Skip to content

Conversation

aikido-autofix[bot]
Copy link

@aikido-autofix aikido-autofix bot commented Sep 9, 2025

This PR will resolve the following CVEs:

CVE ID Severity Description
AIKIDO-2024-10466
MEDIUM
Affected versions of this package are vulnerable due to insufficient entropy in the signature algorithm. The nonce (or k) used in transaction signatures must be unique for every message. Reusing the same nonce across different messages allows attackers to exploit the weakness and recover the pri...

PR-Codex overview

This PR focuses on updating various dependencies in the package.json and pnpm-lock.yaml files, ensuring compatibility with newer versions and fixing version constraints for specific packages.

Detailed summary

  • Updated @eslint/plugin-kit version constraint in package.json.
  • Added viem@<=2.21.49 in package.json and pnpm-lock.yaml.
  • Updated terser version from 5.37.0 to 5.43.1 in pnpm-lock.yaml.
  • Updated yaml version from 2.7.0 to 2.8.1 in pnpm-lock.yaml.
  • Updated @privy-io/react-auth version from 2.13.8 to 2.24.0.
  • Updated @privy-io/js-sdk-core version from 0.50.8 to 0.54.2.
  • Updated @privy-io/public-api version from 2.32.0 to 2.44.2.
  • Updated @privy-io/ethereum version from 0.0.1 to 0.0.2.
  • Updated @privy-io/chains version from 0.0.1 to 0.0.2.
  • Updated @reown/appkit version from 1.7.8 to 1.8.4.
  • Updated @reown/appkit-utils version from 1.7.8 to 1.8.4.
  • Updated @reown/appkit-wallet version from 1.7.8 to 1.8.4.
  • Updated valtio version from 1.13.2 to 2.1.7.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@aikido-autofix aikido-autofix bot added the dependencies Pull requests that update a dependency file label Sep 9, 2025
@aikido-autofix aikido-autofix bot requested a review from cygaar as a code owner September 9, 2025 22:33
Copy link

changeset-bot bot commented Sep 9, 2025

⚠️ No Changeset found

Latest commit: 86e34bf

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@aikido-autofix aikido-autofix bot closed this Sep 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants