Bump the all-dependencies group across 1 directory with 32 updates

[dependabot]

Bumps the all-dependencies group with 32 updates in the / directory:

Package	From	To
@amplitude/analytics-browser	2.23.7	2.38.1
@creit.tech/stellar-wallets-kit	1.9.5	2.1.0
@ledgerhq/hw-app-str	7.2.9	7.6.1
@ledgerhq/hw-transport-webhid	6.30.9	6.34.0
@next/third-parties	15.5.7	16.2.2
@sentry/nextjs	10.29.0	10.47.0
@stellar/stellar-sdk	14.3.3	15.0.1
@tanstack/react-query	5.87.4	5.96.1
@tanstack/react-query-devtools	5.87.4	5.96.1
@trezor/connect-web	9.6.4	9.7.2
bignumber.js	9.3.1	10.0.2
dompurify	3.2.6	3.3.3
immer	10.1.3	11.1.4
lodash	4.17.21	4.18.1
@types/lodash	4.17.20	4.17.24
lossless-json	4.2.0	4.3.0
next	15.5.14	16.2.2
uuid	11.1.0	13.0.0
zustand-querystring	0.0.19	0.7.0
@next/eslint-plugin-next	15.5.3	16.2.2
@playwright/test	1.57.0	1.59.1
@types/node	24.3.1	25.5.0
@types/papaparse	5.3.16	5.5.2
@typescript-eslint/eslint-plugin	8.43.0	8.58.0
eslint	9.35.0	10.1.0
eslint-config-next	15.4.4	16.2.2
eslint-plugin-react-hooks	5.2.0	7.0.1
jest	30.2.0	30.3.0
lint-staged	16.1.6	16.4.0
prettier	3.6.2	3.8.1
sass	1.92.1	1.98.0
typescript	5.9.2	6.0.2

Updates @amplitude/analytics-browser from 2.23.7 to 2.38.1

Release notes

Sourced from @​amplitude/analytics-browser's releases.

@​amplitude/analytics-browser@​2.38.1

2.38.1 (2026-04-01)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.38.0

2.38.0 (2026-03-26)

Features

• autocapture: add viewportContentUpdated support to remote config (#1621) (f40b150)

@​amplitude/analytics-browser@​2.38.0-SR-3115.0

2.38.0-SR-3115.0 (2026-04-01)

Features

• autocapture: add viewportContentUpdated support to remote config (#1621) (f40b150)

@​amplitude/analytics-browser@​2.37.2

2.37.2 (2026-03-24)

Note: Version bump only for package @​amplitude/analytics-browser

@​amplitude/analytics-browser@​2.37.1

2.37.1 (2026-03-23)

Note: Version bump only for package @​amplitude/analytics-browser

Commits

• 8dadabb chore(release): publish
• b0f4641 chore: allow releases from hotfix/* (#1642)
• a5d22dd build(deps): bump activesupport from 7.2.2.1 to 7.2.3.1 in /packages/plugin-s...
• 5456233 build(deps): bump node-forge from 1.3.3 to 1.4.0 in /packages/analytics-brows...
• 6bb5ea3 refactor: video analytics support mux embedded iframe (#1636)
• 38562e4 refactor: add video tracking helpers (#1635)
• e367288 chore: support backticks in issue titles (#1632)
• 2744530 chore(release): publish
• 2f2319e fix(react-native): remove buildscript block to prevent AGP conflicts with hos...
• 0b849d0 chore(release): publish
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​amplitude/analytics-browser since your current version.

Updates @creit.tech/stellar-wallets-kit from 1.9.5 to 2.1.0

Release notes

Sourced from @​creit.tech/stellar-wallets-kit's releases.

v2.1.0

2.1.0 (2026-03-30)

add

• Include PR 84 - adds signAndSubmitTransaction method
• Add new method fetchAddress

v2.0.1

2.0.1 (2026-03-11)

Changes

• Update the recently included Bitget module
• Include PRs 85 and 86

v2.0.0

2.0.0 (2026-02-11)

Changes

• Full refactor of the whole repository (with breaking changes)
• Migrate into a full Deno repository with NPM builds for compatibility
• Separate the UI, the state, and the SDK
  • The UI (modal, buttons, etc) is now using Preact with HTM instead of Lit
  • The SDK (the class StellarWalletsKit) is now a regular Deno library
  • The state part of the SDK is being used by both the UI and the SDK
• The UI now uses a series of CSS variables that can be defined by developers to personalize the complete UI (the SDK makes this process easier)
• The SDK internal state is now using the small preact/signals library instead of RxJS (aiming to reduce the kit's size)
• The SDK now exports the internal state so developers can update it directly if they need to (tho, still not recommended)
• We included 3 simple examples using vite-preact, vite-react, and create-react-app so developers can see how to use the library
• The components used in the library can now be created separately if needed (but like the internal state, not recommended)
• The openModal method was removed, and we now have authModal. This new method works as a regular Promise, and it returns the address after the user has picked their selected wallet
• A new profile page is added to the kit's modal, so in the future, we will allow having multiple accounts and wallets connected, so users can switch between accounts directly from the website instead of needing to check their wallets.
• Include a new logic for events updates from the kit, developers can `subscribe ' to updates from the kit, like changes in the selected address, network, module, or disconnections.
• The kit now separates the logic between getting the address and fetching the address. This means that if the user hasn't interacted with the AuthModal before, it will throw an error. This will prevent issues with modules that have different authorization logic (for example, Freighter)
• The kit now keeps more information in the localstorage, for example, it will remember the last Wallet Connect topic it used, so when using Wallet Connect, the user doesn't need to connect again and again.
• Freighter and Lobstr are now default wallets in the wallet connect modal, this way users will see them first instead of regular EVM wallets.
• Fully remove both submit and submitUrl parameters

... (truncated)

Changelog

Sourced from @​creit.tech/stellar-wallets-kit's changelog.

2.1.0 (2026-03-30)

add

• Include PR 84 - adds signAndSubmitTransaction method
• Add new method fetchAddress

2.0.1 (2026-03-11)

Changes

• Update the recently included Bitget module
• Include PRs 85 and 86

2.0.0 (2026-02-11)

Changes

• Full refactor of the whole repository (with breaking changes)
• Migrate into a full Deno repository with NPM builds for compatibility
• Separate the UI, the state, and the SDK
  • The UI (modal, buttons, etc) is now using Preact with HTM instead of Lit
  • The SDK (the class StellarWalletsKit) is now a regular Deno library
  • The state part of the SDK is being used by both the UI and the SDK
• The UI now uses a series of CSS variables that can be defined by developers to personalize the complete UI (the SDK makes this process easier)
• The SDK internal state is now using the small preact/signals library instead of RxJS (aiming to reduce the kit's size)
• The SDK now exports the internal state so developers can update it directly if they need to (tho, still not recommended)
• We included 3 simple examples using vite-preact, vite-react, and create-react-app so developers can see how to use the library
• The components used in the library can now be created separately if needed (but like the internal state, not recommended)
• The openModal method was removed, and we now have authModal. This new method works as a regular Promise, and it returns the address after the user has picked their selected wallet
• A new profile page is added to the kit's modal, so in the future, we will allow having multiple accounts and wallets connected, so users can switch between accounts directly from the website instead of needing to check their wallets.
• Include a new logic for events updates from the kit, developers can `subscribe ' to updates from the kit, like changes in the selected address, network, module, or disconnections.
• The kit now separates the logic between getting the address and fetching the address. This means that if the user hasn't interacted with the AuthModal before, it will throw an error. This will prevent issues with modules that have different authorization logic (for example, Freighter)
• The kit now keeps more information in the localstorage, for example, it will remember the last Wallet Connect topic it used, so when using Wallet Connect, the user doesn't need to connect again and again.
• Freighter and Lobstr are now default wallets in the wallet connect modal, this way users will see them first instead of regular EVM wallets.
• Fully remove both submit and submitUrl parameters
• And many more.

Fix

... (truncated)

Commits

• d337aa5 Update to v2.1.0
• 1be3336 Include a new method in the kit fetchAddress
• 594b9e7 Update dependencies
• ec62e81 Revert changes from the nextjs example before creating a new distribution (wi...
• d0c0348 Merge branch 'main' of github.com:Creit-Tech/Stellar-Wallets-Kit
• 8a087c7 Merge pull request #84 from mihaic195/main
• ac0d5dd Fix types from the bitget module
• 02f4bd1 Update changelog and include the README in the npm build
• fc209e3 v2.0.1
• e03d17d Update bitget module
• Additional commits viewable in compare view

Updates @ledgerhq/hw-app-str from 7.2.9 to 7.6.1

Commits

• See full diff in compare view

Updates @ledgerhq/hw-transport-webhid from 6.30.9 to 6.34.0

Commits

• e078d13 Merge release into main
• 01ad208 chore(release): 🚀 prepare release [skip ci]
• 52b14ff chore(prerelease): 🚀 release prerelease [LLD(2.144.0-next.0), LLM(3.10...
• ffb7c87 Merge pull request #15281 from LedgerHQ/fix/live-27473/rollback-commit-3f3e85...
• 67a0c1d Merge pull request #15278 from LedgerHQ/support/2026-03-11-fix-snapshot
• 015237d chore(live-common): update snapshot for bridge integration test
• 442594e Revert "Merge pull request #15250 from LedgerHQ/fix/live-27473/legacy-swap-bk...
• 9fd9e30 Merge pull request #15253 from LedgerHQ/smartling-translations-20260311095410029
• bf8e861 chore(prerelease): 🚀 release prerelease [LLD(2.144.0-next.0), LLM(3.10...
• 3f3e858 Merge pull request #15250 from LedgerHQ/fix/live-27473/legacy-swap-bk-btn
• Additional commits viewable in compare view

Updates @next/third-parties from 15.5.7 to 16.2.2

Release notes

Sourced from @​next/third-parties's releases.

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

Credits

Huge thanks to @​nextjs-bot, @​icyJoseph, @​ijjk, @​gaojude, @​wbinnssmith, @​lukesandberg, and @​bgw for helping!

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.16

Core Changes

• Add rust-fingerprint task and SCCACHE passthrough env: #92167
• Improve error message for deprecated experimental.dynamicIO config: #92081
• [turbopack] Fix CSS HMR on Safari: #92123

Misc Changes

• Update Rspack development test manifest: #92142

... (truncated)

Commits

• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• 0f59973 v16.2.0-canary.99
• 792522d v16.2.0-canary.98
• Additional commits viewable in compare view

Updates @sentry/nextjs from 10.29.0 to 10.47.0

Release notes

Sourced from @​sentry/nextjs's releases.

10.47.0

Important Changes

• feat(node-core): Add OTLP integration for node-core/light (#19729)

  Added otlpIntegration at @sentry/node-core/light/otlp for users who manage their own OpenTelemetry setup and want to send trace data to Sentry without adopting the full @sentry/node SDK.

  import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
  import * as Sentry from '@sentry/node-core/light';
  import { otlpIntegration } from '@sentry/node-core/light/otlp';
  const provider = new NodeTracerProvider();
  provider.register();
  Sentry.init({
  dsn: 'DSN',
  integrations: [
  otlpIntegration({
  // Export OTel spans to Sentry via OTLP (default: true)
  setupOtlpTracesExporter: true,
  }),
  ],
  });

  The integration links Sentry errors to OTel traces and exports spans to Sentry via OTLP.

• feat(node, bun): Add runtime metrics integrations for Node.js and Bun (#19923, #19979)

  New nodeRuntimeMetricsIntegration and bunRuntimeMetricsIntegration automatically collect runtime health metrics and send them to Sentry on a configurable interval (default: 30s). Collected metrics include memory (RSS, heap used/total), CPU utilization, event loop utilization, and process uptime. Node additionally collects event loop delay percentiles (p50, p99). Extra metrics like CPU time and external memory are available as opt-in.

  // Node.js
  import * as Sentry from '@sentry/node';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.nodeRuntimeMetricsIntegration()],
  });
  // Bun
  import * as Sentry from '@​sentry/bun';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.bunRuntimeMetricsIntegration()],
  });

... (truncated)

Changelog

Sourced from @​sentry/nextjs's changelog.

10.47.0

Important Changes

• feat(node-core): Add OTLP integration for node-core/light (#19729)

  Added otlpIntegration at @sentry/node-core/light/otlp for users who manage their own OpenTelemetry setup and want to send trace data to Sentry without adopting the full @sentry/node SDK.

  import { NodeTracerProvider } from '@opentelemetry/sdk-trace-node';
  import * as Sentry from '@sentry/node-core/light';
  import { otlpIntegration } from '@sentry/node-core/light/otlp';
  const provider = new NodeTracerProvider();
  provider.register();
  Sentry.init({
  dsn: 'DSN',
  integrations: [
  otlpIntegration({
  // Export OTel spans to Sentry via OTLP (default: true)
  setupOtlpTracesExporter: true,
  }),
  ],
  });

  The integration links Sentry errors to OTel traces and exports spans to Sentry via OTLP.

• feat(node, bun): Add runtime metrics integrations for Node.js and Bun (#19923, #19979)

  New nodeRuntimeMetricsIntegration and bunRuntimeMetricsIntegration automatically collect runtime health metrics and send them to Sentry on a configurable interval (default: 30s). Collected metrics include memory (RSS, heap used/total), CPU utilization, event loop utilization, and process uptime. Node additionally collects event loop delay percentiles (p50, p99). Extra metrics like CPU time and external memory are available as opt-in.

  // Node.js
  import * as Sentry from '@sentry/node';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.nodeRuntimeMetricsIntegration()],
  });
  // Bun
  import * as Sentry from '@​sentry/bun';
  Sentry.init({
  dsn: '...',
  integrations: [Sentry.bunRuntimeMetricsIntegration()],

... (truncated)

Commits

• a5a4e73 release: 10.47.0
• c7477bb Merge pull request #20050 from getsentry/prepare-release/10.47.0
• 3d4e38d meta(changelog): Update changelog for 10.47.0
• 2c0ce6f feat(deps): Bump OpenTelemetry dependencies (#20046)
• 8f08fcb fix(browser-tests): Pin axios to 1.13.5 to avoid compromised 1.14.1 (#20047)
• 3815492 fix(profiling): Disable profiling in worker threads (#20040)
• 61edc25 Merge pull request #19890 from getsentry/fix/react-router-debug-id-double-inj...
• 28f94f3 fix(react-router): Disable debug ID injection in Vite plugin to prevent doubl...
• 9bfc682 ref(browser-tests): Add waitForMetricRequest helper (#20002)
• 08cab24 fix(node): Deduplicate sentry-trace and baggage headers on outgoing reque...
• Additional commits viewable in compare view

Updates @stellar/stellar-sdk from 14.3.3 to 15.0.1

Release notes

Sourced from @​stellar/stellar-sdk's releases.

v15.0.1: Protocol 26

v15.0.1: Protocol 26

Breaking Changes

• XDR has been upgraded to support Protocol 26, please refer to the @stellar/stellar-base release notes for details and other breaking changes.

Fixed

• Sanitize identifiers and escape string literals in generated TypeScript bindings to prevent code injection via malicious contract spec names. sanitizeIdentifier now strips non-identifier characters, and a new escapeStringLiteral helper escapes quotes and newlines in string contexts (#1345).
• AssembledTransaction.fromXDR() and fromJSON() now validate that the deserialized transaction targets the expected contract, rejecting mismatched contract IDs and non-invokeContract operations. (#1349).
• Pin exact version on axios dependency (#1365)

Contributors

• @​quietbits, @​Ryang-21, @​Shaptic

Full Changelog: stellar/js-stellar-sdk@v14.6.1...v15.0.1

v14.6.1

v14.6.1

Fixed

• Fix assembleTransaction double-counting the resource fee when the input transaction already has Soroban data attached (e.g. when re-assembling a previously simulated transaction) (#1343).
• Removed adding resourceFee in rpc.assembleTransaction as it's now handled by TransactionBuilder.build() (#1343).

Full Changelog: stellar/js-stellar-sdk@v14.6.0...v14.6.1

v14.6.0

v14.6.0

Added

• Upgraded underlying @stellar/stellar-base library to include its new features and fixes (release notes).

Full Changelog: stellar/js-stellar-sdk@v14.5.0...v14.6.0

v14.5.0

v14.5.0

Added

• Introduced CLI functionality for generating smart contract bindings (#1287).
• Added BindingGeneration class for parsing contract specs into fully typed TypeScript libraries for calling contract methods (#1287).
• Introduced rpc.Server.fundAddress that supports funding contract and account addresses via Friendbot (#1314).
• Updated the StellarToml interface with SEP 45 fields WEB_AUTH_FOR_CONTRACTS_ENDPOINT and WEB_AUTH_CONTRACT_ID (#1326).

Fixed

• X-App-Name and X-App-Version headers are now included when using CallBuilder.stream() (#1317).
• CallBuilder now correctly uses the configured server URL for all requests, including pagination and linked resources. Previously, URLs returned by Horizon in _links would bypass reverse proxies (#1318).

Deprecated

• rpc.Server.requestAirdrop is deprecated in favor of rpc.Server.fundAddress (#1314).

... (truncated)

Changelog

Sourced from @​stellar/stellar-sdk's changelog.

v15.0.1

Fixed

• Pin axios to a specific version.

v15.0.0

Breaking Changes

• XDR has been upgraded to support Protocol 26, please refer to the @stellar/stellar-base release notes for details and other breaking changes.

Fixed

• Sanitize identifiers and escape string literals in generated TypeScript bindings to prevent code injection via malicious contract spec names. sanitizeIdentifier now strips non-identifier characters, and a new escapeStringLiteral helper escapes quotes and newlines in string contexts (#1345).
• AssembledTransaction.fromXDR() and fromJSON() now validate that the deserialized transaction targets the expected contract, rejecting mismatched contract IDs and non-invokeContract operations. (#1349).

v14.6.1

Fixed

• Fix assembleTransaction double-counting the resource fee when the input transaction already has Soroban data attached (e.g. when re-assembling a previously simulated transaction) (#1343).
• Removed adding resourceFee in assembleTransaction as it's now handled by TransactionBuilder.build() (#1343).

v14.6.0

Added

• Upgraded underlying @stellar/stellar-base library to include its new features and fixes (release notes).

v14.5.0

Added

• Introduced CLI functionality for generating smart contract bindings (#1287).
• Added BindingGeneration class for parsing contract specs into fully typed TypeScript libraries for calling contract methods (#1287).
• Introduced rpc.Server.fundAddress that supports funding contract and account addresses via Friendbot (#1314).
• Updated the StellarToml interface with SEP 45 fields WEB_AUTH_FOR_CONTRACTS_ENDPOINT and WEB_AUTH_CONTRACT_ID (#1326).

Fixed

• X-App-Name and X-App-Version headers are now included when using CallBuilder.stream() (#1317).
• CallBuilder now correctly uses the configured server URL for all requests, including pagination and linked resources. Previously, URLs returned by Horizon in _links would bypass reverse proxies (#1318).

Deprecated

• rpc.Server.requestAirdrop is deprecated in favor of rpc.Server.fundAddress (#1314).

v14.4.3

Fixed

• Upgraded underlying @stellar/stellar-base library to include its fixes (release notes).

v14.4.2

Fixed

... (truncated)

Commits

• 00e3c70 Prepare v15.0.1 for release (#1365)
• 5daf44c V15.0.0 (#1362)
• b8d5d66 Validate contract ID on transaction deserialization (#1349)
• 2f52d0e Enhance identifier and string literal sanitization in BindingGenerator (#1345)
• 2bd8874 release v14.6.1 (#1344)
• ff1d2d4 Fix double-counting resourceFee (#1343)
• e0a5698 release v14.6.0 (#1341)
• d66da20 Fix npm version OIDC (#1333)
• f57063b remove usage of NODE_AUTH_TOKEN in favor of OIDC (#1332)
• d78f613 use npm publish for trusted publishing functionality (#1331)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​stellar/stellar-sdk since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @tanstack/react-query from 5.87.4 to 5.96.1

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.96.1

Patch Changes

• fix(build): exclude config files from production DTS rollup to prevent @types/node type pollution (#10358)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.96.1
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query-next-experimental@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query-persist-client@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.96.1
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query@​5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

@​tanstack/react-query-devtools@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.0
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query-next-experimental@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query-persist-client@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.96.0
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query@​5.96.0

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.0

5.95.2

Patch Changes

• Updated dependencies [cd5a35b]:
  • @​tanstack/query-core@​5.95.2

5.95.1

Patch Changes

• Updated dependencies [1f1775c]:
  • @​tanstack/query-core@​5.95.1

5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.95.0

5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-core@​5.94.5

5.94.4

Patch Changes

• chore: fixed version (#10064)

... (truncated)

Commits

• 75052a7 ci: Version Packages (#10370)
• 73e783b ci: Version Packages (#10364)
• 14a97b7 test(react-query): replace 'import React' with 'import * as React' in 'usePre...
• fd8c068 test({react,preact}-query/useSuspenseQueries): merge redundant second 'descri...
• f168555 test({react,preact,solid}-query): move 'queryClient' and 'queryCache' to 'bef...
• afb5812 test({react,preact}-query/useSuspenseQueries): inline test helpers, remove sh...
• 9e1bb94 test(react-query/useSuspenseQueries): remove unnecessary 'act' wrapper from b...
• 55cee0a test({react,preact}-query/useSuspenseQueries): add test for not suspending bu...
• 7fc6e6a test({react,preact}-query/useSuspenseQueries): add test for not suspending bu...
• 1047cdc ci: Version Packages (#10326)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tanstack/react-query since your current version.

Updates @tanstack/react-query-devtools from 5.87.4 to 5.96.1

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.96.1

Patch Changes

• fix(build): exclude config files from production DTS rollup to prevent @types/node type pollution (#10358)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.96.1
  • @​tanstack/react-query@​5.96.1

@​tanstack/react-query-devtools@​5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.0
  • @​tanstack/react-query@​5.96.0

@​tanstack/react-query-devtools@​5.95.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.2
  • @​tanstack/react-query@​5.95.2

@​tanstack/react-query-devtools@​5.95.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.1
  • @​tanstack/react-query@​5.95.1

Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.96.1

Patch Changes

• fix(build): exclude config files from production DTS rollup to prevent @types/node type pollution (#10358)

• Updated dependencies []:

  • @​tanstack/query-devtools@​5.96.1
  • @​tanstack/react-query@​5.96.1

5.96.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.0
  • @​tanstack/react-query@​5.96.0

5.95.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.2
  • @​tanstack/react-query@​5.95.2

5.95.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.1
  • @​tanstack/react-query@​5.95.1

5.95.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.95.0
  • @​tanstack/react-query@​5.95.0

5.94.5

Patch Changes

• fix(*): resolve issue about excluded build directory (#10312)

• Updated dependencies [4b6536d]:

  • @​tanstack/query-devtools@​5.94.5

... (truncated)

Commits

• 75052a7 ci: Version Packages (#10370)
• 4a3275c fix(build): exclude config files from production DTS rollup (#10358)
• 73e783b ci: Version Packages (#10364)
• 1047cdc ci: Version Packages (#10326)
• 5806444 ci: Version Packages (#10324)
• 4d7de83 ci: Version Packages (#10317)
• 8fe71e4 ci: Version Packages (#10313)
• c613c22 ci: Version Packages (#10309)
• 67cf8b6 ref: ts cutoff (#10253)
• da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​tanstack/react-query-devtools since your current version.

Updates @trezor/connect-web from 9.6.4 to 9.7.2

Release notes

Sourced from @​trezor/connect-web's releases.

v26.3.1@mobile

Trezor Suite 26.3.1 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v26.3.1

🚀 New features

• Fiat values are now displayed during trading for clearer transaction insights.

🎨 Improvements

• Fixed an issue where the keyboard could overlap parts of the interface.

🔧 Bug fixes

• Fixed an issue where an XPUB could be shown before confirmation.
• Minor bug fixes and performance improvements for a smoother experience.

v26.2.2@mobile

Trezor Suite 26.2.2 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v26.2.2

🚀 New features

• Added the ability to connect to a custom backend (Electrum server), providing greater privacy and full control over transaction broadcasting.
• Added support for adding, managing, and transacting with Stellar network tokens directly in Trezor Suite.

🔧 Bug fixes

• Resolved minor...

  Description has been truncated

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​15.5.14 ⏵ 16.2.2		+2
	eslint-config-next@​15.4.4 ⏵ 16.2.2	+1		+3	+1
	jest@​30.2.0 ⏵ 30.3.0	+1		+1
	@​tanstack/​react-query-devtools@​5.87.4 ⏵ 5.96.1			+1	+3
	@​next/​eslint-plugin-next@​15.5.3 ⏵ 16.2.2
	@​types/​papaparse@​5.3.16 ⏵ 5.5.2	+1		+1	-3
	@​amplitude/​analytics-browser@​2.23.7 ⏵ 2.38.1	-22		+1
	@​types/​lodash@​4.17.20 ⏵ 4.17.24	+1		+1
	zustand-querystring@​0.0.19 ⏵ 0.7.0	+1		+10	+16
	@​typescript-eslint/​eslint-plugin@​8.43.0 ⏵ 8.58.0	+1		+1
	lodash@​4.17.21 ⏵ 4.18.1	+6	+2	+1	-2
	@​types/​node@​24.3.1 ⏵ 25.5.0	+1		+1
	@​next/​third-parties@​15.5.7 ⏵ 16.2.2			+1	+1
	lossless-json@​4.2.0 ⏵ 4.3.0	+1		+1
	@​creit.tech/​stellar-wallets-kit@​1.9.5 ⏵ 2.1.0	+2		-1	+7
	uuid@​13.0.0
	immer@​10.1.3 ⏵ 11.1.4	+1		+1
	@​tanstack/​react-query@​5.87.4 ⏵ 5.96.1	+1		+1	+1
	eslint@​9.35.0 ⏵ 10.1.0	+1			-1
	typescript@​5.9.2 ⏵ 6.0.2	+1		+1	+2
	prettier@​3.6.2 ⏵ 3.8.1			+1
	bignumber.js@​10.0.2
	dompurify@​3.2.6 ⏵ 3.3.3	+1	+4
	@​sentry/​nextjs@​10.29.0 ⏵ 10.47.0	-6		+1
	@​trezor/​connect-web@​9.6.4 ⏵ 9.7.2				-1
	sass@​1.92.1 ⏵ 1.98.0	+1
	@​ledgerhq/​hw-app-str@​7.2.9 ⏵ 7.6.1	-1			+1
	lint-staged@​16.1.6 ⏵ 16.4.0	+1
	eslint-plugin-react-hooks@​5.2.0 ⏵ 7.0.1	+3
	@​stellar/​stellar-sdk@​14.3.3 ⏵ 15.0.1	+5			+3
	@​playwright/​test@​1.57.0 ⏵ 1.59.1				+1
	@​ledgerhq/​hw-transport-webhid@​6.30.9 ⏵ 6.34.0				+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @ethereumjs/rlp under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/rlp@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/rlp@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @ethereumjs/tx under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/tx@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/tx@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @ethereumjs/util under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/util@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/util@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @lobstrco/signer-extension-api under GPL-3.0 License: GPL-3.0 - the applicable license policy does not allow this license (4) (npm metadata) License: GPL-3.0 - the applicable license policy does not allow this license (4) (package/package.json) From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@lobstrco/signer-extension-api@2.0.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@lobstrco/signer-extension-api@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @sentry/cli under LicenseRef-FSL-1.1-MIT License: LicenseRef-FSL-1.1-MIT - the applicable license policy does not allow this license (4) (package/LICENSE) From: pnpm-lock.yaml → npm/@sentry/cli@2.58.5 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/cli@2.58.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @sentry/node-core is 80.0% likely obfuscated Confidence: 0.80 Location: Package overview From: pnpm-lock.yaml → npm/@sentry/nextjs@10.47.0 → npm/@sentry/node-core@10.47.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/node-core@10.47.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/blockchain-link under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/blockchain-link@2.6.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/blockchain-link@2.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/connect-common under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/connect-common@0.5.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-common@0.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/connect-plugin-stellar under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.6 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-plugin-stellar@9.2.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/connect-web under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: package.json → npm/@trezor/connect-web@9.7.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect-web@9.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/connect under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/connect@9.7.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/connect@9.7.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/transport under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/transport@1.6.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/transport@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/utils under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/utils@9.5.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/utils@9.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @trezor/utxo-lib under LicenseRef-T-RSL License: LicenseRef-T-RSL - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@trezor/utxo-lib@2.5.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@trezor/utxo-lib@2.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm axe-core under MIT AND MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/eslint-config-next@16.2.2 → npm/axe-core@4.11.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axe-core@4.11.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm next under CC-BY-SA-4.0 License: CC-BY-SA-4.0 - the applicable license policy does not allow this license (4) (package/dist/compiled/glob/LICENSE) From: package.json → npm/next@16.2.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@16.2.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm rpc-websockets under LGPL-3.0-only Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/rpc-websockets@9.3.7 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rpc-websockets@9.3.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm typescript under MIT-Khronos-old License: MIT-Khronos-old - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: package.json → npm/typescript@6.0.2 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm ua-parser-js under AGPL-3.0-or-later License: AGPL-3.0-or-later - the applicable license policy does not allow this license (4) (npm metadata) License: AGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/package.json) License: AGPL-3.0-or-later - the applicable license policy does not allow this license (4) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/ua-parser-js@2.0.9 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ua-parser-js@2.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm usb under GPL-1.0-only License: GPL-1.0-only - the applicable license policy does not allow this license (4) (package/libusb/examples/ezusb.h) License: GPL-1.0-only - the applicable license policy does not allow this license (4) (package/libusb/examples/ezusb.c) License: GPL-1.0-only - the applicable license policy does not allow this license (4) (package/libusb/examples/fxload.c) From: pnpm-lock.yaml → npm/@trezor/connect-web@9.7.2 → npm/@creit.tech/stellar-wallets-kit@2.1.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/usb@2.17.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/usb@2.17.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report