Uniswap/main (#98) by Dargon789 · Pull Request #8011 · Uniswap/interface

Dargon789 · 2026-03-05T13:12:48Z

2aea294

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Circleci project setup

…bilities (#60) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-12878608 - https://snyk.io/vuln/SNYK-RUBY-WEBRICK-10500756 - https://snyk.io/vuln/SNYK-RUBY-WEBRICK-8068535 Co-authored-by: snyk-bot <snyk-bot@snyk.io>

…updates (#61) Bumps the npm_and_yarn group with 2 updates in the /apps/extension directory: [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server). Bumps the npm_and_yarn group with 1 update in the /apps/mobile directory: [react-native-mmkv](https://github.com/mrousavy/react-native-mmkv). Bumps the npm_and_yarn group with 3 updates in the /apps/web directory: [webpack](https://github.com/webpack/webpack), [graphql](https://github.com/graphql/graphql-js) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /packages/uniswap directory: [react-native-mmkv](https://github.com/mrousavy/react-native-mmkv) and [graphql](https://github.com/graphql/graphql-js). Bumps the npm_and_yarn group with 1 update in the /packages/utilities directory: [graphql](https://github.com/graphql/graphql-js). Bumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [graphql](https://github.com/graphql/graphql-js). Updates `webpack` from 5.90.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.0...v5.94.0) Updates `webpack-dev-server` from 4.15.1 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.15.1...v5.2.1) Updates `react-native-mmkv` from 2.10.1 to 2.11.0 - [Release notes](https://github.com/mrousavy/react-native-mmkv/releases) - [Commits](mrousavy/react-native-mmkv@v2.10.1...v2.11.0) Updates `webpack` from 5.90.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.0...v5.94.0) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `hono` from 4.8.4 to 4.9.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.8.4...v4.9.7) Updates `react-native-mmkv` from 2.10.1 to 2.11.0 - [Release notes](https://github.com/mrousavy/react-native-mmkv/releases) - [Commits](mrousavy/react-native-mmkv@v2.10.1...v2.11.0) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: react-native-mmkv dependency-version: 2.11.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.9.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: react-native-mmkv dependency-version: 2.11.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ession for hostnames (#63) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Update issue templates * Update .github/ISSUE_TEMPLATE/feature_request.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

…ession for hostnames (#65) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Configure tag_and_release GitHub Actions workflow with explicit write permissions and annotate the GITHUB_TOKEN usage. CI: Add explicit contents, issues, and pull-requests write permissions to the workflow Chores: Add comment noting alternative use of a personal access token for GITHUB_TOKEN Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

…ession for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

…ing or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918

Refactor the tag_and_release workflow to trigger only on tag pushes, tighten permissions, restructure the release job, and switch from the actions/create-release action to a GitHub CLI invocation. Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Add a CircleCI configuration file with a basic job and workflow CI: Add .circleci/config.yml using CircleCI 2.1 configuration format Define a Docker-based "say-hello" job that checks out the code and prints "Hello, World!" Create "say-hello-workflow" to orchestrate and run the "say-hello" job Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-12878608 - https://snyk.io/vuln/SNYK-RUBY-WEBRICK-10500756 - https://snyk.io/vuln/SNYK-RUBY-WEBRICK-8068535 - https://snyk.io/vuln/SNYK-RUBY-REXML-13110060

…updates Bumps the npm_and_yarn group with 2 updates in the /apps/extension directory: [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server). Bumps the npm_and_yarn group with 1 update in the /apps/mobile directory: [react-native-mmkv](https://github.com/mrousavy/react-native-mmkv). Bumps the npm_and_yarn group with 3 updates in the /apps/web directory: [webpack](https://github.com/webpack/webpack), [graphql](https://github.com/graphql/graphql-js) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /packages/api directory: [graphql](https://github.com/graphql/graphql-js). Bumps the npm_and_yarn group with 2 updates in the /packages/uniswap directory: [react-native-mmkv](https://github.com/mrousavy/react-native-mmkv) and [graphql](https://github.com/graphql/graphql-js). Bumps the npm_and_yarn group with 1 update in the /packages/utilities directory: [graphql](https://github.com/graphql/graphql-js). Bumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [graphql](https://github.com/graphql/graphql-js). Updates `webpack` from 5.90.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.0...v5.94.0) Updates `webpack-dev-server` from 4.15.1 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.15.1...v5.2.1) Updates `react-native-mmkv` from 2.10.1 to 2.11.0 - [Release notes](https://github.com/mrousavy/react-native-mmkv/releases) - [Commits](mrousavy/react-native-mmkv@v2.10.1...v2.11.0) Updates `webpack` from 5.90.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.0...v5.94.0) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `hono` from 4.8.4 to 4.9.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.8.4...v4.9.7) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `react-native-mmkv` from 2.10.1 to 2.11.0 - [Release notes](https://github.com/mrousavy/react-native-mmkv/releases) - [Commits](mrousavy/react-native-mmkv@v2.10.1...v2.11.0) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: react-native-mmkv dependency-version: 2.11.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.9.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: react-native-mmkv dependency-version: 2.11.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: graphql dependency-version: 16.8.1 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Bumps the npm_and_yarn group with 1 update in the /apps/web directory: [playwright](https://github.com/microsoft/playwright). Updates `playwright` from 1.49.1 to 1.55.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.49.1...v1.55.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.55.1 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the npm_and_yarn group with 1 update in the /apps/web directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.9.7 to 4.10.3 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.9.7...v4.10.3) --- updated-dependencies: - dependency-name: hono dependency-version: 4.10.3 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

Add a new GitHub Actions workflow under .circleci/docker.yml to automate Docker image building, pushing, and signing with Buildx, caching, and cosign on scheduled and event-driven triggers New Features: Add Docker GitHub Actions workflow to build and push container images to the registry Integrate cosign to sign published images outside of pull requests Enhancements: Use Docker Buildx for multi-platform builds with GitHub Actions cache Extract and apply Docker metadata (tags and labels) via docker/metadata-action CI: Trigger the Docker workflow on a daily cron, master branch pushes, pull requests, and semver tag creations Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

Bumps the npm_and_yarn group with 1 update in the / directory: [js-yaml](https://github.com/nodeca/js-yaml). Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-AWSSDKS3-14465282

…updates Bumps the npm_and_yarn group with 1 update in the /apps/extension directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Bumps the npm_and_yarn group with 4 updates in the /apps/web directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router), [hono](https://github.com/honojs/hono), [qs](https://github.com/ljharb/qs) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). Bumps the npm_and_yarn group with 2 updates in the /packages/uniswap directory: [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) and [qs](https://github.com/ljharb/qs). Updates `react-router` from 7.6.3 to 7.12.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) Updates `react-router` from 7.6.3 to 7.12.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) Updates `hono` from 4.10.3 to 4.11.4 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.10.3...v4.11.4) Updates `qs` from 6.11.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `storybook` from 8.5.2 to 8.6.15 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v8.6.15/code/core) Updates `react-router` from 7.6.3 to 7.12.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) Updates `qs` from 6.11.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) --- updated-dependencies: - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.11.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 8.6.15 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

…ssion for hostnames (#100) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Create config.yml (#72) Summary by Sourcery CI: Introduce CircleCI 2.1 pipeline with a docker-based say-hello job and workflow Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * ci(release): publish latest release * Potential fix for code scanning alert no. 24: Incomplete multi-character sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 23: Incomplete regular expression for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 21: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Potential fix for code scanning alert no. 22: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Uniswap Labs Service Account <hello-happy-puppy@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

…dates (#102) Bumps the npm_and_yarn group with 2 updates in the /apps/api-self-serve directory: [@react-router/node](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-node) and [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router). Updates `@react-router/node` from 7.6.3 to 7.9.4 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-node/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/@react-router/node@7.9.4/packages/react-router-node) Updates `react-router` from 7.6.3 to 7.12.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) --- updated-dependencies: - dependency-name: "@react-router/node" dependency-version: 7.9.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…h 1 update (#103) Bumps the npm_and_yarn group with 1 update in the / directory: [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler). Bumps the npm_and_yarn group with 1 update in the /apps/web directory: [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler). Updates `wrangler` from 4.28.0 to 4.59.1 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.59.1/packages/wrangler) Updates `wrangler` from 4.28.0 to 4.59.1 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.59.1/packages/wrangler) --- updated-dependencies: - dependency-name: wrangler dependency-version: 4.59.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: wrangler dependency-version: 4.59.1 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

socket-security · 2026-03-05T13:14:45Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/ink-box@2.0.0
	npm/@react-router/serve@7.6.3
	npm/class-variance-authority@0.7.1
	npm/@react-router/node@7.9.4
	npm/@tailwindcss/vite@4.1.13
	npm/ink-spinner@5.0.0
	npm/@react-router/dev@7.6.3
	npm/react-router@7.12.0
	npm/tailwindcss-animate@1.0.7
	npm/rolldown-vite@7.0.10
	npm/ink-text-input@6.0.0
	npm/ink-gradient@3.0.0
	npm/ink-select-input@6.2.0
	npm/tailwindcss@4.1.16
	npm/react@19.0.0
	npm/@ai-sdk/anthropic@2.0.41
	npm/isbot@5.1.31
	npm/react-dom@19.0.0
	npm/ink@5.2.1
	npm/lucide-react@0.548.0
	npm/ai@5.0.87

View full report

socket-security · 2026-03-05T13:14:47Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		System shell access: npm `@npmcli/promise-spawn` in module child_process Module: child_process Location: Package overview From: `?` → `npm/@react-router/dev@7.6.3` → `npm/@npmcli/promise-spawn@6.0.2` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@npmcli/promise-spawn@6.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		System shell access: npm `@tailwindcss/oxide` in module child_process Module: child_process Location: Package overview From: `?` → `npm/@tailwindcss/vite@4.1.13` → `npm/@tailwindcss/oxide@4.1.13` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@tailwindcss/oxide@4.1.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Install-time scripts: npm `@tailwindcss/oxide` during postinstall Install script: postinstall Source: `node ./scripts/install.js` From: `?` → `npm/@tailwindcss/vite@4.1.13` → `npm/@tailwindcss/oxide@4.1.13` ℹ Read more on: This package \| This alert \| What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@tailwindcss/oxide@4.1.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		System shell access: npm `rolldown` in module child_process Module: child_process Location: Package overview From: `?` → `npm/rolldown-vite@7.0.10` → `npm/rolldown@1.0.0-beta.29` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rolldown@1.0.0-beta.29`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@npmcli/git` with module fs/promises Module: fs/promises Location: Package overview From: `?` → `npm/@react-router/dev@7.6.3` → `npm/@npmcli/git@4.1.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@npmcli/git@4.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@npmcli/git` with module fs Module: fs Location: Package overview From: `?` → `npm/@react-router/dev@7.6.3` → `npm/@npmcli/git@4.1.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@npmcli/git@4.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@npmcli/package-json` with module fs/promises Module: fs/promises Location: Package overview From: `?` → `npm/@react-router/dev@7.6.3` → `npm/@npmcli/package-json@4.0.1` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@npmcli/package-json@4.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@react-router/node` with module fs Module: fs Location: Package overview From: `?` → `npm/@react-router/dev@7.6.3` → `npm/@react-router/node@7.6.3` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@react-router/node@7.6.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@react-router/node` with module fs Module: fs Location: Package overview From: apps/api-self-serve/package.json → `npm/@react-router/node@7.9.4` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@react-router/node@7.9.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Dynamic module loading: npm `@tailwindcss/oxide` Location: Package overview From: `?` → `npm/@tailwindcss/vite@4.1.13` → `npm/@tailwindcss/oxide@4.1.13` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@tailwindcss/oxide@4.1.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@tailwindcss/oxide` with module fs Module: fs Location: Package overview From: `?` → `npm/@tailwindcss/vite@4.1.13` → `npm/@tailwindcss/oxide@4.1.13` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@tailwindcss/oxide@4.1.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Dynamic module loading: npm `react-router` Location: Package overview From: apps/api-self-serve/package.json → `npm/react-router@7.12.0` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/react-router@7.12.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Dynamic module loading: npm `react-router` Location: Package overview From: `?` → `npm/@react-router/node@7.9.4` → `npm/react-router@7.9.4` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/react-router@7.9.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Dynamic module loading: npm `rolldown-vite` Location: Package overview From: apps/api-self-serve/package.json → `npm/rolldown-vite@7.0.10` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rolldown-vite@7.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `rolldown-vite` with module fs Module: fs Location: Package overview From: apps/api-self-serve/package.json → `npm/rolldown-vite@7.0.10` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rolldown-vite@7.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Dynamic module loading: npm `rolldown` Location: Package overview From: `?` → `npm/rolldown-vite@7.0.10` → `npm/rolldown@1.0.0-beta.29` ℹ Read more on: This package \| This alert \| What is dynamic require? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rolldown@1.0.0-beta.29`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Dargon789 and others added 30 commits September 23, 2025 15:48

Create config.yml (#56)

c2e03b7

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Merge branch 'Uniswap:main' into circleci-project-setup

a272a7c

Merge pull request #62 from Dargon789/circleci-project-setup

4e41d0b

Circleci project setup

Potential fix for code scanning alert no. 19: Incomplete regular expr…

607e2db

…ession for hostnames (#63) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Potential fix for code scanning alert no. 17: Incomplete regular expr…

87893de

…ession for hostnames (#65) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Update tag_and_release.yml (#67)

4b5c40f

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Potential fix for code scanning alert no. 10: Incomplete regular expr…

008555b

…ession for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Create SECURITY.md

085f13d

Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Potential fix for code scanning alert no. 11: Incomplete string escap…

a6b4970

…ing or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Create static.yml

8a4ae07

Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Create jekyll-gh-pages.yml

46b0af5

Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com>

Create notify vercel.yml

9ec565f

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Delete .github/workflows/notify vercel.yml

6fec7e2

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>

Merge branch 'main' of https://github.com/Dargon789/interface

ab61fb4

Merge branch 'Uniswap:main' into main

9095c2c

ci(release): publish latest release

557b3bd

fix: apps/mobile/Gemfile & apps/mobile/Gemfile.lock to reduce vulnera…

479fb28

…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-AWSSDKS3-14465282

dependabot bot and others added 6 commits January 19, 2026 22:37

Potential fix for code scanning alert no. 9: Incomplete regular expre…

6ad0d16

…ssion for hostnames (#100) Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Merge remote-tracking branch 'upstream/main'

f20697b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uniswap/main (#98)#8011

Uniswap/main (#98)#8011
Dargon789 wants to merge 36 commits intoUniswap:mainfrom
Dargon789:main

Dargon789 commented Mar 5, 2026

Uh oh!

socket-security bot commented Mar 5, 2026

Uh oh!

socket-security bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

Dargon789 commented Mar 5, 2026

Uh oh!

socket-security bot commented Mar 5, 2026

Uh oh!

socket-security bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants