deps: bump the all-dependencies group across 1 directory with 22 updates by dependabot[bot] · Pull Request #336 · Fairmint/canton-node-sdk

dependabot · 2026-05-25T22:12:42Z

Bumps the all-dependencies group with 22 updates in the / directory:

Package	From	To
@canton-network/wallet-sdk	`0.21.0`	`1.2.1`
@hardlydifficult/websocket	`1.0.2`	`1.0.73`
@stellar/stellar-base	`14.0.4`	`15.0.0`
axios	`1.13.5`	`1.16.1`
dotenv	`17.2.4`	`17.4.2`
glob	`13.0.1`	`13.0.6`
openapi-fetch	`0.16.0`	`0.17.0`
openapi-typescript	`7.12.0`	`7.13.0`
ws	`8.19.0`	`8.20.1`
zod	`4.3.6`	`4.4.3`
@types/node	`25.2.2`	`25.9.0`
@typescript-eslint/eslint-plugin	`8.55.0`	`8.59.4`
@typescript-eslint/parser	`8.55.0`	`8.59.4`
eslint	`9.39.2`	`10.4.0`
jest	`30.2.0`	`30.4.2`
markdownlint-cli	`0.47.0`	`0.48.0`
npm-package-json-lint	`9.1.0`	`10.4.0`
prettier	`3.8.1`	`3.8.3`
prettier-plugin-packagejson	`3.0.0`	`3.0.2`
ts-jest	`29.4.6`	`29.4.9`
tsx	`4.21.0`	`4.22.2`
typescript	`5.9.3`	`6.0.3`

Updates @canton-network/wallet-sdk from 0.21.0 to 1.2.1

Release notes

Sourced from @canton-network/wallet-sdk's releases.

@canton-network/wallet-sdk@1.2.1

1.2.1 (2026-05-13)

🩹 Fixes

typo in handling of unathenticated connection (#1748)

wallet-sdk: fix wallet sdk types (#1727)

🧱 Updated Dependencies

Updated @canton-network/core-token-standard-service to 1.2.3

Updated @canton-network/core-ledger-client-types to 1.2.3

Updated @canton-network/core-asyncapi-client to 1.2.3

Updated @canton-network/core-provider-ledger to 1.2.3

Updated @canton-network/core-splice-provider to 1.2.3

Updated @canton-network/core-amulet-service to 1.2.3

Updated @canton-network/core-token-standard to 1.2.3

Updated @canton-network/core-provider-dapp to 1.2.3

Updated @canton-network/core-splice-client to 1.2.3

Updated @canton-network/core-tx-visualizer to 1.2.3

Updated @canton-network/core-ledger-proto to 1.2.3

Updated @canton-network/core-signing-lib to 1.2.3

Updated @canton-network/core-wallet-auth to 1.2.3

Updated @canton-network/core-acs-reader to 1.10.3

Updated @canton-network/core-tx-parser to 1.2.3

Updated @canton-network/core-types to 1.2.3

❤️ Thank You

mateuszpiatkowski-da

Phillip Olesen @PHOL-DA

@canton-network/wallet-sdk@1.2.0

1.2.0 (2026-05-13)

🩹 Fixes

allow connecting to no-auth validator (#1742)

merge utxos stress test and ensure the precision of merge amount doesn't go over 10 (#1699)

🧱 Updated Dependencies

Updated @canton-network/core-token-standard-service to 1.2.2

Updated @canton-network/core-ledger-client-types to 1.2.2

Updated @canton-network/core-asyncapi-client to 1.2.2

Updated @canton-network/core-provider-ledger to 1.2.2

Updated @canton-network/core-splice-provider to 1.2.2

Updated @canton-network/core-amulet-service to 1.2.2

Updated @canton-network/core-token-standard to 1.2.2

Updated @canton-network/core-splice-client to 1.2.2

... (truncated)

Commits

7479eea chore(release): publish (#1751)
640e933 fix: typo in handling of unathenticated connection (#1748)
d329609 fix(wallet-sdk): fix wallet sdk types (#1727)
154c008 chore(release): publish (#1744)
c6e46e2 fix: allow connecting to no-auth validator (#1742)
279fdb1 fox(sdk-wallet): clear error message for missing auth (#1730)
146b9fa chore: rename hyperledger labs (#1710)
f889a43 fix: merge utxos stress test and ensure the precision of merge amount doesn't...
922271a chore(release): publish (#1683)
8b9f111 feat(core-ledger-client): upgrade splice to 0.6.1 (#1681)
Additional commits viewable in compare view

Updates @hardlydifficult/websocket from 1.0.2 to 1.0.73

Updates @stellar/stellar-base from 14.0.4 to 15.0.0

Release notes

Sourced from @stellar/stellar-base's releases.

v15.0.0

v15.0.0: Protocol 26

Breaking Changes

TransactionBase.networkPassphrase setter now throws an error to enforce immutability (#891).

React Native apps using the Hermes engine must polyfill broken typed array methods such as subarray; this compatibility is no longer provided by @stellar/js-xdr. One option is @exodus/patch-broken-hermes-typed-arrays. If needed, please review and consider manually adding it to your project.

Construction and encoding of sized XDR integer values now throw on overflow and underflow instead of silently clamping, via @stellar/js-xdr (#133). This may affect code that previously relied on permissive bigint coercion.

Added

XDR definitions have been updated to align with Protocol 26 (#944).

Fixed

Keypair.verify now returns false instead of throwing when the signature is invalid (#892).

Memo.id now correctly rejects negative values, decimal values, and values exceeding the uint64 maximum (2^64 - 1); the error message now correctly says uint64 (#892).

Operation._toXDRPrice now accepts price objects with n: 0 (a zero numerator was previously treated as falsy and fell through to float approximation) (#892).

SignerKey.decodeSignerKey now reads the exact payload length from the 4-byte length prefix when decoding signedPayload signer keys, preventing data truncation or over-read (#892).

TransactionBuilder.cloneFrom now correctly re-encodes extraSigners as StrKey strings (they were previously passed as raw XDR objects) (#892).

TransactionBuilder.cloneFrom now uses Math.floor when computing unscaledFee to prevent fractional fee values (#892).

TransactionBuilder now floors Date timebounds to integer UNIX timestamps (#892).

Auth.bytesToInt64 now correctly handles bytes with upper-32-bit values set by processing each 32-bit half independently (#891).

ScInt constructor now correctly handles string input (#891).

Soroban.parseTokenAmount now throws when the input value has more decimal places than the specified decimals argument (#891).

XDR Array and VarArray decoding now fails fast when the declared array length exceeds the remaining bytes, via @stellar/js-xdr (#132).

Contributors

@Shaptic , @quietbits, @Ryang-21

Full Changelog: stellar/js-stellar-base@v14.1.0...v15.0.0

v14.1.0

v14.1.0

Added

Implemented TransactionBuilder.addSacTransferOperation to remove the need for simulation for SAC (Stellar Asset Contract) transfers by creating the appropriate auth entries and footprint (#861).

Fixed

TransactionBuilder.build now adds this.sorobanData.resourceFee() to baseFee when provided (#861).

The generated XDR type declarations for unions with integer discriminants now use constructors instead of named static methods (stellar/dts-xdr#9) (#874).

Contributors

@wpalmeri made their first contribution in stellar/js-stellar-base#831

@janewang made their first contribution in stellar/js-stellar-base#835

@leighmcculloch, @quietbits, @Ryang-21

Full Changelog: stellar/js-stellar-base@v14.0.4...v14.1.0

Changelog

Sourced from @stellar/stellar-base's changelog.

v15.0.0: Protocol 26

Migration Guide — step-by-step upgrade instructions with code examples and severity ratings.

Breaking Changes

TransactionBase.networkPassphrase setter now throws an error to enforce immutability (#891).

React Native apps using the Hermes engine must polyfill broken typed array methods such as subarray; this compatibility is no longer provided by @stellar/js-xdr. One option is @exodus/patch-broken-hermes-typed-arrays. If needed, please review and consider manually adding it to your project.

Construction and encoding of sized XDR integer values now throw on overflow and underflow instead of silently clamping, via @stellar/js-xdr (#133). This may affect code that previously relied on permissive bigint coercion.

Added

XDR definitions have been updated to align with Protocol 26 (#944).

Fixed

Keypair.verify now returns false instead of throwing when the signature is invalid (#892).

Memo.id now correctly rejects negative values, decimal values, and values exceeding the uint64 maximum (2^64 - 1); the error message now correctly says uint64 (#892).

Operation._toXDRPrice now accepts price objects with n: 0 (a zero numerator was previously treated as falsy and fell through to float approximation) (#892).

SignerKey.decodeSignerKey now reads the exact payload length from the 4-byte length prefix when decoding signedPayload signer keys, preventing data truncation or over-read (#892).

TransactionBuilder.cloneFrom now correctly re-encodes extraSigners as StrKey strings (they were previously passed as raw XDR objects) (#892).

TransactionBuilder.cloneFrom now uses Math.floor when computing unscaledFee to prevent fractional fee values (#892).

TransactionBuilder now floors Date timebounds to integer UNIX timestamps (#892).

Auth.bytesToInt64 now correctly handles bytes with upper-32-bit values set by processing each 32-bit half independently (#891).

ScInt constructor now correctly handles string input (#891).

Soroban.parseTokenAmount now throws when the input value has more decimal places than the specified decimals argument (#891).

XDR Array and VarArray decoding now fails fast when the declared array length exceeds the remaining bytes, via @stellar/js-xdr (#132).

v14.1.0:

Added

Implemented TransactionBuilder.addSacTransferOperation to remove the need for simulation for SAC (Stellar Asset Contract) transfers by creating the appropriate auth entries and footprint (#861).

Fixed

TransactionBuilder.build now adds this.sorobanData.resourceFee() to baseFee when provided (#861).

The generated XDR type declarations for unions with integer discriminants now use constructors instead of named static methods (stellar/dts-xdr#9) (#874).

Commits

591d810 release v15.0.0 (#951)
4830b73 Bump XDR to latest Protocol 26 (#944)
c872f75 Some fixes 2 (#892)
8af961f Some fixes (#891)
1b03f5b Fix publish workflow (#888)
2ffce47 update npm version to minimum version required for OIDC publish (#887)
b88d726 release v14.1.0 (#879)
00d2d94 Regenerate xdr type declarations (#874)
c319d2e SAC transfer transactions without RPC (#861)
3ae4e8c Add Ask DeepWiki badge (#835)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @stellar/stellar-base since your current version.

Updates axios from 1.13.5 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)

Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)

CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)

Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)

XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)

Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)

Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)

URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)

composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)

AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)

Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)

Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)

Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@hpinmetaverse (#10836)

@tommyhgunz14 (#7413)

@abhu85 (#10829)

@divyanshuraj1095 (#10853)

@sagodi97 (#10856)

@rkdfx (#10868)

@Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)

Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)

CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)

Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)

XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)

Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)

Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)

URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)

composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)

AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)

Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)

Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)

Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@hpinmetaverse (#10836)

@tommyhgunz14 (#7413)

@abhu85 (#10829)

@divyanshuraj1095 (#10853)

@sagodi97 (#10856)

@rkdfx (#10868)

@Liuwei1125 (#10866)

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Commits

1337d6b chore(release): prepare release 1.16.1 (#10877)
858a790 fix: remove all caches (#10882)
34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
847d89b fix: support URL object as config.url input (#10866)
4094886 fix(progress): guard malformed XHR upload events (#10868)
44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
64e1095 chore: update PR and issue template to use h2 (#10865)
3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
caa00a9 fix: https data in cleartext to proxy (#10858)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates dotenv from 17.2.4 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

Commits

f116f70 17.4.2
3a81612 fix visual order of faq
13f55a8 Merge branch 'skill'
4bbbf73 reorganize faq
c3da64b Merge pull request #1009 from motdotla/skill
6f743b1 update source
fc2c624 update skill
972315b Tighten up skill
2795fce reorganize faq
d5495d4 adjust skill
Additional commits viewable in compare view

Updates glob from 13.0.1 to 13.0.6

Commits

e80cb38 13.0.6
9cdbbff revert tsgo, not ready for test coverage correctness yet
89c99ba use tsgo compiler
b7275d5 update deps, expand engines to include node 18
942e360 update workflows, pull taprc out of package.json
4a0d53c update tap for mockImport bugfix
ef94ad2 update tap
180c2d4 update docs
37993c8 remove stray console.error in test
03ae4c2 13.0.5
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates openapi-fetch from 0.16.0 to 0.17.0

Release notes

Sourced from openapi-fetch's releases.

openapi-fetch@0.17.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

#2572 9350ddf Thanks @luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

Updated dependencies [a690e52]:

openapi-typescript-helpers@0.1.0

Changelog

Sourced from openapi-fetch's changelog.

0.17.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Patch Changes

#2572 9350ddf Thanks @luis-guideti! - Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked

Updated dependencies [a690e52]:

openapi-typescript-helpers@0.1.0

Commits

5709d33 [ci] release (#2611)
9350ddf Do not treat Content-Length=0 as empty when Transfer-Encoding is chunked (#2572)
a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
a06e6c3 chore(deps): update dependency superagent to v10.3.0 (#2595)
See full diff in compare view

Updates openapi-typescript from 7.12.0 to 7.13.0

Release notes

Sourced from openapi-typescript's releases.

openapi-typescript@7.13.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Changelog

Sourced from openapi-typescript's changelog.

7.13.0

Minor Changes

#2549 a690e52 Thanks @abumalick! - Add readOnly/writeOnly support via --read-write-markers flag. When enabled, readOnly properties are wrapped with $Read<T> and writeOnly properties with $Write<T>. openapi-fetch uses Readable<T> and Writable<T> helpers to exclude these properties from responses and request bodies respectively.

Commits

5709d33 [ci] release (#2611)
a690e52 feat(openapi-typescript): add readOnly/writeOnly support via markers (#2549)
79a443b chore(deps): update dependency vite-node to v5 (#2602)
See full diff in compare view

Updates ws from 8.19.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.
import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});
The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

Commits

5d9b316 [dist] 8.20.1
c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
ce2a3d6 [ci] Test on node 26
58e45b8 [ci] Do not test on node 25
5f26c24 [ci] Run the lint step on node 24
8439255 [dist] 8.20.0
d3503c1 [minor] Export the PerMessageDeflate class and header utils
3ee5349 [api] Convert the isServer and maxPayload parameters to options
91707b4 [doc] Add missing space
8b55319 [pkg] Update eslint to version 10.0.1
Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo

2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing

7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones

2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern

9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)

b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)

1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)

c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)

f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3

1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)

20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps

6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)

4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing

bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents

cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint

292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor

1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion

1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance

e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes

e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights

905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing

bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md

8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch

02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)

88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig

c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow

95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations

cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)

edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1

180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits

1fb56a5 docs: document release procedure in AGENTS.md
f3c9ec0 4.4.3
c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
9195250 docs: remove Mintlify from bronze sponsors (churned)
2c70332 docs: normalize bronze sponsor logos to github avatar pattern
7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Updates @types/node from 25.2.2 to 25.9.0

Commits

See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.55.0 to 8.59.4

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.5...
Description has been truncated

Bumps the all-dependencies group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@canton-network/wallet-sdk](https://github.com/canton-network/wallet/tree/HEAD/sdk/wallet-sdk) | `0.21.0` | `1.2.1` | | @hardlydifficult/websocket | `1.0.2` | `1.0.73` | | [@stellar/stellar-base](https://github.com/stellar/js-stellar-base) | `14.0.4` | `15.0.0` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.4` | `17.4.2` | | [glob](https://github.com/isaacs/node-glob) | `13.0.1` | `13.0.6` | | [openapi-fetch](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-fetch) | `0.16.0` | `0.17.0` | | [openapi-typescript](https://github.com/openapi-ts/openapi-typescript/tree/HEAD/packages/openapi-typescript) | `7.12.0` | `7.13.0` | | [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.1` | | [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.2` | `25.9.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.55.0` | `8.59.4` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.55.0` | `8.59.4` | | [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.4.0` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.4.2` | | [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.47.0` | `0.48.0` | | [npm-package-json-lint](https://github.com/tclindner/npm-package-json-lint) | `9.1.0` | `10.4.0` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) | `3.0.0` | `3.0.2` | | [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.9` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.2` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` | Updates `@canton-network/wallet-sdk` from 0.21.0 to 1.2.1 - [Release notes](https://github.com/canton-network/wallet/releases) - [Changelog](https://github.com/canton-network/wallet/blob/main/docs/RELEASES.md) - [Commits](https://github.com/canton-network/wallet/commits/@canton-network/wallet-sdk@1.2.1/sdk/wallet-sdk) Updates `@hardlydifficult/websocket` from 1.0.2 to 1.0.73 Updates `@stellar/stellar-base` from 14.0.4 to 15.0.0 - [Release notes](https://github.com/stellar/js-stellar-base/releases) - [Changelog](https://github.com/stellar/js-stellar-base/blob/master/CHANGELOG.md) - [Commits](stellar/js-stellar-base@v14.0.4...v15.0.0) Updates `axios` from 1.13.5 to 1.16.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.16.1) Updates `dotenv` from 17.2.4 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.4...v17.4.2) Updates `glob` from 13.0.1 to 13.0.6 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v13.0.1...v13.0.6) Updates `openapi-fetch` from 0.16.0 to 0.17.0 - [Release notes](https://github.com/openapi-ts/openapi-typescript/releases) - [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-fetch/CHANGELOG.md) - [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-fetch@0.17.0/packages/openapi-fetch) Updates `openapi-typescript` from 7.12.0 to 7.13.0 - [Release notes](https://github.com/openapi-ts/openapi-typescript/releases) - [Changelog](https://github.com/openapi-ts/openapi-typescript/blob/main/packages/openapi-typescript/CHANGELOG.md) - [Commits](https://github.com/openapi-ts/openapi-typescript/commits/openapi-typescript@7.13.0/packages/openapi-typescript) Updates `ws` from 8.19.0 to 8.20.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.1) Updates `zod` from 4.3.6 to 4.4.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.3.6...v4.4.3) Updates `@types/node` from 25.2.2 to 25.9.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@typescript-eslint/eslint-plugin` from 8.55.0 to 8.59.4 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.4/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.55.0 to 8.59.4 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.4/packages/parser) Updates `eslint` from 9.39.2 to 10.4.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.2...v10.4.0) Updates `jest` from 30.2.0 to 30.4.2 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest) Updates `markdownlint-cli` from 0.47.0 to 0.48.0 - [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases) - [Commits](igorshubovych/markdownlint-cli@v0.47.0...v0.48.0) Updates `npm-package-json-lint` from 9.1.0 to 10.4.0 - [Release notes](https://github.com/tclindner/npm-package-json-lint/releases) - [Changelog](https://github.com/tclindner/npm-package-json-lint/blob/master/CHANGELOG.md) - [Commits](tclindner/npm-package-json-lint@v9.1.0...v10.4.0) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.3) Updates `prettier-plugin-packagejson` from 3.0.0 to 3.0.2 - [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases) - [Commits](matzkoh/prettier-plugin-packagejson@v3.0.0...v3.0.2) Updates `ts-jest` from 29.4.6 to 29.4.9 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.4.6...v29.4.9) Updates `tsx` from 4.21.0 to 4.22.2 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.21.0...v4.22.2) Updates `typescript` from 5.9.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: "@canton-network/wallet-sdk" dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@hardlydifficult/websocket" dependency-version: 1.0.73 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@stellar/stellar-base" dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: axios dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: glob dependency-version: 13.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: openapi-fetch dependency-version: 0.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: openapi-typescript dependency-version: 7.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: ws dependency-version: 8.20.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: zod dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 25.9.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.59.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: eslint dependency-version: 10.4.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: jest dependency-version: 30.4.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: markdownlint-cli dependency-version: 0.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: npm-package-json-lint dependency-version: 10.4.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: prettier-plugin-packagejson dependency-version: 3.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: ts-jest dependency-version: 29.4.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: tsx dependency-version: 4.22.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-25T22:13:13Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
jest@30.2.0 ⏵ 30.4.2	⁺¹		⁺¹
@typescript-eslint/parser@8.55.0 ⏵ 8.59.4	⁺¹		⁺¹
@hardlydifficult/websocket@1.0.2 ⏵ 1.0.73			⁺¹	⁺⁷
@typescript-eslint/eslint-plugin@8.55.0 ⏵ 8.59.4			⁺¹
@types/node@25.2.2 ⏵ 25.9.0	⁺¹		⁺¹	⁺¹
prettier-plugin-packagejson@3.0.0 ⏵ 3.0.2
tsx@4.21.0 ⏵ 4.22.2	⁺¹		⁺¹	⁺¹
markdownlint-cli@0.47.0 ⏵ 0.48.0
glob@13.0.1 ⏵ 13.0.6	^-5
openapi-typescript@7.12.0 ⏵ 7.13.0	⁺¹		⁺¹	^-1
axios@1.13.5 ⏵ 1.16.1	^-3	⁺⁴⁰
openapi-fetch@0.16.0 ⏵ 0.17.0	⁺¹		⁺¹
@canton-network/wallet-sdk@0.21.0 ⏵ 1.2.1			⁺²	⁺¹
eslint@9.39.2 ⏵ 10.4.0	⁺¹
typescript@5.9.3 ⏵ 6.0.3	⁺¹		⁺¹
prettier@3.8.1 ⏵ 3.8.3			⁺¹
@stellar/stellar-base@14.0.4 ⏵ 15.0.0
npm-package-json-lint@9.1.0 ⏵ 10.4.0	⁺¹			⁺¹¹
dotenv@17.2.4 ⏵ 17.4.2
ts-jest@29.4.6 ⏵ 29.4.9
zod@4.3.6 ⏵ 4.4.3			⁺¹
ws@8.19.0 ⏵ 8.20.1		⁺²

View full report

socket-security · 2026-05-25T22:13:15Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@typescript-eslint/eslint-plugin` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → `npm/@typescript-eslint/eslint-plugin@8.59.4` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.59.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the all-dependencies group across 1 directory with 22 updates#336

deps: bump the all-dependencies group across 1 directory with 22 updates#336
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dependencies-0481f2be45

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

socket-security Bot commented May 25, 2026

Uh oh!

socket-security Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026

@​canton-network/wallet-sdk@​1.2.1

1.2.1 (2026-05-13)

🩹 Fixes

🧱 Updated Dependencies

❤️ Thank You

@​canton-network/wallet-sdk@​1.2.0

1.2.0 (2026-05-13)

🩹 Fixes

🧱 Updated Dependencies

v15.0.0

v15.0.0: Protocol 26

Breaking Changes

Added

Fixed

Contributors

v14.1.0

v14.1.0

Added

Fixed

Contributors

v15.0.0: Protocol 26

Breaking Changes

Added

Fixed

v14.1.0:

Added

Fixed

v1.16.1 — May 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.16.0 — May 2, 2026

⚠️ Notable Changes

v1.16.1 — May 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.16.0 — May 2, 2026

⚠️ Notable Changes

17.4.2 (2026-04-12)

Changed

17.4.1 (2026-04-05)

Changed

17.4.0 (2026-04-01)

Added

Changed

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

openapi-fetch@0.17.0

Minor Changes

Patch Changes

0.17.0

Minor Changes

Patch Changes

openapi-typescript@7.13.0

Minor Changes

7.13.0

Minor Changes

8.20.1

Bug fixes

8.20.0

Features

v4.4.3

Commits:

v4.4.2

Commits:

v4.4.1

Commits:

v4.4.0

4.4.0

Potentially breaking bug fixes

v8.5... Description has been truncated

Uh oh!

`@canton-network/wallet-sdk@1`.2.1

`@canton-network/wallet-sdk@1`.2.0

`v15.0.0`: Protocol 26

`v15.0.0`: Protocol 26

`v14.1.0`:

v8.5...
Description has been truncated