build(deps): Bump recharts from 2.15.3 to 3.8.1 by dependabot[bot] · Pull Request #8781 · thirdweb-dev/js

dependabot · 2026-05-26T02:09:18Z

Bumps recharts from 2.15.3 to 3.8.1.

Release notes

v3.8.1

What's Changed

Bugfixes!

fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @VIDHITTS in recharts/recharts#7006

fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @roy7 in recharts/recharts#7020

docs: add missing SVG props documentation to PolarGrid #3400 by @ramanverse in recharts/recharts#6987

fix: add cursor prop type to BaseChartProps by @mixelburg in recharts/recharts#7065

fix: restore arrow key navigation when active index is outside zoomed… by @AbishekRaj2007 in recharts/recharts#7086

Add test for ticks spacing by @VIDHITTS in recharts/recharts#7082

fix(Pie): skip minAngle redistribution when no segment needs it by @Harikrushn9118 in recharts/recharts#7097

fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @mixelburg in recharts/recharts#7109

fix(PolarRadiusAxis): update ticks prop type by @PavelVanecek in recharts/recharts#7112

fix: PieChart double padding gap when a data item has value 0 by @Copilot in recharts/recharts#7113

Add boxplot example by @PavelVanecek in recharts/recharts#7130

[fix] Update ticks calculator and domain extension by @PavelVanecek in recharts/recharts#7146

fix: guard against non-function d3-scale exports in getD3ScaleFromType by @tdebarochez in recharts/recharts#7123

fix: stackOffset expand should not override numerical XAxis domain by @SeaL773 in recharts/recharts#7152

fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @olagokemills in recharts/recharts#7140

fix(Tooltip): prevent crash on sparse or undefined payload entries by @Om-Mishra09 in recharts/recharts#7149

fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @Om-Mishra09 in recharts/recharts#7161

New Contributors

@AbishekRaj2007 made their first contribution in recharts/recharts#7086

@tdebarochez made their first contribution in recharts/recharts#7123

@SeaL773 made their first contribution in recharts/recharts#7152

@olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

v3.8.0

What's Changed

We added generics to our data and dataKey props and now you can have your charts validated by TypeScript. See the full guide here: https://recharts.github.io/en-US/guide/typescript/

We are releasing new helper functions and hooks that will allow you to precisely target mouse interactions, and convert coordinates. See the guide here: https://recharts.github.io/en-US/guide/coordinateSystems/

And new functions and hooks:

getRelativeCoordinate - converts mouse events to pixel positions

Convert Data → Pixels:

useXAxisScale - returns a function to convert X data values to pixel positions useYAxisScale - returns a function to convert Y data values to pixel positions useCartesianScale - convenience hook for converting both at once

Pixels → Data:

... (truncated)

Commits

5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

PR-Codex overview

This PR focuses on updating various dependencies in the package.json and pnpm-lock.yaml files, ensuring compatibility and incorporating newer versions of libraries.

Detailed summary

Updated recharts from 2.15.3 to 3.8.1.
Updated @noble/hashes from 1.8.0 to 2.2.0.
Updated next and related dependencies to use @babel/core@7.29.7.
Updated various packages to their latest versions, including utf-8-validate and @types/debug.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Bumps [recharts](https://github.com/recharts/recharts) from 2.15.3 to 3.8.1. - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](recharts/recharts@v2.15.3...v3.8.1) --- updated-dependencies: - dependency-name: recharts dependency-version: 3.8.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-05-26T02:09:23Z

⚠️ No Changeset found

Latest commit: c32f9df

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

vercel · 2026-05-26T02:09:25Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs-v2	Error		May 26, 2026 2:18am
nebula	Ready	Preview, Comment	May 26, 2026 2:18am
thirdweb_playground	Error		May 26, 2026 2:18am
thirdweb-www	Error		May 26, 2026 2:18am
wallet-ui	Ready	Preview, Comment	May 26, 2026 2:18am

socket-security · 2026-05-26T02:10:26Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	recharts@3.8.1
	@wagmi/cli@2.10.0

View full report

socket-security · 2026-05-26T02:10:28Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@internationalized/date` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/@internationalized/date@3.12.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@internationalized/date@3.12.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@walletconnect/sign-client` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/@walletconnect/sign-client@2.23.7` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@walletconnect/sign-client@2.23.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `immer` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/recharts@3.8.1` → `npm/@wagmi/core@2.21.2` → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/x402@0.7.0` → `npm/wagmi@2.19.4` → `npm/@base-org/account@2.5.0` → `npm/immer@11.1.8` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/immer@11.1.8`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `node-fetch-native` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/node-fetch-native@1.6.7` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-fetch-native@1.6.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `node-forge` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@coinbase/wallet-mobile-sdk@1.1.2` → `npm/expo-application@6.0.1` → `npm/@mobile-wallet-protocol/client@1.0.0` → `npm/expo-linking@8.0.8` → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/expo-web-browser@15.0.9` → `npm/wagmi@2.19.4` → `npm/node-forge@1.4.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-forge@1.4.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `preact` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/x402@0.7.0` → `npm/wagmi@2.19.4` → `npm/preact@10.29.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/preact@10.29.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		HTTP dependency: npm `viem` depends on https://pkg.pr.new/ox@386a3439fe1ce76d237930f8c6e6bb493746069a Dependency: ox @https://pkg.pr.new/ox@386a3439fe1ce76d237930f8c6e6bb493746069a Location: Package overview From: pnpm-lock.yaml → `npm/@wagmi/core@2.21.2` → `npm/@abstract-foundation/agw-react@1.10.0` → `npm/viem@2.51.0` ℹ Read more on: This package \| This alert \| What are http dependencies? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Publish the HTTP URL dependency to a public or private package repository and consume it from there. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/viem@2.51.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 26, 2026

dependabot Bot requested review from a team as code owners May 26, 2026 02:09

dependabot Bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 26, 2026

vercel Bot deployed to Preview – wallet-ui May 26, 2026 02:12 View deployment

vercel Bot deployed to Preview – nebula May 26, 2026 02:12 View deployment

vercel Bot had a problem deploying to Preview – thirdweb-www May 26, 2026 02:13 Failure

vercel Bot had a problem deploying to Preview – thirdweb_playground May 26, 2026 02:14 Failure

vercel Bot had a problem deploying to Preview – docs-v2 May 26, 2026 02:18 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump recharts from 2.15.3 to 3.8.1#8781

build(deps): Bump recharts from 2.15.3 to 3.8.1#8781
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/recharts-3.8.1

dependabot Bot commented on behalf of github May 26, 2026 •

edited by pr-codex Bot

Loading

Uh oh!

changeset-bot Bot commented May 26, 2026

Uh oh!

vercel Bot commented May 26, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 26, 2026

Uh oh!

socket-security Bot commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 26, 2026 • edited by pr-codex Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.8.1

What's Changed

New Contributors

v3.8.0

What's Changed

PR-Codex overview

Detailed summary

Uh oh!

changeset-bot Bot commented May 26, 2026

⚠️ No Changeset found

Uh oh!

vercel Bot commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 26, 2026

Uh oh!

socket-security Bot commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 26, 2026 •

edited by pr-codex Bot

Loading

vercel Bot commented May 26, 2026 •

edited

Loading