Bump dev dependencies to latest majors

[gndelia]

Description

Routine dependency bumps. These updates bring our dev dependencies up to their latest versions so there are no pending major upgrades lagging behind. Each bump is committed separately for easy review.

Commits:

• 7ea30da Bump prettier to 3.8.3
• 737c4a8 Bump @commitlint/cli to 21.0.2
• a2a524c Bump lint-staged to 17.0.7
• f195dc1 Bump hemi-viem to 2.7.0

Note: lint-staged 17 requires Node >=22.22.1 and @commitlint/cli 21 is also a major bump.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​commitlint/​cli@​19.8.1 ⏵ 21.0.2	+1		+1
	hemi-viem@​2.5.0 ⏵ 2.7.0			+1	+5
	lint-staged@​16.1.2 ⏵ 17.0.7	+1			+1
	prettier@​3.6.2 ⏵ 3.8.3	+2		+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm jiti is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@commitlint/cli@21.0.2 → npm/jiti@2.6.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jiti@2.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[Copilot]

Pull request overview

Routine maintenance PR to keep the repo’s JavaScript developer tooling current by bumping several dev dependencies to their latest major versions.

Changes:

• Bump prettier to 3.8.3
• Bump @commitlint/cli to 21.0.2
• Bump lint-staged to 17.0.7 and hemi-viem to 2.7.0

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updates devDependency versions for formatting, commit linting, staged linting, and viem integration.
package-lock.json	Refreshes the lockfile to reflect the updated dev dependency graph and resolved transitive versions.

Comments suppressed due to low confidence (1)

package.json:47

• lint-staged v17 (and @commitlint/cli v21) require newer Node versions than the project’s current engines.node (>=20). As-is, installs on Node 20/21 will warn/fail even though package.json claims they’re supported. Update engines.node to match the strictest dev dependency requirement (currently lint-staged >=22.22.1).

  "engines": {
    "node": ">=20"
  },

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.