[Snyk] Fix for 36 vulnerabilities by Dargon789 · Pull Request #33 · Dargon789/Rabby

Dargon789 · 2026-01-22T16:41:04Z

Snyk has created this PR to fix 36 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️

Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727
	Function Call With Incorrect Argument Type SNYK-JS-CIPHERBASE-12084814
	Use of a Cryptographic Primitive with a Risky Implementation SNYK-JS-ELLIPTIC-14908844
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905
	Prototype Pollution SNYK-JS-LODASH-15053838
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728
	Improper Input Validation SNYK-JS-NANOID-8492085
	Improper Input Validation SNYK-JS-POSTCSS-5926692
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298
	Origin Validation Error SNYK-JS-WEBPACKDEVSERVER-10300775
	Exposed Dangerous Method or Function SNYK-JS-WEBPACKDEVSERVER-10300777
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12704893
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12761655
	Information Exposure SNYK-JS-ELLIPTIC-8720086
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917
	Prototype Pollution SNYK-JS-WEB3UTILS-6229337
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916
	Buffer Overflow SNYK-JS-BIGINTBUFFER-3364597
	Denial of Service (DoS) SNYK-JS-WS-7266574
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032
	Improper Validation of Integrity Check Value SNYK-JS-SECP256K1-8237220
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531
	Improper Restriction of Operations within the Bounds of a Memory Buffer SNYK-JS-SOLANAWEB3JS-6647564
	Insufficient Visual Distinction of Homoglyphs Presented to User SNYK-JS-BASEX-10118294
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073
	Directory Traversal SNYK-JS-SIRV-12558119
	Prototype Pollution SNYK-JS-JSYAML-13961110

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Information Exposure
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

snyk-io · 2026-01-22T16:41:24Z

⚠️ Snyk checks are incomplete.

Status	Scanner	Critical	High	Medium	Low	Total (0)
⚠️	Open Source Security	0	0	0	0	See details

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

gemini-code-assist · 2026-01-22T16:41:28Z

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, aims to enhance the project's security posture by upgrading numerous Yarn dependencies. The primary goal is to remediate 36 reported vulnerabilities, spanning various severity levels, by bumping package versions in package.json. This includes significant major version upgrades for several core libraries and development tools. It's important to note that the yarn.lock file requires manual updating, and users of Yarn's zero-install feature will need to perform an additional step to synchronize their local caches.

Highlights

Security Vulnerability Fixes: This pull request addresses and fixes 36 identified security vulnerabilities across various Yarn dependencies, including critical, high, medium, and low severity issues, as detected by Snyk.
Major Dependency Version Upgrades: Several key dependencies have received major version bumps, such as 'ethers' (from v5 to v6), 'web3-eth-abi' (from v1 to v4), 'eslint' (from v8 to v9), 'gulp' (from v4 to v5), 'jest' (from v29 to v30), and '@svgr/webpack' (from v5 to v6), which may introduce breaking changes.
Manual yarn.lock Update Required: The automated process failed to update the yarn.lock file, which requires manual intervention to ensure all dependency changes are correctly reflected and resolved before merging.
Yarn Zero-Install Consideration: Users utilizing Yarn's zero-install feature are advised that the .yarn/cache directory will need to be manually updated by running yarn after pulling these changes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request addresses 36 vulnerabilities by updating several dependencies. However, the yarn.lock file was not automatically updated, which is a critical issue that needs manual resolution to ensure all dependencies are consistent and vulnerabilities are properly mitigated. Additionally, some patches introduce significant behavioral changes in how the application interacts with external services and handles cryptographic operations, which require careful review.

* Update dev scripts to use cross-env around the webpack build, so memory limits actually get raised * feat: add Gnosis Safe batch transaction support * build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Squashed commit of the following: commit edc2344 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Dec 23 08:33:10 2025 +0700 build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#22) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: update approve list action (RabbyHub#3379) * style: tuning (RabbyHub#3378) * style: tuning * fix: tailwind * style: tuning * feat: lp token manage v2 (RabbyHub#3374) * feat: lp token manage v2 * fix: bugs * fix: bugs * fix: bugs * feat: + imkey in new user import (RabbyHub#3368) * feat: + imkey in new user import * chore: make linter happy * fix: custom rpc enable (RabbyHub#3367) * chore: update approve list (RabbyHub#3384) * fix: pinnedChain array (RabbyHub#3385) * fix: ui style (RabbyHub#3369) * style: change chain icon position * style: fix gnosis chain alert * fix: asset btn * fix: low value text * feat: update i18n * fix: robust change (RabbyHub#3386) * 0.93.68 * [release] 0.93.68 * feat: no need translate defi (RabbyHub#3391) * chore: update approve list (RabbyHub#3390) * fix: shake desktop (RabbyHub#3389) * feat: support password guard on whitelist (RabbyHub#3388) * feat: support password guard on whitelist * ux: tuning * chore: adjust and fix * fix: tuning * style: tuning * style: tuning * chore: tuning * chore: code cleanup * fix: search logic * style: tuning * style: little fix * feat: implement address deletion functionality and update UI messages (RabbyHub#3382) * feat: implement address deletion functionality and update UI messages * fix: remove authentic before goToHDManager * fix: ui not update after deleted * chore: remove useless console * feat: update i18n --------- Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> * 0.93.69 * [release] 0.93.69 * chore: rm useless zip * fix: all token mode filter (RabbyHub#3397) * fix: all token mode filter * docs: comment * fix: remove is verified filter * fix: is_verified filter * fix: style * feat: search contact balance token * feat: asset list contact * fix: search holds tokens * feat: add transaction gas limit mapping and integrate into gas limit calculation (RabbyHub#3400) * feat: enhance empty state display for seed phrase addresses (RabbyHub#3401) * fix: update localization messages for unsupported address type in multiple languages (RabbyHub#3403) * chore: update approve list (RabbyHub#3404) * feat: update gnosis chain (RabbyHub#3399) * feat: update gnosis chain * feat: udpate safe-deployments * feat: update gnosis sdk * feat: update changelog & i18n (RabbyHub#3405) * feat: update changelog * feat: update i18n * chore * 0.93.70 * [release] 0.93.70 * fix: package.json to reduce vulnerabilities (#24) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 0 directory with 2 updates (#23) Updates `base-x` from 1.1.0 to 3.0.8 - [Commits](cryptocoinjs/base-x@v1.1.0...v3.0.8) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) --- updated-dependencies: - dependency-name: base-x dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 7: Client-side cross-site scripting (#25) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * feat: prediction (RabbyHub#3383) * wip * feat: implement auto-connect and personal sign logic; update UI components for better navigation and layout * feat: enhance auto personal sign logic with message validation and update RPC flow to pass message parameters * feat: add new home hover and inactive icons, update DesktopNav component * fix: approval auto flex * feat: add isFromDesktopDapp flag to ProviderRequest and update request handling * style: change layout * style: change token list style * refactor: wrap setupDappIframeSyncRoute in domReadyCall for improved loading handling * fix: adjust approval condition to handle non-desktop DApp requests * style: change profile header * chore: fix style * feat: add prediction feature support and loading state for DApp iframe * fix: ip * feat: update nav * feat: update prediction feature messages and dependencies * chore: fix some style * chore: fix style * chore: fix style * feat: delay setup of DApp iframe sync route for improved loading * feat: enhance auto personal sign condition for desktop DApp requests * fix: nav * fix: style * fix: style * Update src/background/controller/provider/autoConnect.ts Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> * fix: remove unnecessary blank line in shouldAutoPersonalSign function * fix: comment out IframeLoadingBar component in DappIframeLoading * fix: logo * fix: update rabby-api version to 0.9.53 --------- Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> * fix: tokenItem type is_core be null (RabbyHub#3407) * feat: update changelog (RabbyHub#3408) * feat: update changelog * feat: update i18n * 0.93.71 * [release] 0.93.71 * chore: update approve list (RabbyHub#3416) * feat: add kava in open ocean (RabbyHub#3414) * feat: update home pnl (RabbyHub#3413) * fix: update data splitting logic in getCustomTxParamsData to use regex for separator (RabbyHub#3409) * feat: enhance Dapp iframe with error handling and network messages (RabbyHub#3410) * feat: enhance Dapp iframe with error handling and network messages * feat: improve error component layout and add clsx for conditional styling * feat: enhance iframe loading and error handling based on permission status * fix: hash (RabbyHub#3415) * fix: hash * feat: update i18n * fix: perps history empty when switch account (RabbyHub#3417) * 0.93.72 * [release] 0.93.72 * chore: introduce claude code for code review * _raw\images * Potential fix for code scanning alert no. 6: Client-side cross-site scripting (#35) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#34) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: package.json to reduce vulnerabilities (#33) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777 - https://snyk.io/vuln/SNYK-JS-IP-12704893 - https://snyk.io/vuln/SNYK-JS-IP-12761655 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-IP-7148531 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-SIRV-12558119 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * [Snyk] Security upgrade ethers from 5.4.2 to 6.0.0 (#32) * chore(deps): bump h3 from 1.11.1 to 1.15.5 Bumps [h3](https://github.com/h3js/h3) from 1.11.1 to 1.15.5. - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 * chore(deps): bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump h3 in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [h3](https://github.com/h3js/h3). Updates `h3` from 1.11.1 to 1.15.5 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * swap 1inch --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Drew Fisher <drew@pods.media> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: hz002 <zs4733525@gmail.com> Co-authored-by: richardo2016x <104543757+richardo2016x@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: DMY <147dmy@gmail.com> Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: kim <180150277+jinming0618@users.noreply.github.com>

* fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-7266574 * fix: package.json to reduce vulnerabilities (#4) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Circleci project setup (#5) * Add .circleci/config.yml * Add .circleci/config.yml * Add .circleci/config.yml * Add .circleci/config.yml * Updated config.yml * Create SECURITY.md (#2) Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> * build(deps): bump the npm_and_yarn group across 1 directory with 14 updates (#6) Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `6.7.2` | `7.119.1` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.8` | | [semver](https://github.com/npm/node-semver) | `7.5.2` | `7.5.3` | | [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.4.32` | | [webpack](https://github.com/webpack/webpack) | `5.76.0` | `5.94.0` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.13.10` | `7.26.10` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.9` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.1` | `5.3.4` | Updates `@sentry/browser` from 6.7.2 to 7.119.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@6.7.2...7.119.1) Updates `nanoid` from 3.3.6 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.8) Updates `semver` from 7.5.2 to 7.5.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.2...v7.5.3) Updates `postcss` from 8.4.31 to 8.4.32 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.4.32) Updates `webpack` from 5.76.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.76.0...v5.94.0) Updates `@babel/runtime` from 7.13.10 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.14.9 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.9) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.1...v6.0.2) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `webpack-dev-middleware` from 5.3.1 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#7) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-IP-7148531 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#8) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.119.1 to 7.119.2 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.2/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.119.1...7.119.2) Updates `semver` from 7.5.3 to 7.5.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.3...v7.5.4) Updates `postcss` from 8.4.32 to 8.4.33 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.32...8.4.33) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#9) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-9403194 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#10) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: package.json to reduce vulnerabilities (#12) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: package.json to reduce vulnerabilities (#13) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#11) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.119.2 to 7.120.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.0/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.119.2...7.120.0) Updates `semver` from 7.5.4 to 7.6.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.6.0) Updates `postcss` from 8.4.33 to 8.4.34 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.33...8.4.34) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump the npm_and_yarn group across 1 directory with 10 updates (#14) Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.120.0` | `7.120.1` | | [semver](https://github.com/npm/node-semver) | `7.6.0` | `7.6.1` | | [postcss](https://github.com/postcss/postcss) | `8.4.34` | `8.4.35` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.7.4` | `5.2.1` | | [form-data](https://github.com/form-data/form-data) | `4.0.0` | `4.0.4` | | [parse-uri](https://github.com/kikobeats/parse-uri) | `1.0.7` | `1.0.16` | | [pbkdf2](https://github.com/crypto-browserify/pbkdf2) | `3.1.2` | `3.1.3` | | [tiny-secp256k1](https://github.com/bitcoinjs/tiny-secp256k1) | `1.1.6` | `1.1.7` | Updates `@sentry/browser` from 7.120.0 to 7.120.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.0...7.120.1) Updates `semver` from 7.6.0 to 7.6.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.1) Updates `postcss` from 8.4.34 to 8.4.35 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.34...8.4.35) Updates `webpack-dev-server` from 4.7.4 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.7.4...v5.2.1) Updates `form-data` from 4.0.0 to 4.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.4) Updates `http-proxy-middleware` from 2.0.3 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.3...v2.0.9) Updates `ip` from 1.1.5 to 2.0.0 - [Commits](indutny/node-ip@v1.1.5...v2.0.0) Updates `parse-uri` from 1.0.7 to 1.0.16 - [Release notes](https://github.com/kikobeats/parse-uri/releases) - [Changelog](https://github.com/Kikobeats/parse-uri/blob/v1.0.16/CHANGELOG.md) - [Commits](Kikobeats/parse-uri@v1.0.7...v1.0.16) Updates `pbkdf2` from 3.1.2 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.3) Updates `tiny-secp256k1` from 1.1.6 to 1.1.7 - [Commits](bitcoinjs/tiny-secp256k1@v1.1.6...v1.1.7) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.4.35 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-version: 2.0.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: parse-uri dependency-version: 1.0.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tiny-secp256k1 dependency-version: 1.1.7 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#15) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 1 directory with 5 updates (#17) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.120.1 to 7.120.2 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.2/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.1...7.120.2) Updates `semver` from 7.6.1 to 7.6.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.1...v7.6.2) Updates `postcss` from 8.4.35 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.35...8.5.6) Updates `braces` from 2.3.2 to 3.0.2 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.2) Updates `micromatch` from 3.1.10 to 4.0.4 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@3.1.10...4.0.4) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#18) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 1 directory with 6 updates (#19) Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.120.2` | `7.120.3` | | [semver](https://github.com/npm/node-semver) | `7.6.2` | `7.6.3` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `@sentry/browser` from 7.120.2 to 7.120.3 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.3/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.2...7.120.3) Updates `semver` from 7.6.2 to 7.6.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.2...v7.6.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cipher-base` from 1.0.4 to 1.0.6 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.6) Updates `micromatch` from 4.0.4 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.4...4.0.8) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: + imkey in new user import * chore: make linter happy * [release] 0.93.72 (#37) * Update dev scripts to use cross-env around the webpack build, so memory limits actually get raised * feat: add Gnosis Safe batch transaction support * build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Squashed commit of the following: commit edc2344 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Dec 23 08:33:10 2025 +0700 build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#22) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> * feat: update approve list action (RabbyHub#3379) * style: tuning (RabbyHub#3378) * style: tuning * fix: tailwind * style: tuning * feat: lp token manage v2 (RabbyHub#3374) * feat: lp token manage v2 * fix: bugs * fix: bugs * fix: bugs * feat: + imkey in new user import (RabbyHub#3368) * feat: + imkey in new user import * chore: make linter happy * fix: custom rpc enable (RabbyHub#3367) * chore: update approve list (RabbyHub#3384) * fix: pinnedChain array (RabbyHub#3385) * fix: ui style (RabbyHub#3369) * style: change chain icon position * style: fix gnosis chain alert * fix: asset btn * fix: low value text * feat: update i18n * fix: robust change (RabbyHub#3386) * 0.93.68 * [release] 0.93.68 * feat: no need translate defi (RabbyHub#3391) * chore: update approve list (RabbyHub#3390) * fix: shake desktop (RabbyHub#3389) * feat: support password guard on whitelist (RabbyHub#3388) * feat: support password guard on whitelist * ux: tuning * chore: adjust and fix * fix: tuning * style: tuning * style: tuning * chore: tuning * chore: code cleanup * fix: search logic * style: tuning * style: little fix * feat: implement address deletion functionality and update UI messages (RabbyHub#3382) * feat: implement address deletion functionality and update UI messages * fix: remove authentic before goToHDManager * fix: ui not update after deleted * chore: remove useless console * feat: update i18n --------- Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> * 0.93.69 * [release] 0.93.69 * chore: rm useless zip * fix: all token mode filter (RabbyHub#3397) * fix: all token mode filter * docs: comment * fix: remove is verified filter * fix: is_verified filter * fix: style * feat: search contact balance token * feat: asset list contact * fix: search holds tokens * feat: add transaction gas limit mapping and integrate into gas limit calculation (RabbyHub#3400) * feat: enhance empty state display for seed phrase addresses (RabbyHub#3401) * fix: update localization messages for unsupported address type in multiple languages (RabbyHub#3403) * chore: update approve list (RabbyHub#3404) * feat: update gnosis chain (RabbyHub#3399) * feat: update gnosis chain * feat: udpate safe-deployments * feat: update gnosis sdk * feat: update changelog & i18n (RabbyHub#3405) * feat: update changelog * feat: update i18n * chore * 0.93.70 * [release] 0.93.70 * fix: package.json to reduce vulnerabilities (#24) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump the npm_and_yarn group across 0 directory with 2 updates (#23) Updates `base-x` from 1.1.0 to 3.0.8 - [Commits](cryptocoinjs/base-x@v1.1.0...v3.0.8) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) --- updated-dependencies: - dependency-name: base-x dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 7: Client-side cross-site scripting (#25) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * feat: prediction (RabbyHub#3383) * wip * feat: implement auto-connect and personal sign logic; update UI components for better navigation and layout * feat: enhance auto personal sign logic with message validation and update RPC flow to pass message parameters * feat: add new home hover and inactive icons, update DesktopNav component * fix: approval auto flex * feat: add isFromDesktopDapp flag to ProviderRequest and update request handling * style: change layout * style: change token list style * refactor: wrap setupDappIframeSyncRoute in domReadyCall for improved loading handling * fix: adjust approval condition to handle non-desktop DApp requests * style: change profile header * chore: fix style * feat: add prediction feature support and loading state for DApp iframe * fix: ip * feat: update nav * feat: update prediction feature messages and dependencies * chore: fix some style * chore: fix style * chore: fix style * feat: delay setup of DApp iframe sync route for improved loading * feat: enhance auto personal sign condition for desktop DApp requests * fix: nav * fix: style * fix: style * Update src/background/controller/provider/autoConnect.ts Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> * fix: remove unnecessary blank line in shouldAutoPersonalSign function * fix: comment out IframeLoadingBar component in DappIframeLoading * fix: logo * fix: update rabby-api version to 0.9.53 --------- Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> * fix: tokenItem type is_core be null (RabbyHub#3407) * feat: update changelog (RabbyHub#3408) * feat: update changelog * feat: update i18n * 0.93.71 * [release] 0.93.71 * chore: update approve list (RabbyHub#3416) * feat: add kava in open ocean (RabbyHub#3414) * feat: update home pnl (RabbyHub#3413) * fix: update data splitting logic in getCustomTxParamsData to use regex for separator (RabbyHub#3409) * feat: enhance Dapp iframe with error handling and network messages (RabbyHub#3410) * feat: enhance Dapp iframe with error handling and network messages * feat: improve error component layout and add clsx for conditional styling * feat: enhance iframe loading and error handling based on permission status * fix: hash (RabbyHub#3415) * fix: hash * feat: update i18n * fix: perps history empty when switch account (RabbyHub#3417) * 0.93.72 * [release] 0.93.72 * chore: introduce claude code for code review * _raw\images * Potential fix for code scanning alert no. 6: Client-side cross-site scripting (#35) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#34) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: package.json to reduce vulnerabilities (#33) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777 - https://snyk.io/vuln/SNYK-JS-IP-12704893 - https://snyk.io/vuln/SNYK-JS-IP-12761655 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-IP-7148531 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-SIRV-12558119 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * [Snyk] Security upgrade ethers from 5.4.2 to 6.0.0 (#32) * chore(deps): bump h3 from 1.11.1 to 1.15.5 Bumps [h3](https://github.com/h3js/h3) from 1.11.1 to 1.15.5. - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 * chore(deps): bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump h3 in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [h3](https://github.com/h3js/h3). Updates `h3` from 1.11.1 to 1.15.5 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * swap 1inch --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Drew Fisher <drew@pods.media> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: hz002 <zs4733525@gmail.com> Co-authored-by: richardo2016x <104543757+richardo2016x@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: DMY <147dmy@gmail.com> Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: kim <180150277+jinming0618@users.noreply.github.com> * Update job name in CircleCI config (#41) 94da053 CI: Update the CircleCI workflow to run the rabby-wallet-hub job instead of the previous job name. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> Co-authored-by: Drew Fisher <drew@pods.media> Co-authored-by: hz002 <zs4733525@gmail.com> Co-authored-by: richardo2016x <104543757+richardo2016x@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: DMY <147dmy@gmail.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: kim <180150277+jinming0618@users.noreply.github.com>

* Update dev scripts to use cross-env around the webpack build, so memory limits actually get raised * feat: add Gnosis Safe batch transaction support * build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... * Squashed commit of the following: commit edc2344 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Dec 23 08:33:10 2025 +0700 build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#22) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 * feat: update approve list action (RabbyHub#3379) * style: tuning (RabbyHub#3378) * style: tuning * fix: tailwind * style: tuning * feat: lp token manage v2 (RabbyHub#3374) * feat: lp token manage v2 * fix: bugs * fix: bugs * fix: bugs * feat: + imkey in new user import (RabbyHub#3368) * feat: + imkey in new user import * chore: make linter happy * fix: custom rpc enable (RabbyHub#3367) * chore: update approve list (RabbyHub#3384) * fix: pinnedChain array (RabbyHub#3385) * fix: ui style (RabbyHub#3369) * style: change chain icon position * style: fix gnosis chain alert * fix: asset btn * fix: low value text * feat: update i18n * fix: robust change (RabbyHub#3386) * 0.93.68 * [release] 0.93.68 * feat: no need translate defi (RabbyHub#3391) * chore: update approve list (RabbyHub#3390) * fix: shake desktop (RabbyHub#3389) * feat: support password guard on whitelist (RabbyHub#3388) * feat: support password guard on whitelist * ux: tuning * chore: adjust and fix * fix: tuning * style: tuning * style: tuning * chore: tuning * chore: code cleanup * fix: search logic * style: tuning * style: little fix * feat: implement address deletion functionality and update UI messages (RabbyHub#3382) * feat: implement address deletion functionality and update UI messages * fix: remove authentic before goToHDManager * fix: ui not update after deleted * chore: remove useless console * feat: update i18n --------- * 0.93.69 * [release] 0.93.69 * chore: rm useless zip * fix: all token mode filter (RabbyHub#3397) * fix: all token mode filter * docs: comment * fix: remove is verified filter * fix: is_verified filter * fix: style * feat: search contact balance token * feat: asset list contact * fix: search holds tokens * feat: add transaction gas limit mapping and integrate into gas limit calculation (RabbyHub#3400) * feat: enhance empty state display for seed phrase addresses (RabbyHub#3401) * fix: update localization messages for unsupported address type in multiple languages (RabbyHub#3403) * chore: update approve list (RabbyHub#3404) * feat: update gnosis chain (RabbyHub#3399) * feat: update gnosis chain * feat: udpate safe-deployments * feat: update gnosis sdk * feat: update changelog & i18n (RabbyHub#3405) * feat: update changelog * feat: update i18n * chore * 0.93.70 * [release] 0.93.70 * fix: package.json to reduce vulnerabilities (#24) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 * build(deps): bump the npm_and_yarn group across 0 directory with 2 updates (#23) Updates `base-x` from 1.1.0 to 3.0.8 - [Commits](cryptocoinjs/base-x@v1.1.0...v3.0.8) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) --- updated-dependencies: - dependency-name: base-x dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn ... * Potential fix for code scanning alert no. 7: Client-side cross-site scripting (#25) * feat: prediction (RabbyHub#3383) * wip * feat: implement auto-connect and personal sign logic; update UI components for better navigation and layout * feat: enhance auto personal sign logic with message validation and update RPC flow to pass message parameters * feat: add new home hover and inactive icons, update DesktopNav component * fix: approval auto flex * feat: add isFromDesktopDapp flag to ProviderRequest and update request handling * style: change layout * style: change token list style * refactor: wrap setupDappIframeSyncRoute in domReadyCall for improved loading handling * fix: adjust approval condition to handle non-desktop DApp requests * style: change profile header * chore: fix style * feat: add prediction feature support and loading state for DApp iframe * fix: ip * feat: update nav * feat: update prediction feature messages and dependencies * chore: fix some style * chore: fix style * chore: fix style * feat: delay setup of DApp iframe sync route for improved loading * feat: enhance auto personal sign condition for desktop DApp requests * fix: nav * fix: style * fix: style * Update src/background/controller/provider/autoConnect.ts * fix: remove unnecessary blank line in shouldAutoPersonalSign function * fix: comment out IframeLoadingBar component in DappIframeLoading * fix: logo * fix: update rabby-api version to 0.9.53 --------- * fix: tokenItem type is_core be null (RabbyHub#3407) * feat: update changelog (RabbyHub#3408) * feat: update changelog * feat: update i18n * 0.93.71 * [release] 0.93.71 * chore: update approve list (RabbyHub#3416) * feat: add kava in open ocean (RabbyHub#3414) * feat: update home pnl (RabbyHub#3413) * fix: update data splitting logic in getCustomTxParamsData to use regex for separator (RabbyHub#3409) * feat: enhance Dapp iframe with error handling and network messages (RabbyHub#3410) * feat: enhance Dapp iframe with error handling and network messages * feat: improve error component layout and add clsx for conditional styling * feat: enhance iframe loading and error handling based on permission status * fix: hash (RabbyHub#3415) * fix: hash * feat: update i18n * fix: perps history empty when switch account (RabbyHub#3417) * 0.93.72 * [release] 0.93.72 * chore: introduce claude code for code review * _raw\images * Potential fix for code scanning alert no. 6: Client-side cross-site scripting (#35) * fix: package.json to reduce vulnerabilities (#34) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 * fix: package.json to reduce vulnerabilities (#33) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777 - https://snyk.io/vuln/SNYK-JS-IP-12704893 - https://snyk.io/vuln/SNYK-JS-IP-12761655 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-IP-7148531 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-SIRV-12558119 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 * [Snyk] Security upgrade ethers from 5.4.2 to 6.0.0 (#32) * chore(deps): bump h3 from 1.11.1 to 1.15.5 Bumps [h3](https://github.com/h3js/h3) from 1.11.1 to 1.15.5. - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect ... * fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 * chore(deps): bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production ... * build(deps): bump h3 in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [h3](https://github.com/h3js/h3). Updates `h3` from 1.11.1 to 1.15.5 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect dependency-group: npm_and_yarn ... * swap 1inch --------- --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Drew Fisher <drew@pods.media> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: hz002 <zs4733525@gmail.com> Co-authored-by: richardo2016x <104543757+richardo2016x@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: DMY <147dmy@gmail.com> Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: kim <180150277+jinming0618@users.noreply.github.com>

* fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-7266574 * fix: package.json to reduce vulnerabilities (#4) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857 * Circleci project setup (#5) * Add .circleci/config.yml * Add .circleci/config.yml * Add .circleci/config.yml * Add .circleci/config.yml * Updated config.yml * Create SECURITY.md (#2) * build(deps): bump the npm_and_yarn group across 1 directory with 14 updates (#6) Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `6.7.2` | `7.119.1` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.8` | | [semver](https://github.com/npm/node-semver) | `7.5.2` | `7.5.3` | | [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.4.32` | | [webpack](https://github.com/webpack/webpack) | `5.76.0` | `5.94.0` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.13.10` | `7.26.10` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.9` | `1.15.9` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.1` | `5.3.4` | Updates `@sentry/browser` from 6.7.2 to 7.119.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@6.7.2...7.119.1) Updates `nanoid` from 3.3.6 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.8) Updates `semver` from 7.5.2 to 7.5.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.2...v7.5.3) Updates `postcss` from 8.4.31 to 8.4.32 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.31...8.4.32) Updates `webpack` from 5.76.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.76.0...v5.94.0) Updates `@babel/runtime` from 7.13.10 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.14.9 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.9...v1.15.9) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.1...v6.0.2) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `webpack-dev-middleware` from 5.3.1 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn ... * fix: package.json to reduce vulnerabilities (#7) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-IP-7148531 * build(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#8) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.119.1 to 7.119.2 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.2/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.119.1...7.119.2) Updates `semver` from 7.5.3 to 7.5.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.3...v7.5.4) Updates `postcss` from 8.4.32 to 8.4.33 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.32...8.4.33) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn ... * fix: package.json to reduce vulnerabilities (#9) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-9403194 * fix: package.json to reduce vulnerabilities (#10) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 * fix: package.json to reduce vulnerabilities (#12) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 * fix: package.json to reduce vulnerabilities (#13) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 * build(deps): bump the npm_and_yarn group across 1 directory with 3 updates (#11) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.119.2 to 7.120.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.0/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.119.2...7.120.0) Updates `semver` from 7.5.4 to 7.6.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.6.0) Updates `postcss` from 8.4.33 to 8.4.34 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.33...8.4.34) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn ... * build(deps): bump the npm_and_yarn group across 1 directory with 10 updates (#14) Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.120.0` | `7.120.1` | | [semver](https://github.com/npm/node-semver) | `7.6.0` | `7.6.1` | | [postcss](https://github.com/postcss/postcss) | `8.4.34` | `8.4.35` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.7.4` | `5.2.1` | | [form-data](https://github.com/form-data/form-data) | `4.0.0` | `4.0.4` | | [parse-uri](https://github.com/kikobeats/parse-uri) | `1.0.7` | `1.0.16` | | [pbkdf2](https://github.com/crypto-browserify/pbkdf2) | `3.1.2` | `3.1.3` | | [tiny-secp256k1](https://github.com/bitcoinjs/tiny-secp256k1) | `1.1.6` | `1.1.7` | Updates `@sentry/browser` from 7.120.0 to 7.120.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.0...7.120.1) Updates `semver` from 7.6.0 to 7.6.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.1) Updates `postcss` from 8.4.34 to 8.4.35 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.34...8.4.35) Updates `webpack-dev-server` from 4.7.4 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.7.4...v5.2.1) Updates `form-data` from 4.0.0 to 4.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.4) Updates `http-proxy-middleware` from 2.0.3 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.3...v2.0.9) Updates `ip` from 1.1.5 to 2.0.0 - [Commits](indutny/node-ip@v1.1.5...v2.0.0) Updates `parse-uri` from 1.0.7 to 1.0.16 - [Release notes](https://github.com/kikobeats/parse-uri/releases) - [Changelog](https://github.com/Kikobeats/parse-uri/blob/v1.0.16/CHANGELOG.md) - [Commits](Kikobeats/parse-uri@v1.0.7...v1.0.16) Updates `pbkdf2` from 3.1.2 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.3) Updates `tiny-secp256k1` from 1.1.6 to 1.1.7 - [Commits](bitcoinjs/tiny-secp256k1@v1.1.6...v1.1.7) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.4.35 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-version: 2.0.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: parse-uri dependency-version: 1.0.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tiny-secp256k1 dependency-version: 1.1.7 dependency-type: indirect dependency-group: npm_and_yarn ... * fix: package.json to reduce vulnerabilities (#15) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 * build(deps): bump the npm_and_yarn group across 1 directory with 5 updates (#17) Bumps the npm_and_yarn group with 3 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript), [semver](https://github.com/npm/node-semver) and [postcss](https://github.com/postcss/postcss). Updates `@sentry/browser` from 7.120.1 to 7.120.2 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.2/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.1...7.120.2) Updates `semver` from 7.6.1 to 7.6.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.1...v7.6.2) Updates `postcss` from 8.4.35 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.35...8.5.6) Updates `braces` from 2.3.2 to 3.0.2 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.2) Updates `micromatch` from 3.1.10 to 4.0.4 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@3.1.10...4.0.4) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn ... * fix: package.json to reduce vulnerabilities (#18) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 * build(deps): bump the npm_and_yarn group across 1 directory with 6 updates (#19) Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.120.2` | `7.120.3` | | [semver](https://github.com/npm/node-semver) | `7.6.2` | `7.6.3` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.4` | `4.0.8` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `@sentry/browser` from 7.120.2 to 7.120.3 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.120.3/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.120.2...7.120.3) Updates `semver` from 7.6.2 to 7.6.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.2...v7.6.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cipher-base` from 1.0.4 to 1.0.6 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.6) Updates `micromatch` from 4.0.4 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.4...4.0.8) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: "@sentry/browser" dependency-version: 7.120.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.6.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn ... * feat: + imkey in new user import * chore: make linter happy * [release] 0.93.72 (#37) * Update dev scripts to use cross-env around the webpack build, so memory limits actually get raised * feat: add Gnosis Safe batch transaction support * build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... * Squashed commit of the following: commit edc2344 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue Dec 23 08:33:10 2025 +0700 build(deps): bump node-forge (#20) Bumps the npm_and_yarn group with 1 update in the / directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json to reduce vulnerabilities (#22) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 * feat: update approve list action (RabbyHub#3379) * style: tuning (RabbyHub#3378) * style: tuning * fix: tailwind * style: tuning * feat: lp token manage v2 (RabbyHub#3374) * feat: lp token manage v2 * fix: bugs * fix: bugs * fix: bugs * feat: + imkey in new user import (RabbyHub#3368) * feat: + imkey in new user import * chore: make linter happy * fix: custom rpc enable (RabbyHub#3367) * chore: update approve list (RabbyHub#3384) * fix: pinnedChain array (RabbyHub#3385) * fix: ui style (RabbyHub#3369) * style: change chain icon position * style: fix gnosis chain alert * fix: asset btn * fix: low value text * feat: update i18n * fix: robust change (RabbyHub#3386) * 0.93.68 * [release] 0.93.68 * feat: no need translate defi (RabbyHub#3391) * chore: update approve list (RabbyHub#3390) * fix: shake desktop (RabbyHub#3389) * feat: support password guard on whitelist (RabbyHub#3388) * feat: support password guard on whitelist * ux: tuning * chore: adjust and fix * fix: tuning * style: tuning * style: tuning * chore: tuning * chore: code cleanup * fix: search logic * style: tuning * style: little fix * feat: implement address deletion functionality and update UI messages (RabbyHub#3382) * feat: implement address deletion functionality and update UI messages * fix: remove authentic before goToHDManager * fix: ui not update after deleted * chore: remove useless console * feat: update i18n --------- * 0.93.69 * [release] 0.93.69 * chore: rm useless zip * fix: all token mode filter (RabbyHub#3397) * fix: all token mode filter * docs: comment * fix: remove is verified filter * fix: is_verified filter * fix: style * feat: search contact balance token * feat: asset list contact * fix: search holds tokens * feat: add transaction gas limit mapping and integrate into gas limit calculation (RabbyHub#3400) * feat: enhance empty state display for seed phrase addresses (RabbyHub#3401) * fix: update localization messages for unsupported address type in multiple languages (RabbyHub#3403) * chore: update approve list (RabbyHub#3404) * feat: update gnosis chain (RabbyHub#3399) * feat: update gnosis chain * feat: udpate safe-deployments * feat: update gnosis sdk * feat: update changelog & i18n (RabbyHub#3405) * feat: update changelog * feat: update i18n * chore * 0.93.70 * [release] 0.93.70 * fix: package.json to reduce vulnerabilities (#24) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 * build(deps): bump the npm_and_yarn group across 0 directory with 2 updates (#23) Updates `base-x` from 1.1.0 to 3.0.8 - [Commits](cryptocoinjs/base-x@v1.1.0...v3.0.8) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) --- updated-dependencies: - dependency-name: base-x dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn ... * Potential fix for code scanning alert no. 7: Client-side cross-site scripting (#25) * feat: prediction (RabbyHub#3383) * wip * feat: implement auto-connect and personal sign logic; update UI components for better navigation and layout * feat: enhance auto personal sign logic with message validation and update RPC flow to pass message parameters * feat: add new home hover and inactive icons, update DesktopNav component * fix: approval auto flex * feat: add isFromDesktopDapp flag to ProviderRequest and update request handling * style: change layout * style: change token list style * refactor: wrap setupDappIframeSyncRoute in domReadyCall for improved loading handling * fix: adjust approval condition to handle non-desktop DApp requests * style: change profile header * chore: fix style * feat: add prediction feature support and loading state for DApp iframe * fix: ip * feat: update nav * feat: update prediction feature messages and dependencies * chore: fix some style * chore: fix style * chore: fix style * feat: delay setup of DApp iframe sync route for improved loading * feat: enhance auto personal sign condition for desktop DApp requests * fix: nav * fix: style * fix: style * Update src/background/controller/provider/autoConnect.ts * fix: remove unnecessary blank line in shouldAutoPersonalSign function * fix: comment out IframeLoadingBar component in DappIframeLoading * fix: logo * fix: update rabby-api version to 0.9.53 --------- * fix: tokenItem type is_core be null (RabbyHub#3407) * feat: update changelog (RabbyHub#3408) * feat: update changelog * feat: update i18n * 0.93.71 * [release] 0.93.71 * chore: update approve list (RabbyHub#3416) * feat: add kava in open ocean (RabbyHub#3414) * feat: update home pnl (RabbyHub#3413) * fix: update data splitting logic in getCustomTxParamsData to use regex for separator (RabbyHub#3409) * feat: enhance Dapp iframe with error handling and network messages (RabbyHub#3410) * feat: enhance Dapp iframe with error handling and network messages * feat: improve error component layout and add clsx for conditional styling * feat: enhance iframe loading and error handling based on permission status * fix: hash (RabbyHub#3415) * fix: hash * feat: update i18n * fix: perps history empty when switch account (RabbyHub#3417) * 0.93.72 * [release] 0.93.72 * chore: introduce claude code for code review * _raw\images * Potential fix for code scanning alert no. 6: Client-side cross-site scripting (#35) * fix: package.json to reduce vulnerabilities (#34) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-TMP-11501554 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 * fix: package.json to reduce vulnerabilities (#33) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-CIPHERBASE-12084814 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 - https://snyk.io/vuln/SNYK-JS-QS-14724253 - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300775 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-10300777 - https://snyk.io/vuln/SNYK-JS-IP-12704893 - https://snyk.io/vuln/SNYK-JS-IP-12761655 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-IP-7148531 - https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564 - https://snyk.io/vuln/SNYK-JS-BASEX-10118294 - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073 - https://snyk.io/vuln/SNYK-JS-SIRV-12558119 - https://snyk.io/vuln/SNYK-JS-JSYAML-13961110 * [Snyk] Security upgrade ethers from 5.4.2 to 6.0.0 (#32) * chore(deps): bump h3 from 1.11.1 to 1.15.5 Bumps [h3](https://github.com/h3js/h3) from 1.11.1 to 1.15.5. - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect ... * fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 * chore(deps): bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production ... * build(deps): bump h3 in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [h3](https://github.com/h3js/h3). Updates `h3` from 1.11.1 to 1.15.5 - [Release notes](https://github.com/h3js/h3/releases) - [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md) - [Commits](h3js/h3@v1.11.1...v1.15.5) --- updated-dependencies: - dependency-name: h3 dependency-version: 1.15.5 dependency-type: indirect dependency-group: npm_and_yarn ... * swap 1inch --------- --------- * Update job name in CircleCI config (#41) 94da053 CI: Update the CircleCI workflow to run the rabby-wallet-hub job instead of the previous job name. --------- Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: snyk-io[bot] <141718529+snyk-io[bot]@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <galennnnnnn@gmail.com> Co-authored-by: Drew Fisher <drew@pods.media> Co-authored-by: hz002 <zs4733525@gmail.com> Co-authored-by: richardo2016x <104543757+richardo2016x@users.noreply.github.com> Co-authored-by: vvvvvv1vvvvvv <86296331+vvvvvv1vvvvvv@users.noreply.github.com> Co-authored-by: Hodor <lost1q84@gmail.com> Co-authored-by: DMY <147dmy@gmail.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: kim <180150277+jinming0618@users.noreply.github.com>

gemini-code-assist bot reviewed Jan 22, 2026

View reviewed changes

Dargon789 linked an issue Jan 23, 2026 that may be closed by this pull request

# Sequence diagram for strengthened URL validation in NFTAvatar image rendering #36

Open

Dargon789 force-pushed the snyk-fix-ba015855c631c44fe70703f17c5001e6 branch from 5bbc8ff to 135b99c Compare January 23, 2026 00:49

Dargon789 merged commit d35f40b into develop Jan 23, 2026
18 of 23 checks passed

Dargon789 deleted the snyk-fix-ba015855c631c44fe70703f17c5001e6 branch January 23, 2026 00:55

Dargon789 mentioned this pull request Jan 23, 2026

Main (#40) #42

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 36 vulnerabilities#33

[Snyk] Fix for 36 vulnerabilities#33
Dargon789 merged 1 commit intodevelopfrom
snyk-fix-ba015855c631c44fe70703f17c5001e6

Dargon789 commented Jan 22, 2026

Uh oh!

snyk-io bot commented Jan 22, 2026 •

edited

Loading

Uh oh!

gemini-code-assist bot commented Jan 22, 2026

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Dargon789 commented Jan 22, 2026

Snyk has created this PR to fix 36 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

snyk-io bot commented Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Snyk checks are incomplete.

Uh oh!

gemini-code-assist bot commented Jan 22, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

snyk-io bot commented Jan 22, 2026 •

edited

Loading