build(deps): bump the dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates in the / directory:

Package	From	To
@filecoin-foundation/ui-filecoin	0.7.4	0.7.5
@filoz/synapse-sdk	0.36.1	0.37.0
@tanstack/react-query	5.90.16	5.90.21
nuqs	2.8.6	2.8.8
react	19.2.3	19.2.4
@types/react	19.2.8	19.2.14
react-dom	19.2.3	19.2.4
viem	2.44.1	2.45.3
zod	4.3.5	4.3.6
@biomejs/biome	2.3.11	2.3.15

Updates @filecoin-foundation/ui-filecoin from 0.7.4 to 0.7.5

Release notes

Sourced from @​filecoin-foundation/ui-filecoin's releases.

@​filecoin-foundation/ui-filecoin@​0.7.5

Patch Changes

• d711913: Create ImageMarkdown component
• 85dee1a: Upgrade to Next 16

Changelog

Sourced from @​filecoin-foundation/ui-filecoin's changelog.

0.7.5

Patch Changes

• d711913: Create ImageMarkdown component
• 85dee1a: Upgrade to Next 16

Commits

• 9e7f009 Version Packages (#2158)
• d711913 [UXIT-3731][UI-Filecoin] Create shared MarkdownImage [skip percy] (#2140)
• 30b9e44 [UXIT-3331][filecoin.io V3] Address Lighthouse audit issues - Fix performance...
• 85dee1a Upgrade to Next.js 16 (#2154)
• See full diff in compare view

Updates @filoz/synapse-sdk from 0.36.1 to 0.37.0

Release notes

Sourced from @​filoz/synapse-sdk's releases.

synapse-sdk: v0.37.0

0.37.0 (2026-02-11)

⚠ BREAKING CHANGES

• change params to options object and remove withIpni (#601)
• remove pdp classes and change upload input to File
• transition from ethers to viem (#555)
• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526)
• use activePieceCount for accurate piece tracking (#517)
• change to only export Synapse from the main entrypoint

refactor

• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526) (a4956c7)

Features

• Add API for querying remaining egress (#430) (c40d6b8)
• add devnet support (#527) (773551b)
• change params to options object and remove withIpni (#601) (0d529e2)
• change to only export Synapse from the main entrypoint (4c0cc47), closes #232
• Endorsements Service (#553) (fba3280)
• examples/cli: add get-sp-peer-ids command (#546) (8aafdf1)
• move ethers to peer dependencies (242a2c1)
• remove pdp classes and change upload input to File (32700c2)
• storage: rename "pieces" callbacks, add piece info & dataSetId (#439) (f1bd585)
• transition from ethers to viem (#555) (3741241)
• use activePieceCount for accurate piece tracking (#517) (59fd863)

Bug Fixes

• cache clientDataSetId in StorageContext (#489) (ec1345a)
• change FilBeam URL to stats.filbeam.com (#539) (87ac7a8)
• createStorageContext without getClientDataSetsWithDetails (#438) (76e2439)
• expose getScheduledRemovals on storageContext (#490) (6a3b5cc)
• remove settlement fee (#502) (8c7537e), closes #243
• remove telemetry (#562) (128037e)
• resolveByProviderId doesnt use getClientDataSetsWithDetails (1049c05)
• revert back uploads to uint8array and stream (67a17ee)
• simplify upload input to Blob (908c042)
• treat status code 202 for findPiece as a retry (6b9e03f)
• warm-storage: check metadata withCDN key in addition to cdnRailId for CDN status (#505) (db234e5)

Chores

... (truncated)

Commits

• 2524aeb chore(master): release synapse-sdk 0.37.0 (#481)
• 0902a01 chore(master): release synapse-core 0.2.0 (#482)
• 0d529e2 feat!: change params to options object and remove withIpni (#601)
• 67a17ee fix: revert back uploads to uint8array and stream
• d7b9661 fix: namespace upload types
• 9b3f73f fix: move default nonces to the sign functions
• 908c042 fix: simplify upload input to Blob
• 78cfd25 chore: skip size limit test in StorageService due to browser limitations
• ac0e76e chore: linter
• 8061afb chore: update docs and export missing types
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.90.16 to 5.90.21

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.21

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.18
  • @​tanstack/react-query@​5.90.19

@​tanstack/react-query@​5.90.21

Patch Changes

• refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

@​tanstack/react-query-persist-client@​5.90.20

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.17
  • @​tanstack/react-query@​5.90.18

@​tanstack/react-query@​5.90.20

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

@​tanstack/react-query-persist-client@​5.90.19

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.16
  • @​tanstack/react-query@​5.90.17

@​tanstack/react-query@​5.90.19

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

@​tanstack/react-query-persist-client@​5.90.18

Patch Changes

• Updated dependencies [4be3ad7]:
  • @​tanstack/react-query@​5.90.16
  • @​tanstack/query-persist-client-core@​5.91.15

@​tanstack/react-query@​5.90.18

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.21

Patch Changes

• refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

5.90.20

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

5.90.19

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

5.90.18

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

5.90.17

Patch Changes

• Updated dependencies [269351b]:
  • @​tanstack/query-core@​5.90.17

Commits

• 08050cb ci: Version Packages (#10115)
• c5def66 refactor(react-query/useQueries): remove unreachable 'willFetch' branch in su...
• da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
• 2a592d2 test(react-query/suspense): add test cases for 'static' staleTime with number...
• 7e3ea62 test(react-query/QueryResetErrorBoundary): relocate 'issue-9728' test and mig...
• dee5d3e test(react-query/ssr): add 'useMutation' and 'useMutationState' tests for SSR...
• 7ac4e20 ci: Version Packages (#10067)
• 9ff3de7 Upgrade to Vitest v4 (#9862)
• 0525ad1 ci: Version Packages (#10047)
• 53fc74e fix(query-core): fix combine not updating when queries change with stable ref...
• Additional commits viewable in compare view

Updates nuqs from 2.8.6 to 2.8.8

Release notes

Sourced from nuqs's releases.

v2.8.8

Bug fixes

• #1320 - reset queue after updates in Next.js app router, by @​franky47 (closes #1156)

Other changes

• #1321 - bump actions/checkout from 6.0.1 to 6.0.2, by @​dependabot
• #1322 - bump actions/setup-node from 6.1.0 to 6.2.0, by @​dependabot

Thanks

Huge thanks to @​BlastyCZ, @​felix-quotez, @​l0gicgate, @​lpbonomi, @​pimentellima, and @​sunwrobert for helping!

v2.8.7

Bug fixes

• #1316 - wait for navigation in RR adapters before syncing, by @​franky47 & @​itay-perry (closes #947 & #1293)

Documentation

• #1266 - fix broken images, by @​franky47
• #1268 - add full number to NPM stats title, by @​franky47
• #1279 - add shadcnstudio as featured sponsor 💖, by @​franky47
• #1280 - add quotes & fix shadcn/studio logo, by @​franky47
• #1283 - add Rhys Sullivan as sponsor 💖, by @​franky47
• #1284 - OSS Pledge details, by @​franky47
• #1286 - users leaderboard, by @​franky47
• #1287 - update twitch handle, by @​franky47
• #1290 - 2025, by @​franky47
• #1291 - switch favicon in development, by @​franky47
• #1292 - add release calendar, by @​franky47
• #1297 - add Brandon McConnell as sponsor 💖, by @​franky47
• #1298 - add Ru Chern Dong as sponsor 💖, by @​franky47
• #1299 - add David Haz as sponsor 💖, by @​franky47
• #1300 - add basedanarki as sponsor 💖, by @​franky47
• #1301 - change dominik koch founder url to notra, by @​mezotv
• #1302 - add Hayden Bleasel as a sponsor 💖, by @​franky47
• #1305 - fix ISO week year calculation at year boundaries, by @​copilot-swe-agent (closes #1304)
• #1310 - fix partial line, by @​franky47

Other changes

• #1264 - update dependencies (2025-12-11 React CVEs), by @​franky47
• #1269 - Replace Cypress with Playwright for e2e tests, by @​franky47
• #1282 - check PR titles against core changes, by @​franky47
• #1288 - fix release note formatting issues, add tests, by @​franky47 (closes #1276)
• #1306 - bump @​react-router/node from 7.8.1 to 7.9.4, by @​dependabot
• #1307 - bump @​remix-run/react from 2.17.0 to 2.17.3, by @​dependabot
• #1309 - bump react-router from 7.8.1 to 7.12.0, by @​dependabot

... (truncated)

Commits

• c58878f fix(1156): reset queue after updates in Next.js app router (#1320)
• ef19402 fix: wait for navigation in RR adapters before syncing (#1316)
• 24d39f6 chore(build): use distributed turbo.json package configurations (#1311)
• bc42e77 chore(deps): bump @​remix-run/react from 2.17.0 to 2.17.3 (#1307)
• See full diff in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.8 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates viem from 2.44.1 to 2.45.3

Release notes

Sourced from viem's releases.

viem@2.45.3

Patch Changes

• #4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

viem@2.45.2

Patch Changes

• #4300 cc60e25ca55c022a56ed9e991ec23cb615593da6 Thanks @​LXPDevs! - Added LuxePorts chain.

• #4306 e3901661ba0442d6ae66c4d702396e8ee247d03f Thanks @​izharan-fireblocks! - Added WalletConnectSessionSettlementError as a non-retryable transport error.

• #4301 662215f12310c3c2b17424093d3f4922693432f2 Thanks @​xGreen-project! - Added XGR Mainnet chain.

• #4315 56d0920fd654ab93e89fff77769b0c982b8928d5 Thanks @​jxom! - Fixed sendCallsSync to respect client-level action overrides (e.g. smart account clients).

• #4294 8c3fa2684820c80e8908cc799fd47815594e4871 Thanks @​Oighty! - Added Citrea Mainnet chain support.

• #4321 059274e18c19270e7f7e98f0b087e7986d5a6dd7 Thanks @​highonrice! - Updated the native currency of Stable Mainnet.

• #4319 746f5ae3b220313748bf7e0eb2d86f07848b6628 Thanks @​brotherlymite! - Added etherscan explorer for MegaETH.

• #4305 428ef7cd7b4d6e9860296df841ce2f4a8d494bc1 Thanks @​LxpSrDev! - Added LuxePorts chain.

viem@2.45.1

Patch Changes

• #4273 bf3f117aa4d6a4693af29894b1c27e130623cbc7 Thanks @​nicodlz! - Added Subtensor EVM chain.

• #4272 a3a4ff9a25c8f31d3caef533d3d100cf22c1ea5e Thanks @​matzapata! - Added Alpen Testnet

• #4228 26ffdfbef41e08a4d6837051eda615fb659c2c31 Thanks @​sakulstra! - Improved performance in parseEventLogs by memoizing.

• #4275 ea8398b80c6fa90747e979d959c32e276bdd43e1 Thanks @​GiovaniGuizzo! - Added KiiChain mainnet chain definition

• #4259 1ae28c2a9acb55b8fc599643549a52ec71a02e72 Thanks @​cruzdanilo! - Fixed error decoding in simulateBlocks when RPC returns revert data in returnData instead of error.data.

• #4260 1f2a1839c201a2f5b97bddf26d605fb0394cdbd7 Thanks @​akitothemoon! - Added Horizen Testnet.

• 4fe411bd4231ec0a89159723ec68fcfe13c10071 Thanks @​jxom! - Added nonce and faucet.fundSync actions to decorator.

viem@2.45.0

Minor Changes

• #4249 0e1d62dae5091e43bd4f12102e270a17a1456ffe Thanks @​dgca! - Added dataSuffix param to createWalletClient. When added, this will automatically add a dataSuffix to transaction actions submitted by this client.

... (truncated)

Commits

• 803d4d9 chore: version package (#4335)
• acbd802 chore: up
• 850c0da chore: up ox
• 71a324d fix: add blockCreated to MegaETH multicall3 contracts (#4333)
• aab32a4 feat(zksync): Add blockCreated field to multicall3 contract (#4330)
• d12bb35 feat: add getBalance batching (#4329)
• 8b93444 docs: up vocs
• b0a1a38 docs: bump vocs
• 4b7585c chore: version package (#4299)
• 8a9ea09 chore: up
• Additional commits viewable in compare view

Updates zod from 4.3.5 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• See full diff in compare view

Updates @biomejs/biome from 2.3.11 to 2.3.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.15

2.3.15

Patch Changes

• #9019 043b67c Thanks @​dyc3! - Added the lint rule noNestedPromises. This rule detects nested .then() or .catch() calls that could be refactored into flat promise chains.

  // Invalid: nested promise that can be flattened
  doThing().then(function () {
    return doOtherThing().then(console.log);
  });
  // Valid: flat promise chain
  doThing()
  .then(() => doOtherThing())
  .then(console.log);

  The rule intelligently allows nesting when the inner callback references variables from the outer scope, as these cases cannot be safely flattened.

• #9029 6ebf6c6 Thanks @​ff1451! - Added the nursery rule noUselessReturn. The rule reports redundant return; statements that don't affect the function's control flow.

  // Invalid: return at end of function is redundant
  function foo() {
    doSomething();
    return;
  }

• #9017 8bac2da Thanks @​mdevils! - Reverted a behavior change in useExhaustiveDependencies that was accidentally included as part of the #8802 fix. The change made method calls on objects (e.g., props.data.forEach(...)) report only the object (props.data) as a missing dependency instead of the full member expression. This behavior change will be reconsidered separately.

• #9005 c8dbbbe Thanks @​corvid-agent! - Fixed #8790: The noAssignInExpressions rule no longer reports a false positive when an assignment is used as the expression body of an arrow function (e.g., const f = b => a += b).

• #8519 ccdc602 Thanks @​ruidosujeira! - Fixed #8518, where globally excluded files in a monorepo were still being processed when using "extends": "//".

  When a package-level configuration extends the root configuration with "extends": "//", glob patterns (such as those in files.includes) are now correctly resolved relative to the project root directory, instead of the current workspace directory.

• #9033 0628e0a Thanks @​mdevils! - Fixed #8967. useExhaustiveDependencies no longer reports false positives for variables destructured from a rest pattern.

• #9023 8ef9d1d Thanks @​siketyan! - Fixed #9020: When javascript.jsxRuntime is set to reactClassic, noUnusedImports and useImportType rules now allow importing the React identifier from a package other than react. This aligns the behavior with tsc (--jsx=react), which also allows importing React from any package.

• #8646 16fd71d Thanks @​siketyan! - Fixed #8605: Text expressions in some template languages ({{ expr }} or { expr }) at the top level of an HTML document no longer causes panicking.

• #8930 51c158e Thanks @​ANKANJAGTAP! - Fixed #8917 useExhaustiveDependencies now correctly detects JSX component identifiers as hook dependencies.

• #9009 7d229c7 Thanks @​Netail! - Fixed typo in noPositiveTabindex's quick fix text.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.15

Patch Changes

• #9019 043b67c Thanks @​dyc3! - Added the lint rule noNestedPromises. This rule detects nested .then() or .catch() calls that could be refactored into flat promise chains.

  // Invalid: nested promise that can be flattened
  doThing().then(function () {
    return doOtherThing().then(console.log);
  });
  // Valid: flat promise chain
  doThing()
  .then(() => doOtherThing())
  .then(console.log);

  The rule intelligently allows nesting when the inner callback references variables from the outer scope, as these cases cannot be safely flattened.

• #9029 6ebf6c6 Thanks @​ff1451! - Added the nursery rule noUselessReturn. The rule reports redundant return; statements that don't affect the function's control flow.

  // Invalid: return at end of function is redundant
  function foo() {
    doSomething();
    return;
  }

• #9017 8bac2da Thanks @​mdevils! - Reverted a behavior change in useExhaustiveDependencies that was accidentally included as part of the #8802 fix. The change made method calls on objects (e.g., props.data.forEach(...)) report only the object (props.data) as a missing dependency instead of the full member expression. This behavior change will be reconsidered separately.

• #9005 c8dbbbe Thanks @​corvid-agent! - Fixed #8790: The noAssignInExpressions rule no longer reports a false positive when an assignment is used as the expression body of an arrow function (e.g., const f = b => a += b).

• #8519 ccdc602 Thanks @​ruidosujeira! - Fixed #8518, where globally excluded files in a monorepo were still being processed when using "extends": "//".

  When a package-level configuration extends the root configuration with "extends": "//", glob patterns (such as those in files.includes) are now correctly resolved relative to the project root directory, instead of the current workspace directory.

• #9033 0628e0a Thanks @​mdevils! - Fixed #8967. useExhaustiveDependencies no longer reports false positives for variables destructured from a rest pattern.

• #9023 8ef9d1d Thanks @​siketyan! - Fixed #9020: When javascript.jsxRuntime is set to reactClassic, noUnusedImports and useImportType rules now allow importing the React identifier from a package other than react. This aligns the behavior with tsc (--jsx=react), which also allows importing React from any package.

• #8646 16fd71d Thanks @​siketyan! - Fixed #8605: Text expressions in some template languages ({{ expr }} or { expr }) at the top level of an HTML document no longer causes panicking.

• #8930 51c158e Thanks @​ANKANJAGTAP! - Fixed #8917 useExhaustiveDependencies now correctly detects JSX component identifiers as hook dependencies.

• #9009 7d229c7 Thanks @​Netail! - Fixed typo in noPositiveTabindex's quick fix text.

• #8758 8c789f1 Thanks @​Pranav2612000! - Updated the useJsxKeyInIterable rule to not run inside Map constructors

... (truncated)

Commits

• df21006 ci: release (#8973)
• 6ebf6c6 feat(lint): add nursery rule noUselessReturn (#9029)
• 043b67c feat(lint/js): add noNestedPromises (#9019)
• 26d8367 docs: correct default value for useEditorconfig schema setting (#9025)
• 3a38d5c ci: release (#8888)
• 4561751 feat(linter): add rule noRedundantDefaultExport (#8931)
• ccaeac4 feat(biome_js_analyze): implement useGlobalThis (#8928)
• d876a38 feat(lint): implement useConsistentMethodSignatures from `typescript-eslint...
• 9a18daa feat(analyze/js/vue): add noVueArrowFuncInWatch (#8602)
• 3531687 feat(lint/css): add noDeprecatedMediaType (#8861)
• Additional commits viewable in compare view

Updates @types/react from 19.2.8 to 19.2.14

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
filecoin-cloud	Error		Feb 12, 2026 1:24pm

[mirhamasala]

We're going to upgrade Next first.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml