Bump ws, @privy-io/react-auth, @privy-io/wagmi, @wagmi/connectors, viem and wagmi in /frontend

[dependabot]

Bumps ws to 8.20.1 and updates ancestor dependencies ws, @privy-io/react-auth, @privy-io/wagmi, @wagmi/connectors, viem and wagmi. These dependencies need to be updated together.

Updates ws from 8.18.2 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

... (truncated)

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• Additional commits viewable in compare view

Updates @privy-io/react-auth from 2.21.3 to 3.28.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​privy-io/react-auth since your current version.

Updates @privy-io/wagmi from 1.0.6 to 4.0.10

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​privy-io/wagmi since your current version.

Updates @wagmi/connectors from 5.9.3 to 8.0.15

Release notes

Sourced from @​wagmi/connectors's releases.

@​wagmi/connectors@​8.0.15

Patch Changes

• Bumped @metamask/connect-evm catalog version to 1.3.1. (#5123)

• Improved the metaMask connector to answer pre-connect probe methods from an announced EIP-6963 MetaMask provider when available, avoiding an SDK import just to check extension state. (#5128)

• Updated dependencies [df7bd38]:

  • @​wagmi/core@​3.5.0

@​wagmi/connectors@​8.0.14

Patch Changes

• Updated dependencies [f1e6d70, 4c44cd0]:
  • @​wagmi/core@​3.4.12

@​wagmi/connectors@​8.0.13

Patch Changes

• Updated dependencies [9e8418a]:
  • @​wagmi/core@​3.4.11

@​wagmi/connectors@​8.0.12

Patch Changes

• Breaking(wagmi/tempo): Bumped the accounts peer dependency range from ~0.8.1 to ~0.10. (#5112)

• wagmi/tempo: Forwarded config transports to the underlying accounts provider. (#5112)

• Updated dependencies [3829b3c]:

  • @​wagmi/core@​3.4.10

@​wagmi/connectors@​8.0.11

Patch Changes

• Widened @metamask/connect-evm peer dependency range from ~1.0.0 to ^1.0.0 so consumers automatically pick up non-breaking 1.x releases (e.g. the bundle-size improvements in @metamask/connect-evm@1.1.0+, which transitively brings @metamask/connect-multichain@0.13.0 with lazy-loaded MWP infrastructure) without needing a manual overrides / resolutions entry. (#5107)

@​wagmi/connectors@​8.0.10

Patch Changes

• Updated dependencies [f86ad01]:
  • @​wagmi/core@​3.4.9

@​wagmi/connectors@​8.0.9

Patch Changes

• Updated dependencies [28b1437]:
  • @​wagmi/core@​3.4.8

@​wagmi/connectors@​8.0.8

... (truncated)

Changelog

Sourced from @​wagmi/connectors's changelog.

8.0.15

Patch Changes

• Bumped @metamask/connect-evm catalog version to 1.3.1. (#5123)

• Improved the metaMask connector to answer pre-connect probe methods from an announced EIP-6963 MetaMask provider when available, avoiding an SDK import just to check extension state. (#5128)

• Updated dependencies [df7bd38]:

  • @​wagmi/core@​3.5.0

8.0.14

Patch Changes

• Updated dependencies [f1e6d70, 4c44cd0]:
  • @​wagmi/core@​3.4.12

8.0.13

Patch Changes

• Updated dependencies [9e8418a]:
  • @​wagmi/core@​3.4.11

8.0.12

Patch Changes

• Breaking(wagmi/tempo): Bumped the accounts peer dependency range from ~0.8.1 to ~0.10. (#5112)

• wagmi/tempo: Forwarded config transports to the underlying accounts provider. (#5112)

• Updated dependencies [3829b3c]:

  • @​wagmi/core@​3.4.10

8.0.11

Patch Changes

• Widened @metamask/connect-evm peer dependency range from ~1.0.0 to ^1.0.0 so consumers automatically pick up non-breaking 1.x releases (e.g. the bundle-size improvements in @metamask/connect-evm@1.1.0+, which transitively brings @metamask/connect-multichain@0.13.0 with lazy-loaded MWP infrastructure) without needing a manual overrides / resolutions entry. (#5107)

8.0.10

Patch Changes

• Updated dependencies [f86ad01]:
  • @​wagmi/core@​3.4.9

8.0.9

... (truncated)

Commits

• 2f77dbc chore: version packages (#5140)
• c162248 chore: drop older TypeScript support (#5139)
• df7bd38 fix(connectors): metaMask — serve probe methods from EIP-6963 provider when S...
• b029f1c feat: bump @metamask/connect-evm to 1.3.1 (#5123)
• 98f9a16 chore: version packages (#5122)
• dcd6f60 chore: version packages (#5118)
• da855c6 chore: version packages (#5113)
• 3829b3c fix(tempo): fix getClient in tempo connectors (#5112)
• 2d378a7 chore: version packages (#5108)
• bb4fdbb fix(connectors): widen @metamask/connect-evm peer-dep to ^1.0.0 (#5107)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​wagmi/connectors since your current version.

Updates viem from 2.33.3 to 2.51.2

Release notes

Sourced from viem's releases.

viem@2.51.2

Patch Changes

• #4668 672a7ef72cd7fb9b9330d5c90979729e6b96cbbc Thanks @​deodad! - viem/tempo: Fixed signVoucher to raw sign channel vouchers with access key accounts.

• #4672 c582dad966c136488b9f36c01f0f3986ff98e407 Thanks @​deodad! - Added a Tempo key authorization manager that can be used by prepareTransactionRequest to attach pending key authorizations.

viem@2.51.0

Minor Changes

• #4663 752712f1d2358715e9d63bd754f80c90a8d02e91 Thanks @​jxom! - viem/tempo: Added Actions.channel actions for reading and mutating TIP-20 channel reserve state.

• #4597 d346038e71f31cb1c82fc94bb49c4ac553a23717 Thanks @​wwared! - viem/op-stack: Added OP Stack super-root dispute game support for withdrawal prove flows.

• #4661 9713c7562eac9fd328e6cc1be7388bc1659a9c27 Thanks @​jxom! - Updated generated Tempo precompile ABIs from latest Tempo main and added logoURI to TIP-20 metadata and token creation.

• #4653 a29cf5eef5809b50bbb7931f35331203c32d7692 Thanks @​islishude! - Added support for eth_getBlockReceipts.

Patch Changes

• #4650 73b8b89c0369597bf4df781b021130f544ebe6b0 Thanks @​deodad! - Exported ExtractFormattedTransactionRequest.

• #4664 c3fda73603695bc68336f6e22f6475ba6ed0cdc7 Thanks @​jxom! - Handled eth_createAccessList responses that include an error field.

• #4660 c5cc58ebbc027029022f09eba54ed2e789b8b2b1 Thanks @​struong! - Emitted a full broadcast envelope when the fee payer co-signed during eth_fillTransaction, enabling single round-trip sponsorship, and stripped feeToken from the sender's sign payload under sponsorship per the Tempo Transaction spec.

• #4654 038a062a8c2a875a3bbd58426e6060cf5d1d7986 Thanks @​deodad! - Added raw signing support to Tempo access key accounts.

viem@2.50.4

Patch Changes

• #4647 423131df9e00e3df062274e483b98a4921674cea Thanks @​jxom! - Fixed Tempo chain declarations to emit portable inferred types for exported derived chains.

viem@2.50.3

Patch Changes

• #4642 5bafcd444f7ebae9bb06a8efbc801a7ea845154d Thanks @​jxom! - viem/tempo: Updated wallet.deposit to use amount and supported token symbols for wallet_deposit requests.

viem@2.49.3

Patch Changes

• #4621 6d80eaeea315c552a57e9683607ed36f7d219a9e Thanks @​Blessing-Circle! - Added Arc chain.

• #4622 c5dc4d63506f787e92417eff77dd0ef84e3a2c8c Thanks @​struong! - viem/tempo: Preserved feeToken on broadcast envelope when feePayerSignature is present. Previously stripped unconditionally when feePayer === true, breaking fee payer signature verification on-chain.

viem@2.49.2

Patch Changes

• 215469280e57b4ec729bd2537857a4ca363c984b Thanks @​jxom! - viem/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer.

... (truncated)

Commits

• 585d806 chore: version package (#4673)
• 741bceb ci: disable Tempo devnet tests
• 6e50f39 fix: stabilize local tests
• c582dad feat(tempo): add key authorization manager (#4672)
• 672a7ef fix(tempo): raw sign access key vouchers (#4668)
• 9deee0d chore: update ox to 0.14.25
• 7b06563 chore: version package (#4670)
• c3c2317 ci: re-enable wagmi check (#4667)
• 44a197c chore: use published ox package (#4669)
• f6ce886 chore: version package (#4655)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for viem since your current version.

Updates wagmi from 2.16.3 to 3.6.16

Release notes

Sourced from wagmi's releases.

wagmi@3.6.16

Patch Changes

• Updated dependencies [b029f1c, df7bd38, df7bd38]:
  • @​wagmi/connectors@​9.0.0
  • @​wagmi/core@​3.5.0

wagmi@3.6.15

Patch Changes

• Handled malformed cookie state in cookieToInitialState. (#5116)

• wagmi/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer and Hooks.wallet.useSend to Hooks.wallet.useTransfer. (#5121)

  Also bumps the accounts peer dependency to ~0.12.

  - await Actions.wallet.send(config, {
  -   to: '0x...',
  -   token: '0x...',
  -   value: '1.5',
  - })
  + await Actions.wallet.transfer(config, {
  +   amount: '1.5',
  +   to: '0x...',
  +   token: '0x...',
  + })

  - const send = Hooks.wallet.useSend()
  + const transfer = Hooks.wallet.useTransfer()

• Updated dependencies [f1e6d70, 4c44cd0]:

  • @​wagmi/core@​3.4.12
  • @​wagmi/connectors@​8.0.14

wagmi@3.6.14

Patch Changes

• Updated dependencies [9e8418a]:
  • @​wagmi/core@​3.4.11
  • @​wagmi/connectors@​8.0.13

wagmi@3.6.13

Patch Changes

• Fixed useReadContracts to prefer an explicit chainId parameter over inferred or connected chain ids. (8c56235)

... (truncated)

Changelog

Sourced from wagmi's changelog.

3.6.16

Patch Changes

• Updated dependencies [b029f1c, df7bd38, df7bd38]:
  • @​wagmi/connectors@​9.0.0
  • @​wagmi/core@​3.5.0

3.6.15

Patch Changes

• Handled malformed cookie state in cookieToInitialState. (#5116)

• wagmi/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer and Hooks.wallet.useSend to Hooks.wallet.useTransfer. (#5121)

  Also bumps the accounts peer dependency to ~0.12.

  - await Actions.wallet.send(config, {
  -   to: '0x...',
  -   token: '0x...',
  -   value: '1.5',
  - })
  + await Actions.wallet.transfer(config, {
  +   amount: '1.5',
  +   to: '0x...',
  +   token: '0x...',
  + })

  - const send = Hooks.wallet.useSend()
  + const transfer = Hooks.wallet.useTransfer()

• Updated dependencies [f1e6d70, 4c44cd0]:

  • @​wagmi/core@​3.4.12
  • @​wagmi/connectors@​8.0.14

3.6.14

Patch Changes

• Updated dependencies [9e8418a]:
  • @​wagmi/core@​3.4.11
  • @​wagmi/connectors@​8.0.13

3.6.13

... (truncated)

Commits

• 2f77dbc chore: version packages (#5140)
• c162248 chore: drop older TypeScript support (#5139)
• f44f781 dev: bump viem version
• 98f9a16 chore: version packages (#5122)
• 4c44cd0 refactor(tempo): rename wallet.send to wallet.transfer (#5121)
• dcd6f60 chore: version packages (#5118)
• 4351978 chore: version packages (#5114)
• 8c56235 close: #5106
• da855c6 chore: version packages (#5113)
• f5f498a test: remove blockTimestamp from snapshots
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for wagmi since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

❌ Deploy Preview for humanos-eth failed. Why did it fail? →

Name	Link
🔨 Latest commit	57a107c
🔍 Latest deploy log	https://app.netlify.com/projects/humanos-eth/deploys/6a18c8aba5b7d10008054748