Skip to content

Bump the walletconnect-deps group across 1 directory with 2 updates#15

Merged
sunela-tr merged 1 commit into
mainfrom
dependabot/npm_and_yarn/walletconnect-deps-e4e3d7591e
Jul 9, 2026
Merged

Bump the walletconnect-deps group across 1 directory with 2 updates#15
sunela-tr merged 1 commit into
mainfrom
dependabot/npm_and_yarn/walletconnect-deps-e4e3d7591e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the walletconnect-deps group with 2 updates in the / directory: @reown/walletkit and @walletconnect/utils.

Updates @reown/walletkit from 1.5.5 to 1.5.6

Release notes

Sourced from @​reown/walletkit's releases.

@​reown/walletkit@​1.5.6

Patch Changes

Changelog

Sourced from @​reown/walletkit's changelog.

1.5.6

Patch Changes

Commits

Updates @walletconnect/utils from 2.23.9 to 2.23.10

Release notes

Sourced from @​walletconnect/utils's releases.

@​walletconnect/utils@​2.23.10

Patch Changes

  • #7252 cd32ff1 Thanks @​ganchoradkov! - Add TVF extraction for Canton's canton_prepareSignExecute.

  • #7247 3ea740e Thanks @​ganchoradkov! - Reject SIWE/CAIP-122 statements containing line breaks in formatMessage. Per EIP-4361 the statement is a single line, and embedded \r/\n (from a caller-supplied statement or untrusted recap-derived text) could forge other fields (URI, Nonce, etc.) in the signed message. The check runs on the final statement after recap formatting, and validateSignedCacao now returns false for such malformed payloads instead of throwing.

  • Updated dependencies [63ff999]:

    • @​walletconnect/types@​2.23.10
Changelog

Sourced from @​walletconnect/utils's changelog.

2.23.10

Patch Changes

  • #7252 cd32ff1 Thanks @​ganchoradkov! - Add TVF extraction for Canton's canton_prepareSignExecute.

  • #7247 3ea740e Thanks @​ganchoradkov! - Reject SIWE/CAIP-122 statements containing line breaks in formatMessage. Per EIP-4361 the statement is a single line, and embedded \r/\n (from a caller-supplied statement or untrusted recap-derived text) could forge other fields (URI, Nonce, etc.) in the signed message. The check runs on the final statement after recap formatting, and validateSignedCacao now returns false for such malformed payloads instead of throwing.

  • Updated dependencies [63ff999]:

    • @​walletconnect/types@​2.23.10
Commits
  • 3ef9f3e chore: update versions and lerna.json
  • cd32ff1 feat: add TVF extraction for Canton canton_prepareSignExecute
  • 8857209 fix: validate statement after recap formatting; soften validateSignedCacao
  • 3ea740e fix: reject SIWE statements containing line breaks per EIP-4361
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
@dependabot dependabot Bot requested a review from a team July 7, 2026 10:45
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 7, 2026
@dependabot dependabot Bot requested a review from L03TJ3 July 7, 2026 10:45
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Jul 7, 2026
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
good-wallet-v2 Ignored Ignored Preview Jul 9, 2026 12:28pm

Request Review

@sunela-tr sunela-tr enabled auto-merge (squash) July 9, 2026 12:24
@sunela-tr

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps the walletconnect-deps group with 2 updates in the / directory: [@reown/walletkit](https://github.com/reown-com/reown-walletkit-js/tree/HEAD/packages/walletkit) and [@walletconnect/utils](https://github.com/WalletConnect/walletconnect-monorepo/tree/HEAD/packages/utils).


Updates `@reown/walletkit` from 1.5.5 to 1.5.6
- [Release notes](https://github.com/reown-com/reown-walletkit-js/releases)
- [Changelog](https://github.com/reown-com/reown-walletkit-js/blob/main/packages/walletkit/CHANGELOG.md)
- [Commits](https://github.com/reown-com/reown-walletkit-js/commits/@reown/walletkit@1.5.6/packages/walletkit)

Updates `@walletconnect/utils` from 2.23.9 to 2.23.10
- [Release notes](https://github.com/WalletConnect/walletconnect-monorepo/releases)
- [Changelog](https://github.com/WalletConnect/walletconnect-monorepo/blob/v2.0/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/WalletConnect/walletconnect-monorepo/commits/@walletconnect/utils@2.23.10/packages/utils)

---
updated-dependencies:
- dependency-name: "@reown/walletkit"
  dependency-version: 1.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: walletconnect-deps
- dependency-name: "@walletconnect/utils"
  dependency-version: 2.23.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: walletconnect-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the walletconnect-deps group with 2 updates Bump the walletconnect-deps group across 1 directory with 2 updates Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/walletconnect-deps-e4e3d7591e branch from 8061a1f to a19897a Compare July 9, 2026 12:27
@sunela-tr sunela-tr merged commit 4dc6c24 into main Jul 9, 2026
3 checks passed
@sunela-tr sunela-tr deleted the dependabot/npm_and_yarn/walletconnect-deps-e4e3d7591e branch July 9, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant