Bump NPM deps

[RensR]

This PR bumps various NPM dependencies. One of them, solhint, turned on a lot of new rules by default. Some of the issues are fixed (unused imports) but most new rules are simply turned off. Owners of Solidity code should review which rules should be enabled for them.

The PR also does some misc stuff

• fix codeowners by removing core-solidity as root owner while making them owner of the gethwrappers
• Resolve the To be removed once the first PR with this package is merged comment in the CRE go.mod

[RensR]

Removed as core-solidity only owns Solidity related folder, not the top level which is largely Go based files.

[RensR]

Syntax to define these has changed, ./ prefixed no longer works

[github-actions]

Static analysis results are available

Hey @RensR, you can view Slither reports in the job summary here or download them as artifact here.
Please check them before merging and make sure you have addressed all issues.

[RensR]

Turn off most new rules to not break CI

[Copilot]

Pull request overview

This PR updates NPM dependencies across the project, most notably upgrading solhint from v5.2.0 to v6.0.1, which enabled new linting rules by default. The PR addresses this by removing unused imports and disabling most new gas optimization rules in solhint configuration files. Additionally, it includes miscellaneous cleanup: updating CODEOWNERS to add core-solidity as owner of gethwrappers while removing them as root owner, resolving a temporary comment in the CRE go.mod, and updating solhintignore patterns.

• Bumped various NPM dependencies including @changesets/cli, TypeScript tooling, and solhint
• Disabled new default solhint gas optimization rules and removed unused imports
• Updated CODEOWNERS and resolved temporary go.mod replacement

Reviewed changes

Copilot reviewed 16 out of 20 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Updated @changesets/cli from 2.28.1 to 2.29.7
contracts/package.json	Updated multiple dev dependencies and reorganized dependency lists, removing test script
contracts/cre/package.json	Moved dependencies between devDependencies and dependencies sections, updated versions
contracts/cre/gobindings/go.mod	Replaced local module replacement with actual version reference
contracts/src/v0.8/data-feeds/DataFeedsCache.sol	Added solhint disable comment for gas-calldata-parameters rule
contracts/cre/src/workflow/v2/CapabilitiesRegistry.sol	Added solhint disable comment for gas-calldata-parameters rule
contracts/cre/src/keystone/test/CapabilitiesRegistry_GetHashedCapabilityIdTest.t.sol	Removed unused imports
contracts/cre/src/keystone/test/CapabilitiesRegistry_AddCapabilitiesTest.t.sol	Removed unused import
contracts/cre/src/keystone/CapabilitiesRegistry.sol	Reordered imports and removed duplicate
contracts/cre/.solhintignore-test	Simplified ignore patterns removing ./ prefix
contracts/cre/.solhintignore	Simplified ignore patterns removing ./ and .**/ prefixes
contracts/.solhintignore-test	Simplified ignore patterns and removed keystone directory entry
contracts/.solhintignore	Simplified ignore patterns removing ./ prefix
contracts/.solhint.json	Added multiple disabled gas optimization rules
contracts/.solhint-test.json	Added multiple disabled gas optimization rules
.github/CODEOWNERS	Removed core-solidity from root ownership, added as owner of gethwrappers

Files not reviewed (3)

• contracts/cre/pnpm-lock.yaml: Language not supported
• contracts/pnpm-lock.yaml: Language not supported
• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[augustbleeds]

👍

[augustbleeds]

approving the solhint comment (Cache contract)