Skip to content

chore(deps)(deps): bump the transitive group across 1 directory with 35 updates#1422

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/transitive-dcd5018288
Open

chore(deps)(deps): bump the transitive group across 1 directory with 35 updates#1422
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/transitive-dcd5018288

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the transitive group with 35 updates in the / directory:

Package From To
@libp2p/peer-id 6.0.9 6.0.11
ethers 6.16.0 6.17.0
@opentelemetry/sdk-metrics 2.8.0 2.9.0
@libp2p/autonat 3.0.20 3.0.22
@libp2p/bootstrap 12.0.22 12.0.25
@libp2p/circuit-relay-v2 4.2.5 4.2.7
@libp2p/crypto 5.1.18 5.1.20
@libp2p/dcutr 3.0.20 3.0.22
@libp2p/identify 4.1.6 4.1.8
@libp2p/interface 3.2.2 3.2.4
@libp2p/kad-dht 16.2.7 16.3.3
@libp2p/mdns 12.0.22 12.0.25
@libp2p/ping 3.1.5 3.1.7
@libp2p/tcp 11.0.20 11.0.22
@libp2p/websockets 10.1.13 10.1.15
libp2p 3.3.1 3.3.4
protobufjs 8.3.0 8.6.6
ajv 8.18.0 8.20.0
@openzeppelin/contracts 5.4.0 5.6.1
force-graph 1.51.1 1.51.4
oxigraph 0.5.5 0.5.9
@modelcontextprotocol/sdk 1.27.1 1.29.0
yaml 2.8.3 2.9.0
react 19.2.4 19.2.7
react-dom 19.2.4 19.2.7
@opentelemetry/core 2.8.0 2.9.0
@opentelemetry/exporter-metrics-otlp-proto 0.219.0 0.220.0
@opentelemetry/exporter-trace-otlp-proto 0.219.0 0.220.0
@opentelemetry/resources 2.8.0 2.9.0
@opentelemetry/sdk-trace-node 2.8.0 2.9.0
@openuidev/react-lang 0.2.3 0.2.8
lucide-react 1.14.0 1.23.0
shiki 4.0.2 4.3.1
viem 2.53.1 2.54.4
zustand 5.0.12 5.0.14

Updates @libp2p/peer-id from 6.0.9 to 6.0.11

Release notes

Sourced from @​libp2p/peer-id's releases.

peer-id: v6.0.11

6.0.11 (2026-06-13)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4

peer-id: v6.0.10

6.0.10 (2026-05-30)

Dependencies

  • upgrade multiformats to 14 and multiaddr to 13.0.3 (#3526) (5b8813a)
  • upgrade to aegir v48 (#3495) (29797a5)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.18 to ^5.1.19
      • @​libp2p/interface bumped from ^3.2.2 to ^3.2.3
Commits

Updates ethers from 6.16.0 to 6.17.0

Release notes

Sourced from ethers's releases.

ethers/v6.17.0 (2026-06-18 00:49)

  • Add requestRate throttle to calls (b48bfe3).
  • Added provider requestRate throttle support (b74b6d3).
  • Disable AlchemyProvider which does not provide the necessary API capacity for tests (1523ca8).
  • Map ResolverNotFound error to null for reverse lookup (d07cfb6).
  • Use bigint for coinType instead of number values (4f6ec03).
  • Updated AlchemyProvider endpoints for BNB (9bec2f9).
  • Added basic ENSv2 tests and fixed issues with EVM cointypes (0e9a73d).
  • Adding ENSv2 integrations from adraffy (a2d0af4).
  • Update Blockscout deffault API key and links (5647ae3).
  • Added transactionsRoot to Block (#5077, #5078; 5bd2ce9).
  • Preserve 301/302 method and support 307/308 (#3106, #5115; 999af5f).
  • Fix maxFeePerGas property for EtherscanProvider transactions (#5080; ca45d23).
  • Added rich inspection for Network and Plugins (f2ffb86).
  • Tweaking API for Universal Resolver to be completely backward compatible (9a5c4b5).
  • Updated ENS Universal Resolver to latest API (0b3b12b).
  • Added CCIP to ENS Universal Resolver reverse resolution (982eef2).
  • Added reverse lookup for ENS UniversalResolver (9a9a11d).
  • Initial forward resolution using ENS UniversalResolver (51df7b9).
Changelog

Sourced from ethers's changelog.

ethers/v6.17.0 (2026-06-17 23:50)

  • Add requestRate throttle to calls (b48bfe3).
  • Added provider requestRate throttle support (b74b6d3).
  • Disable AlchemyProvider which does not provide the necessary API capacity for tests (1523ca8).
  • Map ResolverNotFound error to null for reverse lookup (d07cfb6).
  • Use bigint for coinType instead of number values (4f6ec03).
  • Updated AlchemyProvider endpoints for BNB (9bec2f9).
  • Added basic ENSv2 tests and fixed issues with EVM cointypes (0e9a73d).
  • Adding ENSv2 integrations from adraffy (a2d0af4).
  • Update Blockscout deffault API key and links (5647ae3).
  • Added transactionsRoot to Block (#5077, #5078; 5bd2ce9).
  • Preserve 301/302 method and support 307/308 (#3106, #5115; 999af5f).
  • Fix maxFeePerGas property for EtherscanProvider transactions (#5080; ca45d23).
  • Added rich inspection for Network and Plugins (f2ffb86).
  • Tweaking API for Universal Resolver to be completely backward compatible (9a5c4b5).
  • Updated ENS Universal Resolver to latest API (0b3b12b).
  • Added CCIP to ENS Universal Resolver reverse resolution (982eef2).
  • Added reverse lookup for ENS UniversalResolver (9a9a11d).
  • Initial forward resolution using ENS UniversalResolver (51df7b9).
Commits
  • 3ea4c22 admin: updated dist files
  • 2d35b6a docs: fix property access order for Flatworm
  • b48bfe3 Add requestRate throttle to calls.
  • 39f5ce1 tests: add INFURA_APIKEY for docs and workflows
  • 96bd29c tests: added provider throttling to test suites
  • b74b6d3 Added provider requestRate throttle support.
  • 1523ca8 Disable AlchemyProvider which does not provide the necessary API capacity for...
  • d07cfb6 Map ResolverNotFound error to null for reverse lookup.
  • c32c542 docs: fix typo in config for INFURA API key
  • 7c6b840 admin: include INFURA_APIKEY in docs generation to resolve throttling
  • Additional commits viewable in compare view

Updates @opentelemetry/sdk-metrics from 2.8.0 to 2.9.0

Release notes

Sourced from @​opentelemetry/sdk-metrics's releases.

v2.9.0

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas
Changelog

Sourced from @​opentelemetry/sdk-metrics's changelog.

2.9.0

💥 Breaking Changes

  • docs(shim-opentracing): Notice: The @opentelemetry/shim-opentracing package will be removed in SDK 3.x, planned for approximately September 2026.
    • The OpenCensus and OpenTracing compatibility requirements in the OpenTelemetry specification have been deprecated.

🚀 Features

  • feat(sdk-metrics): add maxExportBatchSize option to PeriodicExportingMetricReader #6655 @​psx95
    • Optimized PeriodicExportingMetricReader.forceFlush to prevent redundant concurrent export cycles. Concurrent calls to forceFlush will now await any ongoing export and reuse a fresh export cycle if one is started concurrently by another caller. This ensures the latest metrics are always exported efficiently without triggering duplicate collection and export cycles.
  • feat(sdk-trace): implement span processor metrics #6504 @​anuraaga
  • feat(sdk-trace): add a new "sdk-trace" package to hold the Trace SDK, without environment variable configuration handling that belongs elsewhere #6775 @​trentm
    • "sdk-trace" will eventually replace all of "sdk-trace-base", "sdk-trace-node", and "sdk-trace-web".
    • The BatchSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new BatchSpanProcessor(exporter, { maxQueueSize: 1000 }), after new BatchSpanProcessor({ exporter, maxQueueSize: 1000 }). #6817
    • The SimpleSpanProcessor constructor call signature has changed in "sdk-trace". For example, before new SimpleSpanProcessor(exporter), after new SimpleSpanProcessor({ exporter, selfObsMeterProvider: ... }). #6504
  • feat(sdk-trace): add AlwaysRecordSampler #6188 @​majanjua-amzn

🐛 Bug Fixes

  • fix(propagator-jaeger): do not throw on malformed percent-encoded uber-trace-id / uberctx-* headers during extract @​pichlermarc

🏠 Internal

  • perf(sdk-metrics): defer allocation of HrTime to accumulation creation #6839 @​legendecas
  • chore(*): migrate use of sdk-trace-base and sdk-trace-node to sdk-trace #6851 @​trentm
  • perf(sdk-metrics): optionally capture active context for sync instruments #6848 @​legendecas
Commits
  • 40d67b7 chore: prepare next release (#6869)
  • b1c196d Merge commit from fork
  • d375c08 fix(instrumentation,instrumentation-http): fix codecov under-reporting (#6867)
  • d61ab5f perf(sdk-metrics): optionally capture active context for sync instruments (#6...
  • 9e6475e fix(core): guard timeInputToHrTime against clock-skew misclassification (#677...
  • c989308 feat(sdk-node): wire up tracer_provider.sampler from declarative config (#6847)
  • dddbc0e feat(sdk-trace): add AlwaysRecordSampler (#6168)
  • 991434c chore(deps): update dependency @​bufbuild/buf to v1.71.0 (#6863)
  • 69303d0 chore(deps): update all patch versions (#6862)
  • 6690b03 chore(sdk-node)!: Drop support for deprecated OpenCensusMetricProducer from d...
  • Additional commits viewable in compare view

Updates @libp2p/autonat from 3.0.20 to 3.0.22

Release notes

Sourced from @​libp2p/autonat's releases.

dcutr: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3

autonat: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/peer-collections bumped from ^7.0.21 to ^7.0.22
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9

plaintext: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9

dcutr: v3.0.21

3.0.21 (2026-05-30)

... (truncated)

Commits

Updates @libp2p/bootstrap from 12.0.22 to 12.0.25

Release notes

Sourced from @​libp2p/bootstrap's releases.

mplex: v12.0.25

12.0.25 (2026-06-13)

Bug Fixes

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/interface-compliance-tests bumped from ^7.0.24 to ^7.0.25
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9
Commits

Updates @libp2p/circuit-relay-v2 from 4.2.5 to 4.2.7

Commits

Updates @libp2p/crypto from 5.1.18 to 5.1.20

Release notes

Sourced from @​libp2p/crypto's releases.

crypto: v5.1.20

5.1.20 (2026-06-13)

Bug Fixes

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
Commits

Updates @libp2p/dcutr from 3.0.20 to 3.0.22

Release notes

Sourced from @​libp2p/dcutr's releases.

dcutr: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3

autonat: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/peer-collections bumped from ^7.0.21 to ^7.0.22
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9

plaintext: v3.0.22

3.0.22 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9

dcutr: v3.0.21

3.0.21 (2026-05-30)

... (truncated)

Commits

Updates @libp2p/identify from 4.1.6 to 4.1.8

Release notes

Sourced from @​libp2p/identify's releases.

identify: v4.1.8

4.1.8 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/peer-record bumped from ^9.0.11 to ^9.0.12
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9

fetch: v4.1.7

4.1.7 (2026-06-13)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11

identify: v4.1.7

4.1.7 (2026-05-30)

Dependencies

  • upgrade multiformats to 14 and multiaddr to 13.0.3 (#3526) (5b8813a)
  • upgrade to aegir v48 (#3495) (29797a5)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.18 to ^5.1.19
      • @​libp2p/interface bumped from ^3.2.2 to ^3.2.3
      • @​libp2p/interface-internal bumped from ^3.1.5 to ^3.1.6
      • @​libp2p/peer-id bumped from ^6.0.9 to ^6.0.10
      • @​libp2p/peer-record bumped from ^9.0.10 to ^9.0.11
      • @​libp2p/utils bumped from ^7.2.1 to ^7.2.2

... (truncated)

Commits

Updates @libp2p/interface from 3.2.2 to 3.2.4

Release notes

Sourced from @​libp2p/interface's releases.

interface: v3.2.4

3.2.4 (2026-06-13)

Dependencies

interface: v3.2.3

3.2.3 (2026-05-30)

Dependencies

Commits

Updates @libp2p/kad-dht from 16.2.7 to 16.3.3

Release notes

Sourced from @​libp2p/kad-dht's releases.

kad-dht: v16.3.3

16.3.3 (2026-06-13)

Bug Fixes

Documentation

  • kad-dht: correct the alpha option default in the JSDoc (#3541) (5e07d59)

Dependencies

  • update uint8array related deps (#3542) (54ec417)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.19 to ^5.1.20
      • @​libp2p/interface bumped from ^3.2.3 to ^3.2.4
      • @​libp2p/interface-internal bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/peer-collections bumped from ^7.0.21 to ^7.0.22
      • @​libp2p/peer-id bumped from ^6.0.10 to ^6.0.11
      • @​libp2p/ping bumped from ^3.1.6 to ^3.1.7
      • @​libp2p/record bumped from ^4.0.13 to ^4.0.14
      • @​libp2p/utils bumped from ^7.2.2 to ^7.2.3
    • devDependencies
      • @​libp2p/logger bumped from ^6.2.8 to ^6.2.9
      • @​libp2p/peer-store bumped from ^12.0.21 to ^12.0.22

kad-dht: v16.3.2

16.3.2 (2026-06-06)

Refactors

  • kad-dht: only check dialability for closer peers (#3528) (7550173)

kad-dht: v16.3.1

16.3.1 (2026-05-30)

Dependencies

  • upgrade multiformats to 14 and multiaddr to 13.0.3 (#3526) (5b8813a)
  • upgrade to aegir v48 (#3495) (29797a5)
  • The following workspace dependencies were updated
    • dependencies
      • @​libp2p/crypto bumped from ^5.1.18 to ^5.1.19

... (truncated)

Commits

@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, npm, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Comment thread pnpm-lock.yaml
@@ -96,47 +96,47 @@ importers:
dependencies:
ethers:
specifier: ^6.16.0
version: 6.16.0(bufferutil@4.1.0)(utf-8-validate@5.0.10)
version: 6.17.0(bufferutil@4.1.0)(utf-8-validate@5.0.10)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Keep the lockfile update scoped to the telemetry change

What's wrong
This PR's manifest change is narrowly about two node-ui OpenTelemetry exporters, but the lockfile refresh pulls in unrelated resolutions across devnet, core, EVM, React, MCP, and other workspaces. That is maintainability debt: it turns a small, understandable dependency change into a repo-wide implicit upgrade, obscures which changes are intentional, and makes future lockfile diffs harder to reason about.

Example
A reviewer reading this PR sees a telemetry exporter bump in packages/node-ui/package.json, but the committed lockfile also upgrades devnet ethers, core libp2p packages, React-related packages, OpenZeppelin, and other transitive stacks. That makes the dependency intent much harder to audit from the manifest diff.

Suggested direction
Use a filtered/minimal pnpm update for the two exporter packages, or separate the broad resolver refresh into its own explicit dependency update. The code-judo move here is to make the PR's dependency contract match the manifest: one package, one dependency family, one reviewable lockfile closure.

For Agents
Preserve the packages/node-ui OpenTelemetry exporter bump, then regenerate or edit the lockfile so unrelated workspace importers keep their previous resolutions. If the broader dependency refresh is intentional, split it into a dedicated dependency-maintenance PR or update the relevant manifests so the lockfile diff has an explicit owner. Verify by diffing pnpm-lock.yaml and confirming non-node-ui importer resolution churn is gone or intentionally represented in manifests.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Keep the lockfile update scoped to the dependency change

What's wrong
The implementation surface of this PR is much larger than the manifest change. That makes dependency ownership and review boundaries muddy: unrelated workspaces now appear to change resolved versions without corresponding package.json intent, so the lockfile stops being a precise artifact of this PR and becomes a broad, hard-to-review maintenance event.

Example
A future reviewer trying to audit the OpenTelemetry exporter bump now has to inspect unrelated changes to ethers, libp2p, React, OpenZeppelin, MCP SDK, viem, oxigraph, and many transitive packages even though their manifests were not intentionally changed in this PR.

Suggested direction
Avoid committing an opportunistic whole-lockfile refresh with this focused manifest change. The cleaner structure is either a narrow lockfile diff for the two exporter bumps, or a separate explicit dependency-refresh PR where broad package movement is the actual subject.

For Agents
Regenerate the lockfile with the narrowest possible pnpm command/filter for packages/node-ui and the two OpenTelemetry exporters, preserving the intended exporter bump. Revert unrelated lockfile resolution churn unless the PR explicitly intends a repository-wide dependency refresh; if it does, split that into its own dependency-maintenance PR with the relevant validation.

…35 updates

Bumps the transitive group with 35 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@libp2p/peer-id](https://github.com/libp2p/js-libp2p) | `6.0.9` | `6.0.11` |
| [ethers](https://github.com/ethers-io/ethers.js) | `6.16.0` | `6.17.0` |
| [@opentelemetry/sdk-metrics](https://github.com/open-telemetry/opentelemetry-js) | `2.8.0` | `2.9.0` |
| [@libp2p/autonat](https://github.com/libp2p/js-libp2p) | `3.0.20` | `3.0.22` |
| [@libp2p/bootstrap](https://github.com/libp2p/js-libp2p) | `12.0.22` | `12.0.25` |
| [@libp2p/circuit-relay-v2](https://github.com/libp2p/js-libp2p) | `4.2.5` | `4.2.7` |
| [@libp2p/crypto](https://github.com/libp2p/js-libp2p) | `5.1.18` | `5.1.20` |
| [@libp2p/dcutr](https://github.com/libp2p/js-libp2p) | `3.0.20` | `3.0.22` |
| [@libp2p/identify](https://github.com/libp2p/js-libp2p) | `4.1.6` | `4.1.8` |
| [@libp2p/interface](https://github.com/libp2p/js-libp2p) | `3.2.2` | `3.2.4` |
| [@libp2p/kad-dht](https://github.com/libp2p/js-libp2p) | `16.2.7` | `16.3.3` |
| [@libp2p/mdns](https://github.com/libp2p/js-libp2p) | `12.0.22` | `12.0.25` |
| [@libp2p/ping](https://github.com/libp2p/js-libp2p) | `3.1.5` | `3.1.7` |
| [@libp2p/tcp](https://github.com/libp2p/js-libp2p) | `11.0.20` | `11.0.22` |
| [@libp2p/websockets](https://github.com/libp2p/js-libp2p) | `10.1.13` | `10.1.15` |
| [libp2p](https://github.com/libp2p/js-libp2p) | `3.3.1` | `3.3.4` |
| [protobufjs](https://github.com/protobufjs/protobuf.js) | `8.3.0` | `8.6.6` |
| [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` |
| [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `5.4.0` | `5.6.1` |
| [force-graph](https://github.com/vasturiano/force-graph) | `1.51.1` | `1.51.4` |
| [oxigraph](https://github.com/oxigraph/oxigraph/tree/HEAD/js) | `0.5.5` | `0.5.9` |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.29.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.3` | `2.9.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [@opentelemetry/core](https://github.com/open-telemetry/opentelemetry-js) | `2.8.0` | `2.9.0` |
| [@opentelemetry/exporter-metrics-otlp-proto](https://github.com/open-telemetry/opentelemetry-js) | `0.219.0` | `0.220.0` |
| [@opentelemetry/exporter-trace-otlp-proto](https://github.com/open-telemetry/opentelemetry-js) | `0.219.0` | `0.220.0` |
| [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) | `2.8.0` | `2.9.0` |
| [@opentelemetry/sdk-trace-node](https://github.com/open-telemetry/opentelemetry-js) | `2.8.0` | `2.9.0` |
| [@openuidev/react-lang](https://github.com/thesysdev/openui/tree/HEAD/packages/react-lang) | `0.2.3` | `0.2.8` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.14.0` | `1.23.0` |
| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `4.0.2` | `4.3.1` |
| [viem](https://github.com/wevm/viem) | `2.53.1` | `2.54.4` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.12` | `5.0.14` |



Updates `@libp2p/peer-id` from 6.0.9 to 6.0.11
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@daemon-v6.0.9...daemon-v6.0.11)

Updates `ethers` from 6.16.0 to 6.17.0
- [Release notes](https://github.com/ethers-io/ethers.js/releases)
- [Changelog](https://github.com/ethers-io/ethers.js/blob/main/CHANGELOG.md)
- [Commits](ethers-io/ethers.js@v6.16.0...v6.17.0)

Updates `@opentelemetry/sdk-metrics` from 2.8.0 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.8.0...v2.9.0)

Updates `@libp2p/autonat` from 3.0.20 to 3.0.22
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@perf-v3.0.20...perf-v3.0.22)

Updates `@libp2p/bootstrap` from 12.0.22 to 12.0.25
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@mdns-v12.0.22...mdns-v12.0.25)

Updates `@libp2p/circuit-relay-v2` from 4.2.5 to 4.2.7
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@circuit-relay-v2-v4.2.5...circuit-relay-v2-v4.2.7)

Updates `@libp2p/crypto` from 5.1.18 to 5.1.20
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@crypto-v5.1.18...crypto-v5.1.20)

Updates `@libp2p/dcutr` from 3.0.20 to 3.0.22
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@perf-v3.0.20...perf-v3.0.22)

Updates `@libp2p/identify` from 4.1.6 to 4.1.8
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@fetch-v4.1.6...crypto-v4.1.8)

Updates `@libp2p/interface` from 3.2.2 to 3.2.4
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@libp2p-v3.2.2...libp2p-v3.2.4)

Updates `@libp2p/kad-dht` from 16.2.7 to 16.3.3
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@kad-dht-v16.2.7...kad-dht-v16.3.3)

Updates `@libp2p/mdns` from 12.0.22 to 12.0.25
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@mdns-v12.0.22...mdns-v12.0.25)

Updates `@libp2p/ping` from 3.1.5 to 3.1.7
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@echo-v3.1.5...echo-v3.1.7)

Updates `@libp2p/tcp` from 11.0.20 to 11.0.22
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@tcp-v11.0.20...tcp-v11.0.22)

Updates `@libp2p/websockets` from 10.1.13 to 10.1.15
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@tcp-v10.1.13...tcp-v10.1.15)

Updates `libp2p` from 3.3.1 to 3.3.4
- [Release notes](https://github.com/libp2p/js-libp2p/releases)
- [Commits](libp2p/js-libp2p@libp2p-v3.3.1...libp2p-v3.3.4)

Updates `protobufjs` from 8.3.0 to 8.6.6
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v8.3.0...protobufjs-v8.6.6)

Updates `ajv` from 8.18.0 to 8.20.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v8.18.0...v8.20.0)

Updates `@openzeppelin/contracts` from 5.4.0 to 5.6.1
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v5.4.0...v5.6.1)

Updates `force-graph` from 1.51.1 to 1.51.4
- [Commits](vasturiano/force-graph@v1.51.1...v1.51.4)

Updates `oxigraph` from 0.5.5 to 0.5.9
- [Release notes](https://github.com/oxigraph/oxigraph/releases)
- [Changelog](https://github.com/oxigraph/oxigraph/blob/v0.5.9/CHANGELOG.md)
- [Commits](https://github.com/oxigraph/oxigraph/commits/v0.5.9/js)

Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.29.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0)

Updates `yaml` from 2.8.3 to 2.9.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.8.3...v2.9.0)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `@opentelemetry/core` from 2.8.0 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.8.0...v2.9.0)

Updates `@opentelemetry/exporter-metrics-otlp-proto` from 0.219.0 to 0.220.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.219.0...experimental/v0.220.0)

Updates `@opentelemetry/exporter-trace-otlp-proto` from 0.219.0 to 0.220.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.219.0...experimental/v0.220.0)

Updates `@opentelemetry/resources` from 2.8.0 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.8.0...v2.9.0)

Updates `@opentelemetry/sdk-trace-node` from 2.8.0 to 2.9.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.8.0...v2.9.0)

Updates `@openuidev/react-lang` from 0.2.3 to 0.2.8
- [Commits](https://github.com/thesysdev/openui/commits/HEAD/packages/react-lang)

Updates `lucide-react` from 1.14.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `shiki` from 4.0.2 to 4.3.1
- [Release notes](https://github.com/shikijs/shiki/releases)
- [Commits](https://github.com/shikijs/shiki/commits/v4.3.1/packages/shiki)

Updates `viem` from 2.53.1 to 2.54.4
- [Release notes](https://github.com/wevm/viem/releases)
- [Commits](https://github.com/wevm/viem/compare/viem@2.53.1...viem@2.54.4)

Updates `zustand` from 5.0.12 to 5.0.14
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.12...v5.0.14)

---
updated-dependencies:
- dependency-name: "@libp2p/autonat"
  dependency-version: 3.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/bootstrap"
  dependency-version: 12.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/circuit-relay-v2"
  dependency-version: 4.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/crypto"
  dependency-version: 5.1.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/dcutr"
  dependency-version: 3.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/identify"
  dependency-version: 4.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/interface"
  dependency-version: 3.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/kad-dht"
  dependency-version: 16.3.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@libp2p/mdns"
  dependency-version: 12.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/peer-id"
  dependency-version: 6.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/ping"
  dependency-version: 3.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/tcp"
  dependency-version: 11.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@libp2p/websockets"
  dependency-version: 10.1.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/core"
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/exporter-metrics-otlp-proto"
  dependency-version: 0.220.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/exporter-trace-otlp-proto"
  dependency-version: 0.220.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/resources"
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/sdk-metrics"
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@opentelemetry/sdk-trace-node"
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: "@openuidev/react-lang"
  dependency-version: 0.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: "@openzeppelin/contracts"
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: ajv
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: ethers
  dependency-version: 6.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: force-graph
  dependency-version: 1.51.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: libp2p
  dependency-version: 3.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: oxigraph
  dependency-version: 0.5.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: protobufjs
  dependency-version: 8.6.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
- dependency-name: shiki
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: viem
  dependency-version: 2.54.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: yaml
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: transitive
- dependency-name: zustand
  dependency-version: 5.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: transitive
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/transitive-dcd5018288 branch from b0bebf1 to 614d36e Compare July 6, 2026 04:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant