chore(deps): bump the npm_and_yarn group across 7 directories with 5 updates by dependabot[bot] · Pull Request #1813 · Crossmint/crossmint-sdk

dependabot · 2026-04-27T11:22:23Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
tsup	`8.1.0`	`8.3.5`
next	`15.3.9`	`15.5.15`
postcss	`8.4.35`	`8.5.10`
vite	`5.4.21`	`6.4.2`
uuid	`9.0.1`	`14.0.0`

Bumps the npm_and_yarn group with 1 update in the /apps/auth/nextjs-ssr directory: next.
Bumps the npm_and_yarn group with 2 updates in the /apps/auth/remix-ssr directory: postcss and vite.
Bumps the npm_and_yarn group with 1 update in the /apps/payments/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /apps/wallets/quickstart-devkit directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/client/base directory: uuid.
Bumps the npm_and_yarn group with 1 update in the /packages/client/wallets/walletconnect directory: postcss.

Updates tsup from 8.1.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

Run experimentalDts only once - by @aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

Add es2024 target - by @sxzz (4c8cd)

   🐞 Bug Fixes

Support TS 5.6 for svelte - by @sxzz (28b9c)

Add neutral value to platform options in schema.json - by @venables in egoist/tsup#982 (a03db)

Wider restriction for target option - by @odanado in egoist/tsup#1118 (1979b)

Add terser value to minify option in schema.json - by @damienbutt in egoist/tsup#991 (34951)

Change newlineKind to lf for experimentalDts - by @aryaemami59 in egoist/tsup#1234 (4584b)

Enable rollup output.compact when minify is enabled - by @hyrious in egoist/tsup#1232 (9cc86)

Support Node16 and NodeNext module resolution in experimentalDts - by @aryaemami59 in egoist/tsup#1225 (41c98)

    View changes on GitHub

v8.3.0

8.3.0 (2024-09-17)

Bug Fixes

fix experimentalDts file cleaning and watching (#1199) (76dc18b)

Features

add support for cts and mts config files (#1178) (ec811b3)

add support for async injectStyle (#1193) (f25a9db)

v8.2.4

8.2.4 (2024-08-02)

... (truncated)

Commits

cd03e1e chore: release v8.3.5
fddd451 fix: run experimentalDts only once (#1236)
21b1193 chore: release v8.3.4
580e03d ci: fix release workflow
01b38f2 chore: release v8.3.3
4f5b71e ci: fix release workflow
e80dad6 chore: release v8.3.2
f4af79a ci: fix release workflow (#1241)
4b72d61 chore: release v8.3.1
41c98ff fix: support Node16 and NodeNext module resolution in experimentalDts (...
Additional commits viewable in compare view

Updates next from 15.3.9 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
Additional commits viewable in compare view

Updates postcss from 8.4.35 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

Added more details to Unknown word error (by @hiepxanh).

Fixed types (by @romainmenke).

Fixed docs (by @catnipan).

8.5.2

Fixed end position of rules with semicolon (by @romainmenke).

8.5.1

Fixed backwards compatibility for complex cases (by @romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@romainmenke during his work on Stylelint added Input#document in additional to Input#css.
root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"
</tr></table>

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

Added more details to Unknown word error (by @hiepxanh).

Fixed types (by @romainmenke).

Fixed docs (by @catnipan).

8.5.2

Fixed end position of rules with semicolon (by @romainmenke).

8.5.1

Fixed backwards compatibility for complex cases (by @romainmenke).

8.5 “Duke Alloces”

Added Input#document for sources like CSS-in-JS or HTML (by @romainmenke).

8.4.49

Fixed custom syntax without source.offset (by @romainmenke).

... (truncated)

Commits

33b9790 Release 8.5.10 version
536c79e Escape </style> in CSS output (#2074)
afa96b2 Update dependencies (#2073)
effe88b Typo (#2072)
3ee79a2 Thread model (#2071)
2e0683d Create incident response docs (#2070)
fe88ac2 Release 8.5.9 version
c551632 Avoid RegExp when we can use simple JS
89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
6ceb8a4 Create SECURITY.md
Additional commits viewable in compare view

Updates vite from 5.4.21 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736

fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735

test: detect ts support via process.features (#20544) (7d99229), closes #20544

6.3.5 (2025-05-05)

fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965

fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940

refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

... (truncated)

Commits

6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
0e173d8 release: v6.3.7
c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
3f337c5 release: v6.3.6
Additional commits viewable in compare view

Updates uuid from 9.0.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

expect crypto to be global everywhere (requires node@20+) (#935)

drop node@18 support (#934)

Features

drop node@18 support (#934) (dc4ddb8)

Bug Fixes

expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)

Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

make browser exports the default (#901)

Bug Fixes

make browser exports the default (#901) (bce9d72)

v12.0.0

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

update to typescript@5.2 (#887)

remove CommonJS support (#886)

drop node@16 support (#883)

Features

add node@24 to ci matrix (#879) (42b6178)

drop node@16 support (#883) (0f38cf1)

remove CommonJS support (#886) (ae786e2)

update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

crypto is now expected to be globally defined (requires node@20+) (#935)

drop node@18 support (#934)

upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

make browser exports the default (#901)

Bug Fixes

make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

update to typescript@5.2 (#887)

remove CommonJS support (#886)

drop node@16 support (#883)

Features

add node@24 to ci matrix (#879) (42b6178)

drop node@16 support (#883) (0f38cf1)

remove CommonJS support (#886) (ae786e2)

update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

improve v4() performance (#894) (5fd974c)

restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

7c1ea08 chore(main): release 14.0.0 (#926)
3d2c5b0 Merge commit from fork
f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
529ef08 chore: upgrade TypeScript and fixup types (#927)
086fd79 chore: update dependencies (#933)
dc4ddb8 feat!: drop node@18 support (#934)
0f1f9c9 chore: switch to Biome for parsing and linting (#932)
e2879e6 chore: use maintained version of npm-run-all (#930)
ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
0423d49 docs: remove obsolete v1 option notes (#915)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates next from 15.3.9 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
Additional commits viewable in compare view

Updates postcss from 8.4.35 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

Added more details to Unknown word error (by @hiepxanh).

Fixed types (by @romainmenke).

Fixed docs (by @catnipan).

8.5.2

Fixed end position of rules with semicolon (by @romainmenke).

8.5.1

Fixed backwards compatibility for complex cases (by @romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@romainmenke during his work on Stylelint added Input#document in additional to Input#css.
root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"
</tr></table>

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

Fixed ContainerWithChildren type discriminating (by @Goodwine).

8.5.5

Fixed package.json→exports compatibility with some tools (by @JounQin).

8.5.4

Fixed Parcel compatibility issue (by @git-sumitchaudhary).

8.5.3

Added more details to Unknown word error (by @hiepxanh).

Fixed types (by @romainmenke).

Fixed docs (by @catnipan).

8.5.2

Fixed end position of rules with semicolon (by @romainmenke).

8.5.1

Fixed backwards compatibility for complex cases (by @romainmenke).

8.5 “Duke Alloces”

Added Input#document for sources like CSS-in-JS or HTML (by @romainmenke).

8.4.49

Fixed custom syntax without source.offset (by @romainmenke).

... (truncated)

Commits

33b9790 Release 8.5.10 version
536c79e Escape </style> in CSS output (#2074)
afa96b2 Update dependencies (#2073)
effe88b Typo (#2072)
3ee79a2 Thread model (#2071)
2e0683d Create incident response docs (#2070)
fe88ac2 Release 8.5.9 version
c551632 Avoid RegExp when we can use simple JS
89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
6ceb8a4 Create SECURITY.md
Additional commits viewable in compare view

Updates vite from 5.4.21 to 6.4.2

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163

fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736

fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735

test: detect ts support via process.features (#20544) (7d99229), closes #20544

6.3.5 (2025-05-05)

fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965

fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940

refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

... (truncated)

Commits

6b3fad0 release: v6.4.2
ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
5487f4f release: v6.4.1
1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
f12697c release: v6.4.0
ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
0e173d8 release: v6.3.7
c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
3f337c5 release: v6.3.6
Additional commits viewable in compare view

Updates next from 15.3.9 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
Additional commits viewable in compare view

Updates next from 15.3.9 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

Commits

412eb90 v15.5.15
cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
fffef9e Fix CI for glibc linux builds
d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
Additional commits viewable in compare view

Updates uuid from 9.0.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

expect crypto to be global everywhere (requires node@20+) (#935)

drop node@18 support (

…updates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [tsup](https://github.com/egoist/tsup) | `8.1.0` | `8.3.5` | | [next](https://github.com/vercel/next.js) | `15.3.9` | `15.5.15` | | [postcss](https://github.com/postcss/postcss) | `8.4.35` | `8.5.10` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `6.4.2` | | [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` | Bumps the npm_and_yarn group with 1 update in the /apps/auth/nextjs-ssr directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /apps/auth/remix-ssr directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /apps/payments/nextjs directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /apps/wallets/quickstart-devkit directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /packages/client/base directory: [uuid](https://github.com/uuidjs/uuid). Bumps the npm_and_yarn group with 1 update in the /packages/client/wallets/walletconnect directory: [postcss](https://github.com/postcss/postcss). Updates `tsup` from 8.1.0 to 8.3.5 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v8.1.0...v8.3.5) Updates `next` from 15.3.9 to 15.5.15 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.9...v15.5.15) Updates `postcss` from 8.4.35 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.35...8.5.10) Updates `vite` from 5.4.21 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `next` from 15.3.9 to 15.5.15 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.9...v15.5.15) Updates `postcss` from 8.4.35 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.35...8.5.10) Updates `vite` from 5.4.21 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `next` from 15.3.9 to 15.5.15 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.9...v15.5.15) Updates `next` from 15.3.9 to 15.5.15 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.9...v15.5.15) Updates `uuid` from 9.0.1 to 14.0.0 - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) Updates `postcss` from 8.4.35 to 8.5.10 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.35...8.5.10) --- updated-dependencies: - dependency-name: tsup dependency-version: 8.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.10 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-04-27T11:22:31Z

⚠️ No Changeset found

Latest commit: ee5083b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

greptile-apps · 2026-04-27T11:23:50Z

Prompt To Fix All With AI

This is a comment left during a code review.
Path: apps/wallets/react/package.json
Line: 16

Comment:
**Next.js major-version downgrade**

This file previously pinned `"next": "^16.2.3"` and is being changed to `"^15.5.15"` — a regression across a major version boundary. Dependabot is grouping this under the "15.x patch" updates affecting other apps, but those apps were already on `15.x`. If `apps/wallets/react` intentionally adopted Next.js 16, reverting to `^15` could remove features or APIs the app depends on. Please confirm this downgrade is intentional before merging.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: packages/client/base/package.json
Line: 27

Comment:
**uuid v14 carries multiple breaking changes from v9**

The jump from `9.0.1` → `14.0.0` accumulates several breaking changes across intermediate majors:

- **v12**: CommonJS (`require('uuid')`) support was removed — only ESM is supported.
- **v13**: browser exports become the default export condition, which can shift how bundlers resolve the package.
- **v14**: `crypto` must now be globally available, requiring **Node 20+**; Node 18 is no longer supported.

If this package (or any package that re-exports it) is consumed in a CommonJS context or in an environment running Node 18, it will fail at runtime. Please verify the execution environments and import style before merging.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "chore(deps): bump the npm_and_yarn group..." | Re-trigger Greptile}

greptile-apps · 2026-04-27T11:23:53Z

        "@solana/web3.js": "1.98.1",
        "@stellar/stellar-sdk": "^14.6.1",
-        "next": "^16.2.3",
+        "next": "^15.5.15",


Next.js major-version downgrade

This file previously pinned "next": "^16.2.3" and is being changed to "^15.5.15" — a regression across a major version boundary. Dependabot is grouping this under the "15.x patch" updates affecting other apps, but those apps were already on 15.x. If apps/wallets/react intentionally adopted Next.js 16, reverting to ^15 could remove features or APIs the app depends on. Please confirm this downgrade is intentional before merging.

Prompt To Fix With AI

This is a comment left during a code review. Path: apps/wallets/react/package.json Line: 16 Comment: **Next.js major-version downgrade** This file previously pinned `"next": "^16.2.3"` and is being changed to `"^15.5.15"` — a regression across a major version boundary. Dependabot is grouping this under the "15.x patch" updates affecting other apps, but those apps were already on `15.x`. If `apps/wallets/react` intentionally adopted Next.js 16, reverting to `^15` could remove features or APIs the app depends on. Please confirm this downgrade is intentional before merging. How can I resolve this? If you propose a fix, please make it concise.

greptile-apps · 2026-04-27T11:23:54Z

        "@datadog/browser-logs": "6.24.1",
        "exponential-backoff": "3.1.1",
-        "uuid": "9.0.1",
+        "uuid": "14.0.0",


uuid v14 carries multiple breaking changes from v9

The jump from 9.0.1 → 14.0.0 accumulates several breaking changes across intermediate majors:

v12: CommonJS (require('uuid')) support was removed — only ESM is supported.

v13: browser exports become the default export condition, which can shift how bundlers resolve the package.

v14: crypto must now be globally available, requiring Node 20+; Node 18 is no longer supported.

If this package (or any package that re-exports it) is consumed in a CommonJS context or in an environment running Node 18, it will fail at runtime. Please verify the execution environments and import style before merging.

Prompt To Fix With AI

This is a comment left during a code review. Path: packages/client/base/package.json Line: 27 Comment: **uuid v14 carries multiple breaking changes from v9** The jump from `9.0.1` → `14.0.0` accumulates several breaking changes across intermediate majors: - **v12**: CommonJS (`require('uuid')`) support was removed — only ESM is supported. - **v13**: browser exports become the default export condition, which can shift how bundlers resolve the package. - **v14**: `crypto` must now be globally available, requiring **Node 20+**; Node 18 is no longer supported. If this package (or any package that re-exports it) is consumed in a CommonJS context or in an environment running Node 18, it will fail at runtime. Please verify the execution environments and import style before merging. How can I resolve this? If you propose a fix, please make it concise.

dependabot · 2026-04-29T09:59:48Z