chore: update @hyperlane-xyz/registry to 25.0.0

[hyper-gonk]

Automated Dependency Update

This PR updates the @hyperlane-xyz/registry dependency to the latest version.

Updated version:

• @hyperlane-xyz/registry: 25.0.0

Changes include:

• Updated package.json files with latest registry version
• Updated pnpm-lock.yaml via pnpm install

---

🤖 This PR was automatically generated by the update-registry-dep workflow

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.33%. Comparing base (4815a47) to head (ce0f586).
⚠️ Report is 17 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8570   +/-   ##
=======================================
  Coverage   79.33%   79.33%           
=======================================
  Files         143      143           
  Lines        4278     4278           
  Branches      436      436           
=======================================
  Hits         3394     3394           
  Misses        855      855           
  Partials       29       29           

Flag	Coverage Δ
tron-sdk	73.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
core	87.80% <ø> (ø)
hooks	78.11% <ø> (ø)
isms	81.46% <ø> (ø)
token	88.00% <ø> (ø)
middlewares	87.76% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[devin-ai-integration]

Devin Review found 3 potential issues.

View 1 additional finding in Devin Review.

[devin-ai-integration]

🚩 Lockfile inconsistency: catalog entry removed but workspace config retained

The lockfile diff shows the catalogs section had @hyperlane-xyz/registry removed (lines deleted from the lockfile's catalog block), while pnpm-workspace.yaml still defines it. This creates a lockfile that is out of sync with the workspace configuration. A subsequent pnpm install by another developer would either fail (due to catalogMode: strict) or regenerate the lockfile differently, causing merge conflicts.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 No changeset added for published packages

REVIEW.md states "Required for published packages — Any change to typescript/ packages needs a changeset." Several modified packages are published (e.g., @hyperlane-xyz/helloworld, @hyperlane-xyz/relayer, @hyperlane-xyz/widgets, @hyperlane-xyz/tron-sdk). However, since the only change is bumping a dependency version without any API or behavioral changes to the packages themselves, a changeset may not be strictly necessary — this is a gray area. CI changeset checks will enforce this if required.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🟡 Registry version hardcoded in package.json files instead of updating the pnpm catalog, leaving a stale orphaned catalog entry

The PR replaces "catalog:" with "25.0.0" in 13 package.json files but does not update the @hyperlane-xyz/registry entry in pnpm-workspace.yaml:83, which still reads 24.3.0. This leaves a stale orphaned catalog entry and breaks the established pattern where all shared dependencies use the catalog: protocol (as documented in the workspace's own comment at pnpm-workspace.yaml:12: "Require catalog: protocol for all cataloged dependencies"). The workspace uses catalogMode: strict.

This creates two concrete risks:

1. Stale catalog entry: If any new package references @hyperlane-xyz/registry using "catalog:", it will silently resolve to 24.3.0 instead of the intended 25.0.0.
2. Maintenance burden: Future registry version bumps now require updating 13 individual package.json files instead of a single catalog entry in pnpm-workspace.yaml.

The correct fix is to update pnpm-workspace.yaml line 83 from 24.3.0 to 25.0.0 and keep using "catalog:" in all package.json files.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 1 additional finding in Devin Review.

[devin-ai-integration]

🚩 Hardcoding defeats the purpose of centralized version management

The entire catalog system (pnpm-workspace.yaml:15-17) exists to provide a single place to manage shared dependency versions. Replacing catalog: with hardcoded "24.3.0" in 13 files means future registry version bumps require editing 13 files instead of 1. This defeats the DRY principle that the catalog enforces. If there's a specific reason to decouple the registry version from the catalog (e.g., per-package version pinning), that rationale should be documented.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​hyperlane-xyz/​registry@​24.3.0 ⏵ 25.0.0	+1		+1	+1

View full report

[hyper-gonk]

Node Services Docker Image Built Successfully

Service	Tag
node-services	ce0f586-20260427-094341

Full image paths

ghcr.io/hyperlane-xyz/hyperlane-node-services:ce0f586-20260427-094341