[Snyk] Security upgrade next from 15.2.4 to 15.2.6

[anxolin]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-NEXT-14173355	893
	Improper Input Validation SNYK-JS-NANOID-8492085	529

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Arbitrary Code Injection

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
cowfi	Building	Preview	Dec 9, 2025 8:23am
explorer-dev	Building	Preview	Dec 9, 2025 8:23am
swap-dev	Building	Preview	Dec 9, 2025 8:23am
widget-configurator	Ready	Preview	Dec 9, 2025 8:23am

2 Skipped Deployments

Project	Deployment	Preview	Updated (UTC)
cosmos	Ignored		Dec 9, 2025 8:23am
sdk-tools	Ignored	Preview	Dec 9, 2025 8:23am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-8d1af08106436a191af6ef90d43a1f95

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

1 out of 2 committers have signed the CLA.
✅ (shoom3301)[https://github.com/shoom3301]
❌ @snyk-bot
_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}

[mgrabina]

Hey, we (Aave) have an internal instance, got a notice from Vercel asking for this fix, so are waiting for this one to re-sync our fork and redeploy the UI.
Thank you Snyk for the fix and we encourage CoW team to release it as soon as possible.
🫡