deps: bump the all-dependencies group across 1 directory with 20 updates by dependabot[bot] · Pull Request #328 · Fairmint/canton-node-sdk

dependabot · 2026-04-20T18:38:57Z

Bumps the all-dependencies group with 20 updates in the / directory:

Package	From	To
@canton-network/wallet-sdk	`0.21.0`	`1.0.0`
@hardlydifficult/websocket	`1.0.2`	`1.0.73`
@stellar/stellar-base	`14.0.4`	`15.0.0`
axios	`1.13.5`	`1.15.2`
dotenv	`17.2.4`	`17.4.2`
glob	`13.0.1`	`13.0.6`
openapi-fetch	`0.16.0`	`0.17.0`
openapi-typescript	`7.12.0`	`7.13.0`
ws	`8.19.0`	`8.20.0`
@types/node	`25.2.2`	`25.6.0`
@typescript-eslint/eslint-plugin	`8.55.0`	`8.59.1`
@typescript-eslint/parser	`8.55.0`	`8.59.1`
eslint	`9.39.2`	`10.2.1`
jest	`30.2.0`	`30.3.0`
markdownlint-cli	`0.47.0`	`0.48.0`
npm-package-json-lint	`9.1.0`	`10.3.0`
prettier	`3.8.1`	`3.8.3`
prettier-plugin-packagejson	`3.0.0`	`3.0.2`
ts-jest	`29.4.6`	`29.4.9`
typescript	`5.9.3`	`6.0.3`

Updates @canton-network/wallet-sdk from 0.21.0 to 1.0.0

Commits

bf6e78a v1 release (#1644)
4555661 Enable DappProvider interoperability with Wallet SDK w/o casting (#1643)
1a2f020 feat: adjust typescript typings for wallet-sdk v1 fields
b40edd7 docs: add offline signing script (#1616)
bb89a18 feat: rename namespaces and remove core-ledger-client dep (#1612)
f19aabd feat(wallet-sdk): decode prepared transaction and create fingerprint v1 (#1575)
3db00bb feat(wallet-sdk): rewards for deposits v1 (#1563)
1a9b153 feat: add allocation context params and normalize urls (#1600)
8a32448 docs: wallet-sdk v1 party namespace migration (#1593)
ed2a93c fix: unify read acs (#1582)
Additional commits viewable in compare view

Updates @hardlydifficult/websocket from 1.0.2 to 1.0.73

Updates @stellar/stellar-base from 14.0.4 to 15.0.0

Release notes

Sourced from @stellar/stellar-base's releases.

v15.0.0

v15.0.0: Protocol 26

Breaking Changes

TransactionBase.networkPassphrase setter now throws an error to enforce immutability (#891).

React Native apps using the Hermes engine must polyfill broken typed array methods such as subarray; this compatibility is no longer provided by @stellar/js-xdr. One option is @exodus/patch-broken-hermes-typed-arrays. If needed, please review and consider manually adding it to your project.

Construction and encoding of sized XDR integer values now throw on overflow and underflow instead of silently clamping, via @stellar/js-xdr (#133). This may affect code that previously relied on permissive bigint coercion.

Added

XDR definitions have been updated to align with Protocol 26 (#944).

Fixed

Keypair.verify now returns false instead of throwing when the signature is invalid (#892).

Memo.id now correctly rejects negative values, decimal values, and values exceeding the uint64 maximum (2^64 - 1); the error message now correctly says uint64 (#892).

Operation._toXDRPrice now accepts price objects with n: 0 (a zero numerator was previously treated as falsy and fell through to float approximation) (#892).

SignerKey.decodeSignerKey now reads the exact payload length from the 4-byte length prefix when decoding signedPayload signer keys, preventing data truncation or over-read (#892).

TransactionBuilder.cloneFrom now correctly re-encodes extraSigners as StrKey strings (they were previously passed as raw XDR objects) (#892).

TransactionBuilder.cloneFrom now uses Math.floor when computing unscaledFee to prevent fractional fee values (#892).

TransactionBuilder now floors Date timebounds to integer UNIX timestamps (#892).

Auth.bytesToInt64 now correctly handles bytes with upper-32-bit values set by processing each 32-bit half independently (#891).

ScInt constructor now correctly handles string input (#891).

Soroban.parseTokenAmount now throws when the input value has more decimal places than the specified decimals argument (#891).

XDR Array and VarArray decoding now fails fast when the declared array length exceeds the remaining bytes, via @stellar/js-xdr (#132).

Contributors

@Shaptic , @quietbits, @Ryang-21

Full Changelog: stellar/js-stellar-base@v14.1.0...v15.0.0

v14.1.0

v14.1.0

Added

Implemented TransactionBuilder.addSacTransferOperation to remove the need for simulation for SAC (Stellar Asset Contract) transfers by creating the appropriate auth entries and footprint (#861).

Fixed

TransactionBuilder.build now adds this.sorobanData.resourceFee() to baseFee when provided (#861).

The generated XDR type declarations for unions with integer discriminants now use constructors instead of named static methods (stellar/dts-xdr#9) (#874).

Contributors

@wpalmeri made their first contribution in stellar/js-stellar-base#831

@janewang made their first contribution in stellar/js-stellar-base#835

@leighmcculloch, @quietbits, @Ryang-21

Full Changelog: stellar/js-stellar-base@v14.0.4...v14.1.0

Changelog

Sourced from @stellar/stellar-base's changelog.

v15.0.0: Protocol 26

Migration Guide — step-by-step upgrade instructions with code examples and severity ratings.

Breaking Changes

TransactionBase.networkPassphrase setter now throws an error to enforce immutability (#891).

React Native apps using the Hermes engine must polyfill broken typed array methods such as subarray; this compatibility is no longer provided by @stellar/js-xdr. One option is @exodus/patch-broken-hermes-typed-arrays. If needed, please review and consider manually adding it to your project.

Construction and encoding of sized XDR integer values now throw on overflow and underflow instead of silently clamping, via @stellar/js-xdr (#133). This may affect code that previously relied on permissive bigint coercion.

Added

XDR definitions have been updated to align with Protocol 26 (#944).

Fixed

Keypair.verify now returns false instead of throwing when the signature is invalid (#892).

Memo.id now correctly rejects negative values, decimal values, and values exceeding the uint64 maximum (2^64 - 1); the error message now correctly says uint64 (#892).

Operation._toXDRPrice now accepts price objects with n: 0 (a zero numerator was previously treated as falsy and fell through to float approximation) (#892).

SignerKey.decodeSignerKey now reads the exact payload length from the 4-byte length prefix when decoding signedPayload signer keys, preventing data truncation or over-read (#892).

TransactionBuilder.cloneFrom now correctly re-encodes extraSigners as StrKey strings (they were previously passed as raw XDR objects) (#892).

TransactionBuilder.cloneFrom now uses Math.floor when computing unscaledFee to prevent fractional fee values (#892).

TransactionBuilder now floors Date timebounds to integer UNIX timestamps (#892).

Auth.bytesToInt64 now correctly handles bytes with upper-32-bit values set by processing each 32-bit half independently (#891).

ScInt constructor now correctly handles string input (#891).

Soroban.parseTokenAmount now throws when the input value has more decimal places than the specified decimals argument (#891).

XDR Array and VarArray decoding now fails fast when the declared array length exceeds the remaining bytes, via @stellar/js-xdr (#132).

v14.1.0:

Added

Implemented TransactionBuilder.addSacTransferOperation to remove the need for simulation for SAC (Stellar Asset Contract) transfers by creating the appropriate auth entries and footprint (#861).

Fixed

TransactionBuilder.build now adds this.sorobanData.resourceFee() to baseFee when provided (#861).

The generated XDR type declarations for unions with integer discriminants now use constructors instead of named static methods (stellar/dts-xdr#9) (#874).

Commits

591d810 release v15.0.0 (#951)
4830b73 Bump XDR to latest Protocol 26 (#944)
c872f75 Some fixes 2 (#892)
8af961f Some fixes (#891)
1b03f5b Fix publish workflow (#888)
2ffce47 update npm version to minimum version required for OIDC publish (#887)
b88d726 release v14.1.0 (#879)
00d2d94 Regenerate xdr type declarations (#874)
c319d2e SAC transfer transactions without RPC (#861)
3ae4e8c Add Ask DeepWiki badge (#835)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @stellar/stellar-base since your current version.

Updates axios from 1.13.5 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

Commits

5829343 chore(release): prepare release 1.15.2 (#10789)
4709a48 fix: added fix for memory leak in sockets (#10788)
be33360 chore: update changelog (#10781)
4791514 fix: more header pollutions (#10779)
6feafcf fix: socket issue (#10777)
302e273 docs: update docs, add a couple actions etc (#10776)
ac42446 chore(release): prepare release 1.15.1 (#10767)
908f220 docs: update threatmodel (#10765)
f93f815 docs: added docs around potential decompressions bomb (#10763)
1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates dotenv from 17.2.4 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates glob from 13.0.1 to 13.0.6

Commits

e80cb38 13.0.6
9cdbbff revert tsgo, not ready for test coverage correctness yet
89c99ba use tsgo compiler
b7275d5 update deps, expand engines to include node 18
942e360 update workflows, pull taprc out of package.json
4a0d53c update tap for mockImport bugfix
ef94ad2 update tap
180c2d4 update docs
37993c8 remove stray console.error in test
03ae4c2 13.0.5
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates openapi-fetch from 0.16.0 to 0.17.0

Release notes

Sourced from openapi-fetch's releases.

openapi-fetch@0.17.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

#2572 9350ddf Thanks @luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

Updated dependencies [a690e52]:

openapi-typescript-helpers@0.1.0

Changelog

Sourced from openapi-fetch's changelog.

0.17.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

#2572 9350ddf Thanks @luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

Updated dependencies [a690e52]:

openapi-typescript-helpers@0.1.0

Commits

5709d33 [ci] release (#2611)
9350ddf Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked (#2572)
a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
a06e6c3 chore(deps): update dependency superagent to v10.3.0 (#2595)
See full diff in compare view

Updates openapi-typescript from 7.12.0 to 7.13.0

Release notes

Sourced from openapi-typescript's releases.

openapi-typescript@7.13.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Changelog

Sourced from openapi-typescript's changelog.

7.13.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Commits

5709d33 [ci] release (#2611)
a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
79a443b chore(deps): update dependency vite-node to v5 (#2602)
See full diff in compare view

Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

8439255 [dist] 8.20.0
d3503c1 [minor] Export the PerMessageDeflate class and header utils
3ee5349 [api] Convert the isServer and maxPayload parameters to options
91707b4 [doc] Add missing space
8b55319 [pkg] Update eslint to version 10.0.1
ca533a5 [pkg] Update globals to version 17.0.0
See full diff in compare view

Updates @types/node from 25.2.2 to 25.6.0

Commits

See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.55.0 to 8.59.1

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.2

8.58.2 (2026-04-13)

🩹 Fixes

remove tsbuildinfo cache file from published packages (#12187)

eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147)

❤️ Thank You

Abhijeet Singh @cseas

송재욱

... (truncated)

Changelog

Sourced from @typescript-eslint/eslint-plugin's changelog.

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

🚀 Features

eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147)

remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

Abhijeet Singh @cseas

송재욱

See GitHub Releases for more information.

... (truncated)

Commits

5245793 chore(release): publish 8.59.1
3cef124 chore(eslint-plugin): switch auto-generated test cases to hand-written in dot...
27c507b test: make sort-type-constituents tests fully static (#12262)
a03b31d chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
a7099a7 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
bfbd4a5 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
b49d4b1 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
3097e72 chore(eslint-plugin): switch auto-generated test cases to hand-written in nam...
676191b chore(eslint-plugin): switch auto-generated test cases to hand-written in mem...
e9dce8b fix(eslint-plugin): [no-unnecessary-condition] treat void as nullish in no-un...
Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.55.0 to 8.59.1

Release notes

Sourced from @typescript-eslint/parser's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releasesDescription has been truncated

Bumps the all-dependencies group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@canton-network/wallet-sdk](https://github.com/hyperledger-labs/splice-wallet-kernel/tree/HEAD/sdk/wallet-sdk) | `0.21.0` | `1.0.0` | | @hardlydifficult/websocket | `1.0.2` | `1.0.73` | | [@stellar/stellar-base](https://github.com/stellar/js-stellar-base) | `14.0.4` | `15.0.0` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.2` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.4` | `17.4.2` | | [glob](https://github.com/isaacs/node-glob) | `13.0.1` | `13.0.6` | | [openapi-fetch](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-fetch) | `0.16.0` | `0.17.0` | | [openapi-typescript](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-typescript) | `7.12.0` | `7.13.0` | | [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.2` | `25.6.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.55.0` | `8.59.1` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.55.0` | `8.59.1` | | [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.2.1` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.3.0` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.47.0` | `0.48.0` | | [npm-package-json-lint](https://github.com/tclindner/npm-package-json-lint) | `9.1.0` | `10.3.0` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) | `3.0.0` | `3.0.2` | | [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.9` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` | Updates `@canton-network/wallet-sdk` from 0.21.0 to 1.0.0 - [Release notes](https://github.com/hyperledger-labs/splice-wallet-kernel/releases) - [Changelog](https://github.com/canton-network/wallet-gateway/blob/main/docs/RELEASES.md) - [Commits](https://github.com/hyperledger-labs/splice-wallet-kernel/commits/@canton-network/wallet-sdk@1.0.0/sdk/wallet-sdk) Updates `@hardlydifficult/websocket` from 1.0.2 to 1.0.73 Updates `@stellar/stellar-base` from 14.0.4 to 15.0.0 - [Release notes](https://github.com/stellar/js-stellar-base/releases) - [Changelog](https://github.com/stellar/js-stellar-base/blob/master/CHANGELOG.md) - [Commits](stellar/js-stellar-base@v14.0.4...v15.0.0) Updates `axios` from 1.13.5 to 1.15.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.2) Updates `dotenv` from 17.2.4 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.4...v17.4.2) Updates `glob` from 13.0.1 to 13.0.6 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v13.0.1...v13.0.6) Updates `openapi-fetch` from 0.16.0 to 0.17.0 - [Release notes](https://github.com/openapi-ts/openapi-typescript/releases) - [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-fetch/CHANGELOG.md) - [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-fetch@0.17.0/packages/openapi-fetch) Updates `openapi-typescript` from 7.12.0 to 7.13.0 - [Release notes](https://github.com/openapi-ts/openapi-typescript/releases) - [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-typescript/CHANGELOG.md) - [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-typescript@7.13.0/packages/openapi-typescript) Updates `ws` from 8.19.0 to 8.20.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.0) Updates `@types/node` from 25.2.2 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@typescript-eslint/eslint-plugin` from 8.55.0 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.55.0 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/parser) Updates `eslint` from 9.39.2 to 10.2.1 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.2...v10.2.1) Updates `jest` from 30.2.0 to 30.3.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest) Updates `markdownlint-cli` from 0.47.0 to 0.48.0 - [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases) - [Commits](igorshubovych/markdownlint-cli@v0.47.0...v0.48.0) Updates `npm-package-json-lint` from 9.1.0 to 10.3.0 - [Release notes](https://github.com/tclindner/npm-package-json-lint/releases) - [Changelog](https://github.com/tclindner/npm-package-json-lint/blob/master/CHANGELOG.md) - [Commits](tclindner/npm-package-json-lint@v9.1.0...v10.3.0) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.3) Updates `prettier-plugin-packagejson` from 3.0.0 to 3.0.2 - [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases) - [Commits](matzkoh/prettier-plugin-packagejson@v3.0.0...v3.0.2) Updates `ts-jest` from 29.4.6 to 29.4.9 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.4.6...v29.4.9) Updates `typescript` from 5.9.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: "@canton-network/wallet-sdk" dependency-version: 0.21.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@hardlydifficult/websocket" dependency-version: 1.0.73 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@stellar/stellar-base" dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.58.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@typescript-eslint/parser" dependency-version: 8.58.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: eslint dependency-version: 10.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: glob dependency-version: 13.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: jest dependency-version: 30.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: markdownlint-cli dependency-version: 0.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: npm-package-json-lint dependency-version: 10.2.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: openapi-fetch dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: openapi-typescript dependency-version: 7.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: prettier dependency-version: 3.8.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: prettier-plugin-packagejson dependency-version: 3.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: ts-jest dependency-version: 29.4.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: ws dependency-version: 8.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-04T20:37:49Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
jest@30.2.0 ⏵ 30.3.0	⁺¹		⁺¹
@typescript-eslint/parser@8.55.0 ⏵ 8.59.1	⁺¹		⁺¹
@hardlydifficult/websocket@1.0.2 ⏵ 1.0.73			⁺¹	⁺⁷
@typescript-eslint/eslint-plugin@8.55.0 ⏵ 8.59.1	⁺¹		⁺¹
@types/node@25.2.2 ⏵ 25.6.0
prettier-plugin-packagejson@3.0.0 ⏵ 3.0.2
glob@13.0.1 ⏵ 13.0.6	^-4
markdownlint-cli@0.47.0 ⏵ 0.48.0				^-1
openapi-typescript@7.12.0 ⏵ 7.13.0	⁺¹		⁺¹
openapi-fetch@0.16.0 ⏵ 0.17.0	⁺¹		⁺¹
ws@8.20.0
@canton-network/wallet-sdk@0.21.0 ⏵ 1.0.0			⁺²
eslint@9.39.2 ⏵ 10.2.1	⁺¹
axios@1.13.5 ⏵ 1.15.2	^-1	⁺³
typescript@6.0.3
prettier@3.8.1 ⏵ 3.8.3			⁺¹
ts-jest@29.4.6 ⏵ 29.4.9
npm-package-json-lint@9.1.0 ⏵ 10.3.0	⁺¹			⁺¹²
dotenv@17.2.4 ⏵ 17.4.2
@stellar/stellar-base@14.0.4 ⏵ 15.0.0				⁺⁴

View full report

dependabot · 2026-05-11T23:44:10Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/all-dependencies-14ba0deef8 branch 3 times, most recently from 50d84b9 to c663777 Compare April 29, 2026 20:52

dependabot Bot force-pushed the dependabot/npm_and_yarn/all-dependencies-14ba0deef8 branch from c663777 to 9c9020d Compare May 4, 2026 20:37

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/all-dependencies-14ba0deef8 branch May 11, 2026 23:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the all-dependencies group across 1 directory with 20 updates#328

deps: bump the all-dependencies group across 1 directory with 20 updates#328
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dependencies-14ba0deef8

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 4, 2026

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v15.0.0

v15.0.0: Protocol 26

Breaking Changes

Added

Fixed

Contributors

v14.1.0

v14.1.0

Added

Fixed

Contributors

v15.0.0: Protocol 26

Breaking Changes

Added

Fixed

v14.1.0:

Added

Fixed

v1.15.2

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

v1.15.2 - April 21, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.1 - April 19, 2026

🔒 Security Fixes

🚀 New Features

17.4.2 (2026-04-12)

Changed

17.4.1 (2026-04-05)

Changed

17.4.0 (2026-04-01)

Added

Changed

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

openapi-fetch@0.17.0

Minor Changes

Patch Changes

0.17.0

Minor Changes

Patch Changes

openapi-typescript@7.13.0

Minor Changes

7.13.0

Minor Changes

8.20.0

Features

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

❤️ Thank You

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

❤️ Thank You

v8.58.2

8.58.2 (2026-04-13)

🩹 Fixes

❤️ Thank You

8.59.1 (2026-04-27)

🩹 Fixes

❤️ Thank You

8.59.0 (2026-04-20)

🚀 Features

❤️ Thank You

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

`v15.0.0`: Protocol 26

`v15.0.0`: Protocol 26

`v14.1.0`: