Conversation
dependabot
bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Bumps [@wagmi/core](https://github.com/wevm/wagmi/tree/HEAD/packages/core) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/wevm/wagmi/releases) - [Changelog](https://github.com/wevm/wagmi/blob/main/packages/core/CHANGELOG.md) - [Commits](https://github.com/wevm/wagmi/commits/wagmi@3.3.2/packages/core) --- updated-dependencies: - dependency-name: "@wagmi/core" dependency-version: 3.3.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/wagmi/core-3.3.2
branch
from
03a5391 to
f38e620
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "typescript": { | ||
| "optional": true | ||
| } | ||
| } |
There was a problem hiding this comment.
Dual @wagmi/core versions may cause state conflicts
Low Severity
The lockfile now installs @wagmi/core 3.3.3 at the top level (used by workspace packages via ^3.3.1), while wagmi 3.4.1 pins @wagmi/core to exactly "3.3.1" in its own nested node_modules. This creates two separate module instances of @wagmi/core. Since wagmi is a stateful SDK where config objects are shared between @wagmi/core and wagmi hooks, having duplicate module instances could cause subtle issues with singleton patterns, instanceof checks, or shared state. Also note the lockfile resolves to 3.3.3, not 3.3.2 as stated in the PR title.
Additional Locations (1)
| "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.1.1.tgz", | ||
| "integrity": "sha512-Dlq/5LAZgF0Gaz6yiqZCf6VCcZs1ghAJyrsu84Q/GT0gV+mCxbfmKNoGRKBYMJ8IEdGPqu49YWXD02GCknEDkw==", | ||
| "license": "MIT", | ||
| "peer": true, |
There was a problem hiding this comment.
React downgraded below minimum required version in workspaces
Low Severity
The lockfile removes workspace-specific react 19.2.3 entries from packages/modal and packages/no-modal, causing them to fall back to the root-level react 19.1.1. Both workspace packages declare "react": "^19.2.3" in devDependencies, which requires >=19.2.3. Version 19.1.1 does not satisfy this constraint. This unintended downgrade from 19.2.3 to 19.1.1 could cause development or test failures if any code relies on React 19.2.x features.
Bumps @wagmi/core from 3.3.1 to 3.3.2.
Changelog
Sourced from
@wagmi/core's changelog.Commits
14989e4feat: tempo (#4922)f72beffchore: version packages (#4924)a5c4381fix: config.connectors type inference (#4923)16f8e7bchore: bump viem (#4912)9bbf13efix(connectors): webpack dynamic import optional peer dep (#4911)ab2a819chore: version packages (#4910)058c8c1fix(core,react): fix read contract return type inference for overloads127afa6chore: tweaksa08c71dfeat: abi parameter named tuples (#4896)683e24cdev: attest (#4902)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Lockfile-only dependency resolution changes; risk is limited to potential build/runtime differences from updated transitive deps in wagmi tooling.
Overview
Updates
package-lock.jsondependency resolution around wagmi packages, introducing a new top-level@wagmi/core@3.3.3entry and reorganizing@wagmi/vue/wagminested wagmi dependencies.Also adjusts lockfile metadata (notably many
peerflags) and adds an optionalencoding/iconv-litechain, reflecting changes in npm’s dependency graph without modifying application source.Written by Cursor Bugbot for commit f38e620. This will update automatically on new commits. Configure here.