ALPHA releases. This is because when a website is using modern bundling (ESM only), the process breaks since the @trezor/connect-plugin-stellar package is looking for ESM code that isn't available in old @trezor/connect-web versions.
Commits
  • 282fe7d Upgrade to 2.5.0
  • 456a0cf Upgrade wallet connect dependencies
  • b41c236 Merge branch 'main' of github.com:Creit-Tech/Stellar-Wallets-Kit
  • 465f5fc Merge pull request #98 from IotrustGitHub/dcent-wallet-module
  • 53144f8 Chore: Translate D'CENT module test descriptions to English
  • f53c801 Fix: Wait for injection sentinel in D'CENT isAvailable to avoid cold-load race
  • 5760127 Feat: Add D'CENT wallet module
  • 92eb600 Upgrade to 2.4.0
  • bd1c771 Upgrade to 2.3.0
  • d0af8c1 Update WalletConnect module and Trezor libraries
  • Additional commits viewable in compare view

Updates @ledgerhq/hw-app-str from 7.2.9 to 7.7.5

Commits

Updates @ledgerhq/hw-transport-webhid from 6.30.9 to 6.36.0

Commits
  • 782f01b Merge release into main
  • e60462f chore(release): 🚀 prepare release [skip ci]
  • bbdd288 Merge pull request #19127 from LedgerHQ/lwd_410_release_notes
  • 5c97666 LWD 4.10 release notes
  • bace3e1 Merge pull request #19109 from LedgerHQ/support/qaa_release_fix_settings
  • 9b71dcf Merge pull request #19106 from LedgerHQ/support/qaa_fix_my_wallet_setting
  • 4e38e75 chore(prerelease): 🚀 release prerelease [LLD(4.10.0-next.6), LLM(4.10....
  • eec1dad Merge pull request #19098 from LedgerHQ/support/cherry-pick-ff-env-resolve-at...
  • 6a0d89f Merge pull request #19097 from LedgerHQ/support/release_fix_q1_w40
  • 98eb6d6 Merge pull request #19073 from LedgerHQ/fix/ff-env-flags-base-resolved
  • Additional commits viewable in compare view

Updates @next/third-parties from 15.5.7 to 16.2.9

Release notes

Sourced from @​next/third-parties's releases.

v16.2.9

Empty release to ensure next@latest points at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.

v16.2.8

Release with no changes in an attempt to fix next@latest pointing at a prerelease version.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Backport documentation fixes for v16.2 (#93804)
  • [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
  • [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
  • [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
  • [backport] Encode non-ASCII characters in cache tags at construction (#93918)
  • [backport] Fix server action forwarding loop with middleware rewrites (#93919)
  • [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
  • [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
  • [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
  • [backport] Propagate adapter preferred regions (#94200)
  • [16.2.x] Don't drop FormData entries (#94240)
  • [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

Moderate:

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​next/third-parties since your current version.


Updates @sentry/nextjs from 10.29.0 to 10.63.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

Bundle size 📦

Path Size
@​sentry/browser 26.97 KB
@​sentry/browser - with treeshaking flags 25.44 KB

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.63.0

  • feat(browser): Add url.full attribute to resource spans (#21846)
  • feat(core): Add extendIntegration method (#21759)
  • feat(core): Add isTracingSuppressed to the async context strategy (#21785)
  • feat(core): Pass normalizedRequest to the sampling context for root spans (#21833)
  • feat(node): Add lru-memoizer diagnostics-channel integration to experimentalUseDiagnosticsChannelInjection (#21786)
  • feat(node): Expose channel-based, streamlined fastifyIntegration (#21706)
  • fix(browser): Defer sending session envelope until browser is idle (#21844)
  • fix(core): Improve waiting for tracing channel bindings (#21815)
  • fix(core): Serialize streamed span status message to sentry.status.message attribute (#21811)
  • fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#21141)
  • fix(opentelemetry): Strip leading ? and # from inferred http.query and http.fragment (#21848)
  • fix(tanstackstart-react): Drop server transactions for tunnel route requests (#21769)
  • chore: Add external contributor to CHANGELOG.md (#21832)
  • chore: Hoist transitive imports for bundles (#21858)
  • chore: Mark http.query/http.fragment stripping for v11 url.query migration (#21852)
  • docs: Use Cloudflare nodejs_compat flag (#21659)
  • feat(server-utils): Add lru-memoizer diagnostics-channel integration (#21786)
  • feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#21706)
  • feat(server-utils): Restore caller context for callback tracing channels (#21863)
  • ref(core): Move spanStreamingIntegration setup into ServerRuntimeClient (#21814)
  • ref(node): Infer orchestrion integration names (#21834)
  • ref(node): Move node-fetch instrumentation away from InstrumentBase (#21778)
  • ref(node): Streamline Prisma instrumentation (v6 and v7) (#21819)
  • ref(node): Streamline vendored mysql instrumentation (#21568)
  • ref(server-utils): Ensure ts3.8 has diagnostics channel shim (#21845)
  • ref(server-utils): Move mysql orchestrion integration onto bindTracingChannelToSpan (#21865)
  • ref(server-utils): Set error attributes on span and simplify error info extraction (#21822)
  • test: Introduce .unordered in node-integration-tests (#21697)
  • test(cloudflare): Align CF types and compat flags (#21835)
  • test(e2e/hono): Isolate request-data extraction tests onto a dedicated route (#21869)
  • test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21868)
  • test(node-integration-tests): Fix flaky postgresjs basic transaction/error ordering (#21870)
  • test(node-integration-tests): Retry transient docker compose up failures (#21860)
  • test(nuxt): Test mysql instrumentation with orchestrion bundler plugin (#21782)

Work in this release was contributed by @​suzunn. Thank you for your contribution!

10.62.0

Important Changes

  • feat(server-runtimes): Add v7 support for vercelAiIntegration (#21613)

... (truncated)

Commits
  • 2362e9f release: 10.63.0
  • 5b51d5e Merge pull request #21874 from getsentry/prepare-release/10.63.0
  • 4e16503 meta(changelog): Update changelog for 10.63.0
  • 690f778 test(node-integration): Harden knex mysql2 healthcheck to fix flaky test (#21...
  • 429cdaf test(node-integration-tests): Fix flaky postgresjs basic transaction/error or...
  • 35998e6 test(e2e/hono): Isolate request-data extraction tests onto a dedicated route ...
  • 88e7ad5 feat(server-utils): Expose channel-based, streamlined fastifyIntegration (#...
  • e316151 ref(server-utils): Move mysql orchestrion integration onto bindTracingChannel...
  • e7c24a5 feat(server-utils): Restore caller context for callback tracing channels (#21...
  • bf21b16 fix(nextjs): Don't inject trace meta tags when Cache Components is enabled (#...
  • Additional commits viewable in compare view

Updates @tanstack/react-query from 5.87.4 to 5.101.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-persist-client@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.2
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0

5.100.14

Patch Changes

  • fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

  • Updated dependencies []:

    • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

  • Updated dependencies [d423168]:
    • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.11

... (truncated)

Commits
  • 610e8d1 ci: Version Packages (#10996)
  • 1f84256 docs: document the select typing caveat for parallel-queries hooks (#10984)
  • b809297 ci: Version Packages (#10977)
  • ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
  • 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
  • 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
  • 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
  • feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
  • f3d8d2a ci: Version Packages (#10774)
  • 532bb29 fix(tests): disable local coverage instrumentation (#10776)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tanstack/react-query since your current version.


Updates @tanstack/react-query-devtools from 5.87.4 to 5.101.2

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

  • Updated dependencies [ed20b6d]:
    • @​tanstack/react-query@​5.100.14
    • @​tanstack/query-devtools@​5.100.14
Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.101.2

Patch Changes

5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

5.101.0

Patch Changes

5.100.14

Patch Changes

  • Updated dependencies [ed20b6d]:
    • @​tanstack/react-query@​5.100.14
    • @​tanstack/query-devtools@​5.100.14

5.100.13

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.13
    • @​tanstack/react-query@​5.100.13

5.100.12

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.12
    • @​tanstack/react-query@​5.100.12

5.100.11

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tanstack/react-query-devtools since your current version.


Updates @trezor/connect-web from 9.6.4 to 9.7.3

Release notes

Sourced from @​trezor/connect-web's releases.

v26.6.1@mobile

Trezor Suite 26.6.1 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v26.6.1

🚀 New features

  • A network filter is now available in the My Assets tab.
  • Solana transaction expiration is shown as a countdown while signing on device.
  • Internal ETH transfers now appear in the transaction list and detail view.
  • Tron support is now available to all users, out of experimental features.
  • DEX swaps are now available in mobile trading.
  • DEX swap token approval and revoke flow is now supported on mobile.
  • The Coins selection screen has been redesigned with Bitcoin backend settings included.
  • Unacquired devices now appear in the device switcher so you can switch back from Portfolio Tracker.

🎨 Improvements

  • Bitcoin is now included in phishing address detection when sending.
  • Contract address checks are now enforced on all EVM networks when sending.
  • The swap From asset picker now includes search and a network filter.
  • Payment method names are now localized on mobile trade screens.
  • The minimum Bitcoin fee rate for normal priority has been lowered to 0.2 sat/vB.
  • The Eject Wallets action now uses a clearer eject icon instead of a bookmark icon.
  • The caps lock indicator during passphrase entry is now clearer and more consistent.

🔧 Bug fixes

  • Fixed a biometric authentication bypass that allowed unauthenticated access to the app.
  • Fixed incorrect APY displayed for non-Everstake Cardano staking accounts.
  • Fixed staking transactions being created before the user confirms by tapping Stake.
  • Fixed the missing Review & Sign button when sending ETH on mobile.
  • Minor bugs and usability improvements across the app.

v26.5.1@mobile

Trezor Suite 26.5.1 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v26.5.1

🚀 New features

  • ERC-681 QR codes are now supported in the send form, making it easier to scan token transfer requests.
  • Concierge trading (OTC) is now available on mobile for large trades.
  • DEX swaps are now available on mobile.
  • Stablecoin yield positions are now visible in the Earn tab in view-only mode.
  • Token management has been improved, including better control over hidden tokens.
  • A congratulations screen now appears after completing device onboarding.
  • Device authenticity verification now includes MCU MLDSA support.
  • BIP329 labels can now be exported from mobile.
  • WalletConnect now warns when your account balance is insufficient before confirming a transaction.
  • Trading offers in the US are now separated by state for more accurate results.

🎨 Improvements

  • Address spacing can now be enabled or disabled for all networks.
  • The mobile trade form has been simplified for a cleaner experience.
  • Device onboarding no longer includes a redundant coin selection step.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​trezor/connect-web since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates bignumber.js from 9.3.1 to 11.1.4

Release notes

Sourced from bignumber.js's releases.

v11.1.3

v11.1 adds a few useful improvements around formatting, parsing, rounding, and interoperability.

BigNumber.sum() now returns zero when called with no arguments, which makes patterns like BigNumber.sum(...arr) work cleanly even when the array is empty.

BigNumber.sum(...[]).toString()      // "0"

toBigInt() has been added, so BigNumber values can now be converted directly to native BigInt values.

new BigNumber("123.9").toBigInt(BigNumber.ROUND_DOWN)        // 123n

There is also a new BigNumber.fromFormat() method for parsing formatted strings back into BigNumber values.

const options =  {  prefix"€",  groupSeparator".",  decimalSeparator"," }
BigNumber.fromFormat("€1.234.567,89", options).toString()      // "1234567.89"

Negative decimal places are now supported by decimalPlaces(), toFixed(), and toFormat(), making it easier to round to tens, hundreds, and thousands etc.

new BigNumber("1234.5").toFormat(-2)      // "1,200"

toFormat() has also been expanded to support minimum and maximum decimal places, and per-call formatting options now fall back to the configured global FORMAT values for anything not explicitly overridden.

new BigNumber("12.3456789").toFormat([2, 5])      // "12.34568"

This release also includes a fix for slow hexadecimal integer base conversion when DECIMAL_PLACES is very large, plus improved TypeScript API test coverage.

Changelog

Sourced from bignumber.js's changelog.

11.1.4

  • 16/06/26
  • [BUGFIX] #407 Fix toFormat duplicating the fraction when groupSize is 0.

11.1.3

  • 05/06/26
  • #406 Fix EXPONENTIAL_AT default value documentation.

11.1.2

  • 30/05/26
  • [BUGFIX] #405 Fix invalid toFormat output for -0.

11.1.1

  • 02/05/26
  • Docs: fix version number and decimalPlaces API description.

11.1.0

  • 30/04/26
  • #401 BigNumber.sum: return zero if there are no arguments.
  • #352 Add toBigInt method.
  • #286 Add fromFormat method.
  • #262 decimalPlaces, toFixed and toFormat: support negative decimal places.
  • #260 toFormat: support minimum/maximum decimal places.
  • toFormat: fallback to FORMAT for each property not in options.
  • [BUGFIX] #342 Large DECIMAL_PLACES causing slow hex integer base conversion.
  • Typescript: add test_api.ts to improved typed API test coverage.

11.0.0

  • ...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
Copilot AI review requested due to automatic review settings June 29, 2026 23:49
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@socket-security

socket-security Bot commented Jun 29, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @amplitude/plugin-custom-enrichment-browser is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@amplitude/analytics-browser@2.44.4npm/@amplitude/plugin-custom-enrichment-browser@0.1.13

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@amplitude/plugin-custom-enrichment-browser@0.1.13. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/next@16.2.9npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @ethereumjs/rlp under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/rlp@10.1.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/rlp@10.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @ethereumjs/tx under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/tx@10.1.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/tx@10.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @ethereumjs/util under MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@ethereumjs/util@10.1.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/util@10.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @sentry/cli under LicenseRef-FSL-1.1-MIT

License: LicenseRef-FSL-1.1-MIT - The applicable license policy does not permit this license (5) (package/LICENSE)

From: pnpm-lock.yamlnpm/@sentry/nextjs@10.63.0npm/@sentry/cli@2.58.6

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/cli@2.58.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/blockchain-link under LicenseRef-T-RSL

License: LicenseRef-T-RSL - The applicable license policy does not permit this license (5) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/blockchain-link@2.6.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/blockchain-link@2.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect-plugin-stellar under LicenseRef-T-RSL

License: LicenseRef-T-RSL - The applicable license policy does not permit this license (5) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@10.0.0-alpha.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-plugin-stellar@10.0.0-alpha.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect-web under LicenseRef-T-RSL

License: LicenseRef-T-RSL - The applicable license policy does not permit this license (5) (package/LICENSE.md)

From: package.jsonnpm/@trezor/connect-web@9.7.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-web@9.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/connect under LicenseRef-T-RSL

License: LicenseRef-T-RSL - The applicable license policy does not permit this license (5) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/connect@9.7.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect@9.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @trezor/transport under LicenseRef-T-RSL

License: LicenseRef-T-RSL - The applicable license policy does not permit this license (5) (package/LICENSE.md)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/@trezor/transport@1.6.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/transport@1.6.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm axe-core under MIT AND MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-next@16.2.9npm/axe-core@4.12.1

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axe-core@4.12.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-next@16.2.9npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm next

Location: Package overview

From: package.jsonnpm/next@16.2.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.2.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm typescript under MIT-Khronos-old

License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

From: package.jsonnpm/typescript@6.0.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm usb under GPL-1.0-only

License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/ezusb.h)

License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/ezusb.c)

License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/fxload.c)

From: pnpm-lock.yamlnpm/@trezor/connect-web@9.7.3npm/@creit.tech/stellar-wallets-kit@2.5.0npm/@trezor/connect-plugin-stellar@9.2.3npm/usb@2.18.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/usb@2.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm yargs is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/jest@30.4.2npm/yargs@17.7.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/yargs@17.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-project-automation github-project-automation Bot moved this to Backlog (Not Ready) in DevX Jun 29, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c8da45c468

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread package.json
"immer": "^11.1.8",
"lodash": "^4.18.1",
"lossless-json": "^4.3.0",
"next": "16.2.9",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep the Next build on Webpack until config is migrated

In CI/Docker contexts that run pnpm build, this bump changes next build to Turbopack by default. The repo still has a custom webpack callback in next.config.js for sodium-native and cache handling, and the Next 16 upgrade guide says a custom webpack config makes next build fail unless you migrate it or opt out with --webpack. Because .github/workflows/build.yml and the Dockerfile invoke pnpm build unchanged, this dependency bump blocks production and CI builds.

Useful? React with 👍 / 👎.

Comment thread package.json
"immer": "^11.1.8",
"lodash": "^4.18.1",
"lossless-json": "^4.3.0",
"next": "16.2.9",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Replace remaining next lint invocations

For lint/pre-commit workflows, this upgrade removes the CLI that the repo still invokes: package.json keeps lint as next lint, and .lintstagedrc.js builds next lint --fix --file .... The Next 16 upgrade guide states that the next lint command has been removed, so pnpm lint and staged JS/TS commits fail after installing this version unless these callers are migrated to ESLint or another linter.

Useful? React with 👍 / 👎.

Bumps the all-dependencies group with 30 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@amplitude/analytics-browser](https://github.com/amplitude/Amplitude-TypeScript) | `2.23.7` | `2.44.4` |
| [@creit.tech/stellar-wallets-kit](https://github.com/Creit-Tech/Stellar-Wallets-Kit) | `2.2.0` | `2.5.0` |
| [@ledgerhq/hw-app-str](https://github.com/LedgerHQ/ledger-live) | `7.2.9` | `7.7.5` |
| [@ledgerhq/hw-transport-webhid](https://github.com/LedgerHQ/ledger-live) | `6.30.9` | `6.36.0` |
| [@next/third-parties](https://github.com/vercel/next.js/tree/HEAD/packages/third-parties) | `15.5.7` | `16.2.9` |
| [@sentry/nextjs](https://github.com/getsentry/sentry-javascript) | `10.29.0` | `10.63.0` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.87.4` | `5.101.2` |
| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.87.4` | `5.101.2` |
| [@trezor/connect-web](https://github.com/trezor/trezor-suite) | `9.6.4` | `9.7.3` |
| [bignumber.js](https://github.com/MikeMcl/bignumber.js) | `9.3.1` | `11.1.4` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.4.11` |
| [html-react-parser](https://github.com/remarkablemark/html-react-parser) | `5.2.6` | `6.1.3` |
| [immer](https://github.com/immerjs/immer) | `10.1.3` | `11.1.9` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) | `4.17.20` | `4.17.24` |
| [lossless-json](https://github.com/josdejong/lossless-json) | `4.2.0` | `4.3.0` |
| [next](https://github.com/vercel/next.js) | `15.5.15` | `16.2.9` |
| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.1` |
| [zustand-querystring](https://github.com/nitedani/zustand-querystring) | `0.0.19` | `0.7.0` |
| [@next/eslint-plugin-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-plugin-next) | `15.5.3` | `16.2.9` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.57.0` | `1.61.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.1` | `26.1.0` |
| [eslint](https://github.com/eslint/eslint) | `9.35.0` | `10.6.0` |
| [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) | `15.4.4` | `16.2.9` |
| [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `5.2.0` | `7.1.1` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.4.2` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.1.6` | `17.0.8` |
| [prettier](https://github.com/prettier/prettier) | `3.6.2` | `3.9.4` |
| [sass](https://github.com/sass/dart-sass) | `1.92.1` | `1.101.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.2` | `6.0.3` |



Updates `@amplitude/analytics-browser` from 2.23.7 to 2.44.4
- [Release notes](https://github.com/amplitude/Amplitude-TypeScript/releases)
- [Commits](https://github.com/amplitude/Amplitude-TypeScript/compare/@amplitude/analytics-browser@2.23.7...@amplitude/analytics-browser@2.44.4)

Updates `@creit.tech/stellar-wallets-kit` from 2.2.0 to 2.5.0
- [Release notes](https://github.com/Creit-Tech/Stellar-Wallets-Kit/releases)
- [Changelog](https://github.com/Creit-Tech/Stellar-Wallets-Kit/blob/main/CHANGELOG.md)
- [Commits](Creit-Tech/Stellar-Wallets-Kit@v2.2.0...v2.5.0)

Updates `@ledgerhq/hw-app-str` from 7.2.9 to 7.7.5
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/commits/@ledgerhq/hw-app-str@7.7.5)

Updates `@ledgerhq/hw-transport-webhid` from 6.30.9 to 6.36.0
- [Release notes](https://github.com/LedgerHQ/ledger-live/releases)
- [Commits](https://github.com/LedgerHQ/ledger-live/compare/@ledgerhq/hw-transport-http@6.30.9...@ledgerhq/hw-transport-webhid@6.36.0)

Updates `@next/third-parties` from 15.5.7 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/third-parties)

Updates `@sentry/nextjs` from 10.29.0 to 10.63.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.29.0...10.63.0)

Updates `@tanstack/react-query` from 5.87.4 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query)

Updates `@tanstack/react-query-devtools` from 5.87.4 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.101.2/packages/react-query-devtools)

Updates `@trezor/connect-web` from 9.6.4 to 9.7.3
- [Release notes](https://github.com/trezor/trezor-suite/releases)
- [Commits](https://github.com/trezor/trezor-suite/commits)

Updates `bignumber.js` from 9.3.1 to 11.1.4
- [Release notes](https://github.com/MikeMcl/bignumber.js/releases)
- [Changelog](https://github.com/MikeMcl/bignumber.js/blob/main/CHANGELOG.md)
- [Commits](MikeMcl/bignumber.js@v9.3.1...v11.1.4)

Updates `dompurify` from 3.2.6 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.4.11)

Updates `html-react-parser` from 5.2.6 to 6.1.3
- [Release notes](https://github.com/remarkablemark/html-react-parser/releases)
- [Changelog](https://github.com/remarkablemark/html-react-parser/blob/master/CHANGELOG.md)
- [Commits](remarkablemark/html-react-parser@v5.2.6...v6.1.3)

Updates `immer` from 10.1.3 to 11.1.9
- [Release notes](https://github.com/immerjs/immer/releases)
- [Commits](immerjs/immer@v10.1.3...v11.1.9)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `@types/lodash` from 4.17.20 to 4.17.24
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash)

Updates `lossless-json` from 4.2.0 to 4.3.0
- [Changelog](https://github.com/josdejong/lossless-json/blob/main/CHANGELOG.md)
- [Commits](josdejong/lossless-json@v4.2.0...v4.3.0)

Updates `next` from 15.5.15 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.15...v16.2.9)

Updates `uuid` from 11.1.0 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v14.0.1)

Updates `zustand-querystring` from 0.0.19 to 0.7.0
- [Release notes](https://github.com/nitedani/zustand-querystring/releases)
- [Commits](https://github.com/nitedani/zustand-querystring/commits)

Updates `@next/eslint-plugin-next` from 15.5.3 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-plugin-next)

Updates `@playwright/test` from 1.57.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.57.0...v1.61.1)

Updates `@types/lodash` from 4.17.20 to 4.17.24
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash)

Updates `@types/node` from 24.3.1 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.35.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.35.0...v10.6.0)

Updates `eslint-config-next` from 15.4.4 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v16.2.9/packages/eslint-config-next)

Updates `eslint-plugin-react-hooks` from 5.2.0 to 7.1.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks)

Updates `jest` from 30.2.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

Updates `lint-staged` from 16.1.6 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.1.6...v17.0.8)

Updates `prettier` from 3.6.2 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.6.2...3.9.4)

Updates `sass` from 1.92.1 to 1.101.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.92.1...1.101.0)

Updates `typescript` from 5.9.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.2...v6.0.3)

---
updated-dependencies:
- dependency-name: "@amplitude/analytics-browser"
  dependency-version: 2.44.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@creit.tech/stellar-wallets-kit"
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@ledgerhq/hw-app-str"
  dependency-version: 7.7.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@ledgerhq/hw-transport-webhid"
  dependency-version: 6.35.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@next/eslint-plugin-next"
  dependency-version: 16.2.9
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@next/third-parties"
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@sentry/nextjs"
  dependency-version: 10.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@tanstack/react-query-devtools"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@trezor/connect-web"
  dependency-version: 9.7.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@types/lodash"
  dependency-version: 4.17.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: "@types/lodash"
  dependency-version: 4.17.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: bignumber.js
  dependency-version: 11.1.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: eslint-config-next
  dependency-version: 16.2.9
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: html-react-parser
  dependency-version: 6.1.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: immer
  dependency-version: 11.1.8
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: lossless-json
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: prettier
  dependency-version: 3.9.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: sass
  dependency-version: 1.101.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: zustand-querystring
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/all-dependencies-26a73f9044 branch from c8da45c to c77d7f3 Compare July 1, 2026 14:36
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

Status: Backlog (Not Ready)

Development

Successfully merging this pull request may close these issues.

1 participant