2.3.7 (#168) #169
2.3.7 (#168) #169
Conversation
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| protected path = '/rpc/Relayer/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Admin/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Collections/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Metadata/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Marketplace/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/UserData/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/IndexerGateway/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Indexer/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/IdentityInstrument/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
| protected path = '/rpc/Builder/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data
Summary of ChangesHello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request delivers a comprehensive update across the project, marked by a major version bump and a strategic shift towards a Wagmi-aligned ecosystem, as evidenced by the README overhaul and new example applications. It introduces critical dependency upgrades, significantly enhances wallet and session management capabilities, and strengthens security features, particularly around multi-factor authentication and passkeys. Furthermore, the update expands support for various blockchain networks and includes substantial internal refactoring and tooling improvements to boost developer efficiency and code quality. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a wide range of changes, including dependency updates, configuration changes for changesets, CircleCI, and VSCode, a complete overhaul of the README.md, and the addition of two new Next.js applications under the extras directory. While many changes are positive improvements, there are several critical and high-severity issues that need attention. The root README.md has been replaced with content from another project, which is highly misleading. The changesets configuration might prevent public publishing of packages. The new CircleCI configuration seems incomplete. The SECURITY.md file contains a placeholder email. Finally, the new Next.js example apps contain incorrect file paths in their introductory text.
Dargon789
force-pushed
the
Dargon789-patch-1
branch
from
81a0ae8 to
70208b1
Compare
Replacing GuardRole enum with string union type, as well as replacing guardAddresses Map with Record<GuardRole, Address>
Fallback to chain for non-logged in recovery
Add Katana, Sandbox Tesnet, Incentiv Testnet v2 (Add Katana, Sandbox Tesnet, Incentiv Testnet v2 0xsequence/sequence.js#873)
Update a few remaining dev1 contract addresses to rc3 (Update a few remaining dev1 contract addresses to rc3 0xsequence/sequence.js#874)
Remove unnecessary console.error where we already throw error
Improve DappClient hasPermission method
Wallet db try checksum and lowercase
Update dapp client json utils to include Map reviver and replacer
Bump next in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.4.2 to 15.4.7updated-dependencies:
Update type name, update exports for dapp client
Expired explicit sessions can't sign
Improve session validity test
session isValid returns invalid reason
InvalidReason is typed
Support multiple identity signers in sessions configuration
Device signers can approve implicit sessions
Remove invalid test
Fix recursion
Fix comment
Improve test stability by reducing race conditions
Do not set passkey signer as identity signer
Use length checks
Throw on missing identity signer
Encoding requires identity signer to encode
Fix test
Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)
refactor types, namings, ts doc
fix session response payload
change parameter name
change parameter name
change type in tests
improve types and dapp client methods
fix session test to use new types
refactor
refactor implicit sessions array in chain session manager
remove unused types
remove unused types and add ConnectionError
update pnpm lock
move reusable session types to wallet-core
Update some imports and update some response type names
Fix check for explicit session for the updated type in dapp-client
Update api.gen.ts and relayer.gen.ts
Add missing chainId for dapp client event
Fix initializing new chain session manager on redirect
Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)
Update issue templates
Provider sent to prepareBlankEnvelope
Update fortify.yml
Add session signature decoding
Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)
const for node length
Clearer blacklist size encoding
identity signer node length
Potential fix for code scanning alert no. 84: Insecure randomness
add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)
add getFeeTokens to dapp client
fix typo
make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)
make getFeeTokens independent of chain session manager and initialized state
remove getFeeTokens from chain session manager
Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)
Throw when supported session signer is expired
Fix tests
Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)
Add Monad, remove LAOS and Root Network
Bump the npm_and_yarn group across 3 directories with 1 update
Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: happy-dom.
Updates
happy-domfrom 17.6.3 to 20.0.0Updates
happy-domfrom 17.6.3 to 20.0.0Updates
happy-domfrom 17.6.3 to 20.0.0updated-dependencies:
Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Updates
happy-domfrom 20.0.0 to 20.0.2updated-dependencies:
Create SECURITY.md for security policy (Create SECURITY.md for security policy #70)
Create SECURITY.md for security policy
Add a security policy document outlining supported versions and vulnerability reporting.
Update SECURITY.md
Update SECURITY.md
Update SECURITY.md
Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)
Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages 0xsequence/sequence.js#891)
refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)
Add Arc Testnet
Fix changelog config
Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)
dapp-client: add sessionless snapshot restore flow
0xsequence/master (0xsequence/master #79)
Create fortify.yml
Update issue templates
Update CNAME
fix: upgrade @tanstack/react-query from 5.45.1 to 5.64.2
Snyk has created this PR to upgrade @tanstack/react-query from 5.45.1 to 5.64.2.
See this package in npm:
@tanstack/react-query
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Create config.yml (Create config.yml #46)
Update fortify.yml
Update .github/ISSUE_TEMPLATE/bug_report.md
Update .github/ISSUE_TEMPLATE/feature_request.md
Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: happy-dom.
Updates
happy-domfrom 17.6.3 to 20.0.2Updates
happy-domfrom 17.6.3 to 20.0.2Updates
happy-domfrom 17.6.3 to 20.0.2updated-dependencies:
Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)
Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)
Pass request to PromptCodeHandler in guard registerUI
Fixing guard registerUI test
guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)
guard: allow using recovery code as 2FA token
Cleanup types of ResponseFn
Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)
Add a way to reset 2fa when using a backup code
use the GuardToken type instead of breaking out the props
Update tests.yml (Update tests.yml #82)
Update SECURITY.md
Update packages/wallet/dapp-client/src/DappTransport.ts
Update package.json
Update SECURITY.md
Update wagmi-project/package.json
Update wagmi-project/package.json
Update wagmi-project/src/App.tsx
Create FUNDING.json (Create FUNDING.json #90)
Enhancements:
Include FUNDING.json to display GitHub sponsorship options in the repository
Add initial CircleCI configuration to enable automated builds using a custom Docker executor and a defined workflow.
Build:
Add .circleci/config.yml with version 2.1 specification and custom Docker executor. CI:
Define web3-defi-game-project job with checkout step. Set up my-custom-workflow to run the job.
Summary by Sourcery
Overhaul App.tsx to build a comprehensive Sequence Wallet demo application, replacing wagmi with Sequence SDK integration, adding environment/configuration management, rich wallet operations, and a structured UI with console output for interactive testing
New Features:
Replace wagmi-based hooks with @0xsequence wallet initialization and integration Add environment selection and dynamic wallet URLs via query parameters Implement connect, disconnect, open/close wallet and customizable connection settings Provide extensive demo actions including chain/network switching, account/balance queries, message signing, typed data signing, and transaction sending Introduce a console component and logging for viewing function outputs Add email-based auto-login via modal with validation Enhancements:
Refactor UI to use design-system components and group actions thematically Initialize logger and configure default chain/network Memoize and listen to wallet events such as chain changes
Add rc4 contracts
Set rc4 as default and add it to lists
Session enhanced replay protection
New sessions replay protection hashes payload
Use the 4337 factory wrapper
Update keymachine url in dapp-client constants
Update keymachine url in Provider constructor
SSR safety (SSR safety 0xsequence/sequence.js#915)
SSR safety test
Fix CI job
Guard dapp-client for SSR (lazy transport, browser checks, gated storage)
Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)
Use proper guard topology
Test and fixes
login and setup tests
Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)
Add prod guard and identity instrument info
Remove completed TODOs
Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)
Fix type exports to built declarations
Update repository links to current package paths
Improve Next app tooling and React typings
Expose primitives CLI bin and use base lint config
Update relayer.gen.ts and TransactionPrecondition interface
Update api.gen.ts
Update metadata.gen.ts
Update marketplace.gen.ts
Update guard.gen.ts
Support multiple identity signers in sessions configuration
Device signers can approve implicit sessions
Remove invalid test
Fix recursion
Fix comment
Improve test stability by reducing race conditions
Do not set passkey signer as identity signer
Use length checks
Throw on missing identity signer
Encoding requires identity signer to encode
Fix test
Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)
refactor types, namings, ts doc
fix session response payload
change parameter name
change parameter name
change type in tests
improve types and dapp client methods
fix session test to use new types
refactor
refactor implicit sessions array in chain session manager
remove unused types
remove unused types and add ConnectionError
update pnpm lock
move reusable session types to wallet-core
Update some imports and update some response type names
Fix check for explicit session for the updated type in dapp-client
Update api.gen.ts and relayer.gen.ts
Add missing chainId for dapp client event
Fix initializing new chain session manager on redirect
Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)
Provider sent to prepareBlankEnvelope
Add session signature decoding
const for node length
Clearer blacklist size encoding
identity signer node length
Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)
add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)
add getFeeTokens to dapp client
fix typo
make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)
make getFeeTokens independent of chain session manager and initialized state
remove getFeeTokens from chain session manager
Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)
Throw when supported session signer is expired
Fix tests
Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)
Add Monad, remove LAOS and Root Network
Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)
Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages 0xsequence/sequence.js#891)
refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)
Add Arc Testnet
Fix changelog config
Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)
dapp-client: add sessionless snapshot restore flow
Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)
Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)
Pass request to PromptCodeHandler in guard registerUI
Fixing guard registerUI test
guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)
guard: allow using recovery code as 2FA token
Cleanup types of ResponseFn
Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)
Add a way to reset 2fa when using a backup code
use the GuardToken type instead of breaking out the props
Add rc4 contracts
Set rc4 as default and add it to lists
Session enhanced replay protection
New sessions replay protection hashes payload
Use the 4337 factory wrapper
Update keymachine url in dapp-client constants
Update keymachine url in Provider constructor
SSR safety (SSR safety 0xsequence/sequence.js#915)
Guard dapp-client for SSR (lazy transport, browser checks, gated storage)
Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)
Use proper guard topology
Test and fixes
login and setup tests
Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)
Add prod guard and identity instrument info
Remove completed TODOs
Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)
Fix type exports to built declarations
Update repository links to current package paths
Improve Next app tooling and React typings
Expose primitives CLI bin and use base lint config
Update relayer.gen.ts and TransactionPrecondition interface
Update relayer.gen.ts and TransactionPrecondition interface (Update relayer.gen.ts and TransactionPrecondition interface 0xsequence/sequence.js#920)
3.0.0-beta.1
identity-instrument: generate nonce from current time (identity-instrument: generate nonce from current time 0xsequence/sequence.js#921)
Remove publish-dists.yml github action (Remove publish-dists.yml github action 0xsequence/sequence.js#923)
3.0.0-beta.2
Clean up changeset config
Improve test stability by removing race conditions
Ensure build before test
Updating happy-dom to 20.0.10 (Updating happy-dom to 20.0.10 0xsequence/sequence.js#926)
Add support for custom auth providers (authcode & authcode-pkce only) (Add support for custom auth providers (authcode & authcode-pkce only) 0xsequence/sequence.js#894)
Add support for custom auth providers (authcode & authcode-pkce only)
fix authcode tests
Updating Deps November 2025 (Updating Deps November 2025 0xsequence/sequence.js#927)
Updating deps for the workspace root
Updating deps for wallet/wdk
Fixing sessions test for latest vitest
Lets not upgrade to the latest typescript quite yet
Updating to latest vitest
Updating deps for wallet/core
Updating deps for wallet/primitives-cli
Updating deps for wallet/dapp-client
Adding syncpack to check for dep version inconsistencies
Setup syncpack versionGroups for pnpm workspace:^
Fixing dep versions mismatches
Fixing @types/node mismatches
Adding syncpack to pre commit hook
Remove the syncpack format script.
Update ox to v9.17.0 (Update ox to v9.17.0 0xsequence/sequence.js#928)
Upgrading ox to 9.17.0
WrappedSignature renamed to SignatureErc6492
Fixing PasskeySignatureValidator interface
Lock ox lib dep to use the same version with pnpm overrides and update viem to latest
Fix explicitSessionRequested check in dapp client
Typescript 5.9.3 (Typescript 5.9.3 0xsequence/sequence.js#930)
Upgrading to typescript v5.9.3
Fix type errors that arose from typescript upgrade related to Bytes and Buffer source typings.
Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP (Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP 0xsequence/sequence.js#931)
Update pnpm
Mark @0xsequence/wallet-primitives-cli as private
3.0.0-beta.3
changeset cleanup
Fix rc4 4337 factory (Fix RC4 4337 factory 0xsequence/sequence.js#933)
Add rc5 and set it as default (Add RC5 and set it as default 0xsequence/sequence.js#934)
3.0.0-beta.4
Update SECURITY.md
Update wagmi-project/package.json
Update wagmi-project/package.json
Bump next from 15.5.5 to 15.5.7 (Bump next from 15.5.5 to 15.5.7 0xsequence/sequence.js#936)
Bumps next from 15.5.5 to 15.5.7.
updated-dependencies:
add userdata service client (add userdata service client 0xsequence/sequence.js#940)
Skip LocalDevice identity signers not on current device (Skip LocalDevice identity signers not on current device 0xsequence/sequence.js#942)
Skip LocalDevice identity signers not on current device
Update log
3.0.0-beta.5
Update config.yml (Update config.yml #102)
Update config.yml
Update .circleci/config.yml
Update config.yml (Update config.yml #103)
Update config.yml
Update .circleci/config.yml
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
This reverts commit fd0fdf9, reversing changes made to cba7894.
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.5.7 to 15.5.9updated-dependencies:
Delete .github/workflows/fortify.yml (Delete .github/workflows/fortify.yml #111)
fix: extras/web/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.5.7 to 15.5.9 #107)
The following vulnerabilities are fixed with an upgrade:
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.5.5 to 15.5.9Updates
happy-domfrom 17.6.3 to 20.0.11Updates
vitefrom 7.1.10 to 7.2.7updated-dependencies:
Bumps next from 15.5.7 to 15.5.9.
updated-dependencies:
Pin foundry to v1.5.0 instead of nightly (Pin foundry to v1.5.0 instead of nightly 0xsequence/sequence.js#947)
Include repo and extras in syncpack config to ensure deps are synced (Include repo and extras in syncpack config to ensure deps are synced 0xsequence/sequence.js#945)
Include repo and extras in syncpack config to ensure deps are synced across all
Updating support deps
Updating deps
Updating pnpm lock
Fixing type errors within wdk tests
Short circuit 404s (Short circuit 404s 0xsequence/sequence.js#949)
skip witness on signers that don't support it
add passkey to test
3.0.0-beta.6
Update tests.yml (Update tests.yml #119)
Update config.yml (Update config.yml #120)
Update packages/services/identity-instrument/src/index.ts
feat: upgrade @wagmi/cli from 0.1.15 to 2.8.0 ([Snyk] Upgrade @wagmi/cli from 0.1.15 to 2.8.0 #126)
Snyk has created this PR to upgrade @wagmi/cli from 0.1.15 to 2.8.0.
See this package in npm:
@wagmi/cli
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Potential fix for code scanning alert no. 82: Workflow does not contain permissions
Potential fix for code scanning alert no. 62: Information exposure through a stack trace
[Snyk] Upgrade @tanstack/react-query from 5.64.2 to 5.90.11 ([Snyk] Upgrade @tanstack/react-query from 5.64.2 to 5.90.11 #125)
fix: upgrade @tanstack/react-query from 5.64.2 to 5.90.11
Snyk has created this PR to upgrade @tanstack/react-query from 5.64.2 to 5.90.11.
See this package in npm:
@tanstack/react-query
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade vite from 5.4.21 to 7.2.4.
See this package in npm:
vite
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade wagmi from 0.12.19 to 3.0.2.
See this package in npm:
wagmi
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade react-dom from 18.3.1 to 19.2.0.
See this package in npm:
react-dom
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
The following vulnerabilities are fixed with an upgrade:
[Snyk] Upgrade @types/react from 18.3.27 to 19.2.7 ([Snyk] Upgrade @types/react from 18.3.27 to 19.2.7 #127)
feat: upgrade @types/react from 18.3.27 to 19.2.7
Snyk has created this PR to upgrade @types/react from 18.3.27 to 19.2.7.
See this package in npm:
@types/react
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Master ceb95d4 (Master ceb95d4 #129)
Update issue templates (Update issue templates #128)
Bump the npm_and_yarn group across 1 directory with 1 update
Bumps the npm_and_yarn group with 1 update in the / directory: express.
Updates
expressfrom 4.18.2 to 4.19.2updated-dependencies:
Create SECURITY.md
Set up CI with Azure Pipelines
[skip ci]
Create CNAME
Create fortify.yml
Update issue templates
Update CNAME
fix: upgrade @tanstack/react-query from 5.45.1 to 5.64.2
Snyk has created this PR to upgrade @tanstack/react-query from 5.45.1 to 5.64.2.
See this package in npm:
@tanstack/react-query
See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
Create config.yml (Create config.yml #46)
Support multiple identity signers in sessions configuration
Device signers can approve implicit sessions
Remove invalid test
Fix recursion
Fix comment
Improve test stability by reducing race conditions
Do not set passkey signer as identity signer
Use length checks
Throw on missing identity signer
Encoding requires identity signer to encode
Fix test
Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)
refactor types, namings, ts doc
fix session response payload
change parameter name
change parameter name
change type in tests
improve types and dapp client methods
fix session test to use new types
refactor
refactor implicit sessions array in chain session manager
remove unused types
remove unused types and add ConnectionError
update pnpm lock
move reusable session types to wallet-core
Update some imports and update some response type names
Fix check for explicit session for the updated type in dapp-client
Update api.gen.ts and relayer.gen.ts
Add missing chainId for dapp client event
Fix initializing new chain session manager on redirect
Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)
Provider sent to prepareBlankEnvelope
Update fortify.yml
Add session signature decoding
Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)
const for node length
Clearer blacklist size encoding
identity signer node length
add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)
add getFeeTokens to dapp client
fix typo
make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)
make getFeeTokens independent of chain session manager and initialized state
remove getFeeTokens from chain session manager
Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)
Throw when supported session signer is expired
Fix tests
Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)
Add Monad, remove LAOS and Root Network
Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)
Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages 0xsequence/sequence.js#891)
refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)
Add Arc Testnet
Fix changelog config
Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)
dapp-client: add sessionless snapshot restore flow
Bump the npm_and_yarn group across 3 directories with 1 update
Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: happy-dom.
Updates
happy-domfrom 17.6.3 to 20.0.2Updates
happy-domfrom 17.6.3 to 20.0.2Updates
happy-domfrom 17.6.3 to 20.0.2updated-dependencies:
Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)
Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)
Pass request to PromptCodeHandler in guard registerUI
Fixing guard registerUI test
guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)
guard: allow using recovery code as 2FA token
Cleanup types of ResponseFn
Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)
Add a way to reset 2fa when using a backup code
use the GuardToken type instead of breaking out the props
Update package.json
Update SECURITY.md
Update wagmi-project/package.json
Update wagmi-project/package.json
Update wagmi-project/src/App.tsx
Create FUNDING.json (Create FUNDING.json #90)
Enhancements:
Include FUNDING.json to display GitHub sponsorship options in the repository
Add initial CircleCI configuration to enable automated builds using a custom Docker executor and a defined workflow.
Build:
Add .circleci/config.yml with version 2.1 specification and custom Docker executor. CI:
Define web3-defi-game-project job with checkout step. Set up my-custom-workflow to run the job.
Add rc4 contracts
Set rc4 as default and add it to lists
Session enhanced replay protection
New sessions replay protection hashes payload
Use the 4337 factory wrapper
Update keymachine url in dapp-client constants
Update keymachine url in Provider constructor
SSR safety (SSR safety 0xsequence/sequence.js#915)
SSR safety test
Fix CI job
Guard dapp-client for SSR (lazy transport, browser checks, gated storage)
Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)
Use proper guard topology
Test and fixes
login and setup tests
Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)
Add prod guard and identity instrument info
Remove completed TODOs
Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)
Fix type exports to built declarations
Update repository links to current package paths
Improve Next app tooling and React typings
Expose primitives CLI bin and use base lint config
Update relayer.gen.ts and TransactionPrecondition interface
Update api.gen.ts
Update metadata.gen.ts
Update marketplace.gen.ts
Update guard.gen.ts
Support multiple identity signers in sessions configuration
Device signers can approve implicit sessions
Remove invalid test
Fix recursion
Fix comment
Improve test stability by reducing race conditions
Do not set passkey signer as identity signer
Use length checks
Throw on missing identity signer
Encoding requires identity signer to encode
Fix test
Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)
refactor types, namings, ts doc
fix session response payload
change parameter name
change parameter name
change type in tests
improve types and dapp client methods
fix session test to use new types
refactor
refactor implicit sessions array in chain session manager
remove unused types
remove unused types and add ConnectionError
update pnpm lock
move reusable session types to wallet-core
Update some imports and update some response type names
Fix check for explicit session for the updated type in dapp-client
Update api.gen.ts and relayer.gen.ts
Add missing chainId for dapp client event
Fix initializing new chain session manager on redirect
Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)
Provider sent to prepareBlankEnvelope
Add session signature decoding
const for node length
Clearer blacklist size encoding
identity signer node length
Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)
add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)
add getFeeTokens to dapp client
fix typo
make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)
make getFeeTokens independent of chain session manager and initialized state
remove getFeeTokens from chain session manager
Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)
Throw when supported session signer is expired
Fix tests
Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)
Add Monad, remove LAOS and Root Network
Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)
Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages 0xsequence/sequence.js#891)
refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)
Add Arc Testnet
Fix changelog config
Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)
dapp-client: add sessionless snapshot restore flow
Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)
Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)
Pass request to PromptCodeHandler in guard registerUI
Fixing guard registerUI test
guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)
guard: allow using recovery code as 2FA token
Cleanup types of ResponseFn
Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)
Add a way to reset 2fa when using a backup code
use the GuardToken type instead of breaking out the props
Add rc4 contracts
Set rc4 as default and add it to lists
Session enhanced replay protection
New sessions replay protection hashes payload
Use the 4337 factory wrapper
Update keymachine url in dapp-client constants
Update keymachine url in Provider constructor
SSR safety (SSR safety 0xsequence/sequence.js#915)
Guard dapp-client for SSR (lazy transport, browser checks, gated storage)
Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)
Use proper guard topology
Test and fixes
login and setup tests
Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)
Add prod guard and identity instrument info
Remove completed TODOs
Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)
Fix type exports to built declarations
Update repository links to current package paths
Improve Next app tooling and React typings
Expose primitives CLI bin and use base lint config
Update relayer.gen.ts and TransactionPrecondition interface
Update relayer.gen.ts and TransactionPrecondition interface (Update relayer.gen.ts and TransactionPrecondition interface 0xsequence/sequence.js#920)
3.0.0-beta.1
identity-instrument: generate nonce from current time (identity-instrument: generate nonce from current time 0xsequence/sequence.js#921)
Remove publish-dists.yml github action (Remove publish-dists.yml github action 0xsequence/sequence.js#923)
3.0.0-beta.2
Clean up changeset config
Improve test stability by removing race conditions
Ensure build before test
Updating happy-dom to 20.0.10 (Updating happy-dom to 20.0.10 0xsequence/sequence.js#926)
Add support for custom auth providers (authcode & authcode-pkce only) (Add support for custom auth providers (authcode & authcode-pkce only) 0xsequence/sequence.js#894)
Add support for custom auth providers (authcode & authcode-pkce only)
fix authcode tests
Updating Deps November 2025 (Updating Deps November 2025 0xsequence/sequence.js#927)
Updating deps for the workspace root
Updating deps for wallet/wdk
Fixing sessions test for latest vitest
Lets not upgrade to the latest typescript quite yet
Updating to latest vitest
Updating deps for wallet/core
Updating deps for wallet/primitives-cli
Updating deps for wallet/dapp-client
Adding syncpack to check for dep version inconsistencies
Setup syncpack versionGroups for pnpm workspace:^
Fixing dep versions mismatches
Fixing @types/node mismatches
Adding syncpack to pre commit hook
Remove the syncpack format script.
Update ox to v9.17.0 (Update ox to v9.17.0 0xsequence/sequence.js#928)
Upgrading ox to 9.17.0
WrappedSignature renamed to SignatureErc6492
Fixing PasskeySignatureValidator interface
Lock ox lib dep to use the same version with pnpm overrides and update viem to latest
Fix explicitSessionRequested check in dapp client
Typescript 5.9.3 (Typescript 5.9.3 0xsequence/sequence.js#930)
Upgrading to typescript v5.9.3
Fix type errors that arose from typescript upgrade related to Bytes and Buffer source typings.
Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP (Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP 0xsequence/sequence.js#931)
Update pnpm
Mark @0xsequence/wallet-primitives-cli as private
3.0.0-beta.3
changeset cleanup
Fix rc4 4337 factory (Fix RC4 4337 factory 0xsequence/sequence.js#933)
Add rc5 and set it as default (Add RC5 and set it as default 0xsequence/sequence.js#934)
3.0.0-beta.4
Update SECURITY.md
Update wagmi-project/package.json
Update wagmi-project/package.json
Bump next from 15.5.5 to 15.5.7 (Bump next from 15.5.5 to 15.5.7 0xsequence/sequence.js#936)
Bumps next from 15.5.5 to 15.5.7.
updated-dependencies:
add userdata service client (add userdata service client 0xsequence/sequence.js#940)
Skip LocalDevice identity signers not on current device (Skip LocalDevice identity signers not on current device 0xsequence/sequence.js#942)
Skip LocalDevice identity signers not on current device
Update log
3.0.0-beta.5
Update config.yml (Update config.yml #102)
Update config.yml
Update .circleci/config.yml
Update config.yml (Update config.yml #103)
Update config.yml
Update .circleci/config.yml
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
This reverts commit fd0fdf9, reversing changes made to cba7894.
The following vulnerabilities are fixed with an upgrade:
The following vulnerabilities are fixed with an upgrade:
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.5.7 to 15.5.9updated-dependencies:
Delete .github/workflows/fortify.yml (Delete .github/workflows/fortify.yml #111)
fix: extras/web/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.5.7 to 15.5.9 #107)
The following vulnerabilities are fixed with an upgrade:
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.5.5 to 15.5.9Updates
happy-domfrom 17.6.3 to 20.0.11Updates
vitefrom 7.1.10 to 7.2.7updated-dependencies:
Bumps next from 15.5.7 to 15.5.9.
updated-dependencies:
Pin foundry to v1.5.0 instead of nightly (Pin foundry to v1.5.0 instead of nightly 0xsequence/sequence.js#947)
Include repo and extras in syncpack config to ensure deps are synced (Include repo and extras in syncpack config to ensure deps are synced 0xsequence/sequence.js#945)
Include repo and extras in syncpack config to ensure deps are synced across all
Updating support deps
Updating deps
Updating pnpm lock
Fixing type errors within wdk tests
Short circuit 404s (Short circuit 404s 0xsequence/sequence.js#949)
skip witness on signers that don't support it
add passkey to test
3.0.0-beta.6
Update tests.yml (Update tests.yml #119)
Update config.yml (Update config.yml #120)
Update packages/services/identity-instrument/src/index.ts
Update wagmi-project/src/main.tsx
Update wagmi-project/package.json
Update wagmi-project/package.json
fix: extras/docs/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.4.7 to 15.4.10 #116)
The following vulnerabilities are fixed with an upgrade:
Update wagmi-project/src/App.tsx
Update wagmi-project/src/App.tsx
Update wagmi-project/src/App.tsx
Update wagmi-project/src/App.tsx
2.3.7 (2.3.7 #131) (2.3.7 (#131) #132)
2.3.7 (2.3.7 #131)
fix broken guard private key
Expose access to passkey credential list
Dapp client direct txn request (Dapp client direct txn request 0xsequence/sequence.js#856)
Signature request refactor
WIP
Refactor
Update dapp-client exports (Update dapp-client exports 0xsequence/sequence.js#858)
Add hasPermission method to DappClient (Add hasPermission method to DappClient 0xsequence/sequence.js#859)
Save discovered passkey credentials upon login
Expose name property in PasskeySignupArgs
Fix blacklist sort
Add multi server script
relayer: /SimulateV3 (relayer: /SimulateV3 0xsequence/sequence.js#857)
Add await for handleOpenDB scheduleExpiration
Update increment to always include native once used
Fix session tests
Adding lastLoginAt to PasskeyCredential
LoginToPasskeyArgs now accept a credentialId which is used to specify which credential to use
Adding onSignatureRequestStatus function to register single use callbacks for when a request reaches a terminal state of completed or cancelled
When a login is cancelled we can remove the wallet which is logging-in
Add RC3 contracts
Sessions space restriction
Dedupe signers for encoding
Support RC3 sessions
Tightly increment call validation
CLI defaults to RC3 wallet code
Rc3 address test
Fix hashing tests
Add deprecated encoding test
wdk: throw errors from otp respond callback (wdk: throw errors from otp respond callback 0xsequence/sequence.js#864)
wdk: throw errors from otp respond callback
wdk: otp auth error and handler refactor
Handle guard 2FA (Handle guard 2FA 0xsequence/sequence.js#861)
guard: return a specific error when auth required
core: pass guard token to the service
wdk: handle prompting for guard 2FA code
dapp-client: handle prompting for guard 2FA code
guard 2fa tests
wdk: separate wallet and sessions guards
dapp-client: remove guard 2fa
dapp-client: fix imports
fix guard tests
wdk: remove unneeded promise resolve
Update relayer and api gen.ts, force public packages
Add standalone fetch queued payloads
Replacing GuardRole enum with string union type, as well as replacing guardAddresses Map with Record<GuardRole, Address>
Fallback to chain for non-logged in recovery
Add Katana, Sandbox Tesnet, Incentiv Testnet v2 (Add Katana, Sandbox Tesnet, Incentiv Testnet v2 0xsequence/sequence.js#873)
Update a few remaining dev1 contract addresses to rc3 (Update a few remaining dev1 contract addresses to rc3 0xsequence/sequence.js#874)
Remove unnecessary console.error where we already throw error
Improve DappClient hasPermission method
Wallet db try checksum and lowercase
Update dapp client json utils to include Map reviver and replacer
Bump next in the npm_and_yarn group across 1 directory
Bumps the npm_and_yarn group with 1 update in the / directory: next.
Updates
nextfrom 15.4.2 to 15.4.7updated-dependencies:
Update type name, update exports for dapp client
Expired explicit sessions can't sign
Improve session validity test
session isValid returns invalid reason
InvalidReason is typed
Support multiple identity signers in sessions configuration
Device signers can approve implicit sessions
Remove invalid test
Fix recursion
Fix comment
Improve test stability by reducing race conditions
Do not set passkey signer as identity signer
Use length checks
Throw on missing identity signer
Encoding requires identity signer to encode
Fix test
Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)
refactor types, namings, ts doc
fix session response payload
change parameter name
change parameter name
change type in tests
improve types and dapp client methods
fix session test to use new types
refactor
refactor implicit sessions array in chain session manager
remove unused types
remove unused types and add ConnectionError
update pnpm lock
move reusable session types to wallet-core
Update some imports and update some response type names
Fix check for explicit session for the updated type in dapp-client
Update api.gen.ts and relayer.gen.ts
Add missing chainId for dapp client event
Fix initializing new chain session manager on redirect
Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)
Update issue templates
Provider sent to prepareBlankEnvelope
Add session signature decoding
Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)
const for node length
Clearer blacklist size encoding
identity signer node length
Potential fix for code scanning alert no. 84: Insecure randomness
add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)
add getFeeTokens to dapp client
fix typo
make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)
make getFeeTokens independent of c…