Skip to content

chore(deps): bump the minor-updates group across 1 directory with 4 updates #956

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the minor-updates group across 1 directory with 4 updates #956

dependabot wants to merge 1 commit into from
+78 −42

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 15, 2026
edited
Loading

Bumps the minor-updates group with 4 updates in the / directory: framer-motion, viem, zod and vite.

Updates framer-motion from 12.23.25 to 12.26.2

Changelog

Sourced from framer-motion's changelog.

[12.26.2] 2026-01-13

Fixed

  • Internal refactor of projection system into motion-dom.

[12.26.1] 2026-01-12

Fixed

  • Improve overload selection for useTransform.

[12.26.0] 2026-01-12

Added

  • Support for multiple output value maps with useTransform.

[12.25.0] 2026-01-09

Added

  • Support for auto-scrolling when a Reorder.Item reaches the edges of its parent scrollable container.

[12.24.12] 2026-01-08

Fixed

  • Draggable elements now track pointer during page and element scroll.

[12.24.11] 2026-01-08

Fixed

  • Fixed time sampling of GPU animations under heavy CPU load.

[12.24.10] 2026-01-07

Fixed

  • Fixing missing import from motion-dom.

[12.24.9] 2026-01-07

Fixed

  • Fixing Radix Dialog with AnimatePresence.
  • Ensure drag constraints animation resumes after press interruption.
  • Prevent drag gesture from triggering when pressing focusable elements.

... (truncated)

Commits
  • 8973490 v12.26.2
  • c512503 Updating changelog
  • 9bab695 Merge pull request #3470 from motiondivision/refactor-visual-element
  • cd55787 Move projection node system to motion-dom
  • c4376e3 Remove duplicate code and use motion-dom directly
  • 43d7588 Remove duplicate isAnimationControls from framer-motion
  • 8ea3e4c Latest
  • cb08012 Latest
  • ea26667 Move animateVisualElement and dependencies to motion-dom
  • c8913c2 Latest
  • Additional commits viewable in compare view

Updates viem from 2.41.2 to 2.44.2

Release notes

Sourced from viem's releases.

viem@2.44.2

Patch Changes

viem@2.44.1

Patch Changes

viem@2.44.0

Minor Changes

  • #4201 0268ca88c67c7851ae03d8d41508657f2b62729d Thanks @​jxom! - ### viem/tempo Extension

    Added support for Tempo Moderato testnet.

    • (Breaking): Renamed tempoTestnettempoModerato. The old export is deprecated but still available as an alias.
    • (Breaking): Renamed reward.startreward.distribute: Renamed for distributing rewards (no longer supports streaming).
    • (Breaking): Renamed reward.getTotalPerSecondreward.getGlobalRewardPerToken: Returns the global reward per token value instead of per-second rate.
    • (Breaking): Renamed reward.watchRewardScheduledreward.watchRewardDistributed: Watches for reward distributed events.
    • (Breaking): Removed nonce.getNonceKeyCount.
    • (Breaking): Removed nonce.watchActiveKeyCountChanged.
    • (Breaking): Removed amm.watchFeeSwap (FeeSwap event no longer emitted by protocol).
    • (Breaking): OrderPlaced event now includes isFlipOrder and flipTick fields. The FlipOrderPlaced event has been removed and merged into OrderPlaced.
    • (Breaking): Renamed Address.stablecoinExchangeAddress.stablecoinDex.
    • (Breaking): Renamed Abis.stablecoinExchangeAbis.stablecoinDex.
    • Added dex.cancelStale action to cancel stale orders from restricted makers.
    • Added salt parameter to token.create.

Patch Changes

viem@2.43.5

Patch Changes

viem@2.43.4

... (truncated)

Commits

Updates zod from 4.1.13 to 4.3.5

Release notes

Sourced from zod's releases.

v4.3.5

Commits:

  • 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
  • e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
  • 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

  • 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
  • e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
  • 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
  • decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
  • 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
  • 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
  • b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

  • f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

  • bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
  • f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
  • 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

  • 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

z.fromJSONSchema()

Convert JSON Schema to Zod (#5534, #5586)

You can now convert JSON Schema definitions directly into Zod schemas. This function supports JSON Schema "draft-2020-12", "draft-7", "draft-4", and OpenAPI 3.0.

import * as z from "zod";
const schema = z.fromJSONSchema({
type: "object",
properties: {
</tr></table>

... (truncated)

Commits

Updates vite from 7.2.7 to 7.3.1

Release notes

Sourced from vite's releases.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-updates group across 1 directory with 4 u…
4fee902 
…pdates

Bumps the minor-updates group with 4 updates in the / directory: [framer-motion](https://github.com/motiondivision/motion), [viem](https://github.com/wevm/viem), [zod](https://github.com/colinhacks/zod) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `framer-motion` from 12.23.25 to 12.26.2
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](motiondivision/motion@v12.23.25...v12.26.2)

Updates `viem` from 2.41.2 to 2.44.2
- [Release notes](https://github.com/wevm/viem/releases)
- [Commits](https://github.com/wevm/viem/compare/viem@2.41.2...viem@2.44.2)

Updates `zod` from 4.1.13 to 4.3.5
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.1.13...v4.3.5)

Updates `vite` from 7.2.7 to 7.3.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.1/packages/vite)

---
updated-dependencies:
- dependency-name: framer-motion
  dependency-version: 12.26.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: viem
  dependency-version: 2.44.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: zod
  dependency-version: 4.3.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: vite
  dependency-version: 7.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 15, 2026
@vercel
Copy link

vercel bot commented Jan 15, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
yearnfi Error Error Jan 15, 2026 2:13am

@github-actions
Copy link

github-actions bot commented Jan 15, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

package.json

PackageVersionLicenseIssue Type
viem2.44.2NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-3-Clause, BSD-2-Clause, ISC, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Unlicense

OpenSSF Scorecard

PackageVersionScoreDetails
npm/framer-motion 12.26.2 UnknownUnknown
npm/viem 2.44.2 UnknownUnknown
npm/vite 7.3.1 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 6Found 16/24 approved changesets -- score normalized to 6
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 6detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Binary-Artifacts🟢 7binaries present in source code
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/zod 4.3.5 🟢 3.9
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/29 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 016 existing vulnerabilities detected

Scanned Files

  • package.json

@socket-security
Copy link

socket-security bot commented Jan 15, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedvite@​7.2.7 ⏵ 7.3.19210082 +199100
Updatedzod@​4.1.13 ⏵ 4.3.5100100100 +195100
Updatedframer-motion@​12.23.25 ⏵ 12.26.297 +2100100100 +4100
Updatedviem@​2.41.2 ⏵ 2.44.299100100 +198100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant