You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a40b1f4: Migrate the Base connector to canonical base naming, while preserving backwards-compatible aliases baseAccount and coinbaseWallet.
3672dc6: Added Anchorage Digital wallet support with the anchorageDigitalWallet wallet connector.
1043d88: Added MeCo Wallet support with mecoWallet wallet connector.
f52657f: Exposed RainbowKitProviderProps and WalletButtonRendererProps as public type exports to support Custom Wallet Button scenarios.
4f2de17: Fixed a crash that could occur when selecting a wallet while multiple browser wallet extensions were installed and the specific injected wallet was missing. Wallet-specific injected connectors now bind only to their matching provider instead of falling back to available defaults.
bc4625c: Fix recent transaction tracking so failed transactions no longer prevent an app's own transaction receipt wait from settling.
25c4c2b: Improved SSR safety to prevent WalletConnect initialization warnings and mitigate localStorage API availability changes in Node.js v25 and above.
f52657f: Fixed useWindowSize triggering a state update after unmount, which could surface as a React warning.
eb4251d: The AuthenticationAdapter.createMessage API can now return a promise, so dApps can fetch or construct a custom SIWE message asynchronously. This enables server-side SIWE message creation before prompting the wallet, while preserving existing synchronous behavior.
b0f6d52: fix: harden useCoolMode against malicious wallet icon URLs
The cool mode particle animation built image elements via innerHTML, which
parses its input as HTML. A malicious EIP-6963 wallet could supply a crafted
icon URL containing injected attributes (e.g. onerror) that would execute
in the dApp's origin when a user interacts with the wallet button.
Switched to document.createElement('img') with property assignment so the
icon value is always treated as a plain URL rather than markup.
a40b1f4: Migrate the Base connector to canonical base naming, while preserving backwards-compatible aliases baseAccount and coinbaseWallet.
3672dc6: Added Anchorage Digital wallet support with the anchorageDigitalWallet wallet connector.
1043d88: Added MeCo Wallet support with mecoWallet wallet connector.
f52657f: Exposed RainbowKitProviderProps and WalletButtonRendererProps as public type exports to support Custom Wallet Button scenarios.
4f2de17: Fixed a crash that could occur when selecting a wallet while multiple browser wallet extensions were installed and the specific injected wallet was missing. Wallet-specific injected connectors now bind only to their matching provider instead of falling back to available defaults.
bc4625c: Fix recent transaction tracking so failed transactions no longer prevent an app's own transaction receipt wait from settling.
25c4c2b: Improved SSR safety to prevent WalletConnect initialization warnings and mitigate localStorage API availability changes in Node.js v25 and above.
f52657f: Fixed useWindowSize triggering a state update after unmount, which could surface as a React warning.
eb4251d: The AuthenticationAdapter.createMessage API can now return a promise, so dApps can fetch or construct a custom SIWE message asynchronously. This enables server-side SIWE message creation before prompting the wallet, while preserving existing synchronous behavior.
b0f6d52: fix: harden useCoolMode against malicious wallet icon URLs
The cool mode particle animation built image elements via innerHTML, which
parses its input as HTML. A malicious EIP-6963 wallet could supply a crafted
icon URL containing injected attributes (e.g. onerror) that would execute
in the dApp's origin when a user interacts with the wallet button.
Switched to document.createElement('img') with property assignment so the
icon value is always treated as a plain URL rather than markup.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency filejavascriptPull requests that update javascript code
0 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
dependabot
Bot
added
dependencies
Bumps @rainbow-me/rainbowkit from 2.2.10 to 2.2.11.
Release notes
Sourced from @rainbow-me/rainbowkit's releases.
Changelog
Sourced from @rainbow-me/rainbowkit's changelog.
Commits
03360eechore: version packages (#2659)f6f00a8chore(tooling): upgrade biome, typescript (#2669)e90c2ddfeat: next-auth v5 (#2606)bc4625cfix: isolate recent transaction receipt waits (#2670)eb4251dfeat: support async createMessage in AuthenticationAdapter (#2633)5349f6afeat: internal component exports (#2589)a40b1f4fix: migrate baseAccount connector to base with aliases (#2634)33f2a10fix: cuer QRCode prop type errors (#2663)4f2de17fix: avoid binding missing injected wallets (#2661)b473b08fix: guard localStorage access during SSR (#2660)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)