Skip to content

chore: Update dependencies and harden supply chain security#1077

Merged
tyhonchik merged 1 commit into
mainfrom
chore-update-deps-6-apr-2026
Apr 7, 2026
Merged

chore: Update dependencies and harden supply chain security#1077
tyhonchik merged 1 commit into
mainfrom
chore-update-deps-6-apr-2026

Conversation

@tyhonchik
Copy link
Copy Markdown
Contributor

@tyhonchik tyhonchik commented Apr 6, 2026
edited
Loading

Description

  • Update 22 packages within semver ranges (next, react-query, wagmi, sentry, etc.)
  • Upgrade @playwright/test from 1.51.1 to ^1.58.2 (fixes SSL cert verification CVE)
  • Upgrade @biomejs/biome to 2.4.9, disable noNegationElse rule
  • Add security overrides for ws, axios, glob, smol-toml, srvx, path-to-regexp, lodash, defu
  • Enable blockExoticSubdeps and trustPolicyIgnoreAfter in pnpm-workspace.yaml
  • Replace substring with slice per noSubstr lint rule
  • Remove unused biome-ignore suppression
  • Reduce audit vulnerabilities

Type of Change

  • Major: Breaking change (change that would cause existing functionality to not work as expected)
  • Minor: Feature (non-breaking change which adds new functionality)
  • Patch: Enhancement (non-breaking change to an existing feature)
  • Patch: Bug fix (non-breaking change which fixes an issue)

Developer Checklist:

  • Manually smoke tested the functionality in a preview or locally
  • Confirmed there are no new warnings or errors in the browser console
  • (For User Stories only) Double-checked that all Acceptance Criteria are satisfied
  • Confirmed there are no new warnings on automated tests
  • Merged and published any dependent changes in downstream modules
  • Selected the correct base branch
  • Commented the code in hard-to-understand areas
  • Followed the code style guidelines of this project
  • Reviewed that the Files Changed in Github’s UI reflect my intended changes
  • Confirmed the pipeline checks are not failing

Review Checklist:

  • (For User Stories only) Tested in a preview or locally that all Acceptance Criteria are satisfied
  • Confirmed that changes follow the code style guidelines of this project

@tyhonchik tyhonchik requested a review from a team as a code owner April 6, 2026 16:45
thekidnamedkd
thekidnamedkd previously approved these changes Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@thekidnamedkd thekidnamedkd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@tyhonchik
chore: Update dependencies and harden supply chain security
b33e145 
- Update 22 packages within semver ranges (next, react-query, wagmi, sentry, etc.)
- Upgrade @playwright/test from 1.51.1 to ^1.58.2 (fixes SSL cert verification CVE)
- Upgrade @biomejs/biome to 2.4.9, disable noNegationElse rule
- Add security overrides for ws, axios, glob, smol-toml, srvx, path-to-regexp, lodash, defu
- Enable blockExoticSubdeps and trustPolicyIgnoreAfter in pnpm-workspace.yaml
- Replace substring with slice per noSubstr lint rule
- Remove unused biome-ignore suppression
- Reduce audit vulnerabilities
@tyhonchik tyhonchik force-pushed the chore-update-deps-6-apr-2026 branch from 9258eb6 to b33e145 Compare April 6, 2026 19:26
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 6, 2026

🚀 Preview Deployment: View Here

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 6, 2026
edited
Loading

E2E results (preview)

Smoke
Base URL https://app-next-8ye7cuiw9-aragon-app.vercel.app
Suite smoke
Playwright result ✅ passed
Summary 76 passed, 4 skipped
GitHub job ✅ completed

View run #3989

@tyhonchik tyhonchik requested a review from thekidnamedkd April 7, 2026 07:55
jjavieralv
jjavieralv approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jjavieralv jjavieralv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proof I'm not an app member

@tyhonchik tyhonchik merged commit 44a3b01 into main Apr 7, 2026
23 checks passed
@tyhonchik tyhonchik deleted the chore-update-deps-6-apr-2026 branch April 7, 2026 10:18
This was referenced Apr 15, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jjavieralv jjavieralv jjavieralv approved these changes

@thekidnamedkd thekidnamedkd thekidnamedkd approved these changes

@milosh86 milosh86 Awaiting requested review from milosh86

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tyhonchik @jjavieralv @thekidnamedkd