chore(deps): bump the production-major group across 1 directory with 10 updates

[dependabot]

Bumps the production-major group with 10 updates in the / directory:

Package	From	To
@noble/hashes	1.8.0	2.0.1
@hcaptcha/react-hcaptcha	1.12.1	2.0.0
@hookform/resolvers	4.0.0	5.2.2
zod	3.25.76	4.3.5
react-syntax-highlighter	15.6.6	16.1.0
wagmi	2.19.4	3.3.2
@fastify/static	8.3.0	9.0.0
eslint-plugin-react-hooks	5.2.0	7.0.1
globals	16.5.0	17.0.0
non.geist	1.0.4	2.0.1

Updates @noble/hashes from 1.8.0 to 2.0.1

Release notes

Sourced from @​noble/hashes's releases.

2.0.1

• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers
  • This was planned for 2.0.0, but was accidentally left out
• package.json: specify exported submodules to ensure typescript autocompletion
• scrypt: Fix error message for maxmem check by @​ChALkeR in paulmillr/noble-hashes#121
• scrypt: 4% speed-up by @​ChALkeR in paulmillr/noble-hashes#122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

2.0.0

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 152KB => 136KB
  • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers

Changes

• Only allow Uint8Array as hash inputs, prohibit string
  • Strict validation checks improve security
  • To replicate previous behavior, use utils.utf8ToBytes
• Rename / remove some modules for consistency. Previously, sha384 resided in sha512, which was weird
  • sha256, sha512 => sha2.js (consistent with sha3.js)
  • blake2b, blake2s => blake2.js (consistent with blake3.js, blake1.js)
  • ripemd160, sha1, md5 => legacy.js (all low-security hashes are there)
  • _assert => utils.js
  • crypto internal module got removed: use built-in WebCrypto instead
• Improve typescript types & option autocomplete
• Upgrade typescript compilation env to ts5.9 and es2022
• Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-hashes@1.8.0...2.0.0

Commits

• d30e070 Release 2.0.1.
• 4485505 anumber: fix error msg
• dd62b81 pkg.json: add back export maps for text editor autocompletion
• 59fda2c Merge pull request #122 from ChALkeR/chalker/perf/scrypt/0
• 90dfe17 adjust comment
• e6099ae add a comment
• 15ee761 perf: tiny improvement in scrypt
• 30f8780 Merge pull request #121 from ChALkeR/patch-2
• f43e04b Fix error message for scrypt maxmem check
• b048d14 Release 2.0.0 to JSR.
• Additional commits viewable in compare view

Updates @hcaptcha/react-hcaptcha from 1.12.1 to 2.0.0

Release notes

Sourced from @​hcaptcha/react-hcaptcha's releases.

2.0.0

What's Changed

• fix(publish): Update Github Action to use pnpm correctly by @​brdlyptrs in hCaptcha/react-hcaptcha#361
• feat(esbuild): Switch to using esbuild and clean up repo by @​brdlyptrs in hCaptcha/react-hcaptcha#346

Full Changelog: hCaptcha/react-hcaptcha@1.17.4...v2.0.0

1.17.4

What's Changed

• chore(deps): bump qs and express
• fix: Fix imports/exports for Hooks

Full Changelog: hCaptcha/react-hcaptcha@1.17.3...1.17.4

1.17.3

What's Changed

• fix: Add type module to ESM build output by @​joao-imi in hCaptcha/react-hcaptcha#338

Full Changelog: hCaptcha/react-hcaptcha@1.17.2...1.17.3

1.17.2

What's Changed

• fix: Add missing fields in HCaptchaProps by @​patrickdemers6 in hCaptcha/react-hcaptcha#335

New Contributors

• @​patrickdemers6 made their first contribution in hCaptcha/react-hcaptcha#335

Full Changelog: hCaptcha/react-hcaptcha@1.17.1...1.17.2

1.17.1

What's Changed

• fix: Add TypeScript types to package.json exports for ESM compatibility by @​evgeniiPerov in hCaptcha/react-hcaptcha#326

New Contributors

• @​evgeniiPerov made their first contribution in hCaptcha/react-hcaptcha#326

Full Changelog: hCaptcha/react-hcaptcha@1.17.0...1.17.1

1.17.0

What's Changed

• chore(deps-dev): bump node-forge from 1.3.1 to 1.3.2 by @​dependabot[bot] in hCaptcha/react-hcaptcha#320
• chore: Clean up workflows by @​e271828- in hCaptcha/react-hcaptcha#321
• feat(hooks): Add Provider/Hook pattern by @​joao-imi in hCaptcha/react-hcaptcha#323

Full Changelog: hCaptcha/react-hcaptcha@1.16.0...1.17.0

... (truncated)

Commits

• 5c6a8fe feat(esbuild): Switch to using esbuild and clean up repo (#346)
• aedb4a4 fix: Fix imports/exports (#341)
• 6df384e chore(deps): bump qs and express (#339)
• edfa7fb fix: Add type module to ESM build output (#338)
• 74d96ff fix: Add missing fields in HCaptchaProps (#335)
• 3170803 fix: Add TypeScript types to package.json exports for ESM compatibility (#326)
• a470bdf feat(hooks): Add Provider/Hook pattern (#323)
• 3604bec chore: Clean up workflows (#321)
• 24cd456 chore(deps-dev): bump node-forge from 1.3.1 to 1.3.2 (#320)
• 3cb0933 feat(package): Bump hCaptcha loader version (#319)
• Additional commits viewable in compare view

Updates @hookform/resolvers from 4.0.0 to 5.2.2

Release notes

Sourced from @​hookform/resolvers's releases.

v5.2.2

5.2.2 (2025-09-14)

Bug Fixes

• zod: fix output type for Zod 4 resolver (#803) (e95721d)

v5.2.1

5.2.1 (2025-07-29)

Bug Fixes

• discriminated union for zod v4 mini (#784) (49a0d7b)
• zod v4 peer deps (#798) (2d28e6a)
• zod: fix output type for Zod 4 resolver (#801) (bc09647)

v5.2.0

5.2.0 (2025-07-25)

Features

• ajv: add ajv-formats for ajvResolver (#797) (f040039)

v5.1.1

5.1.1 (2025-06-09)

Bug Fixes

• zod peer dep issue (#780) (79cd8b2)

v5.1.0

5.1.0 (2025-06-07)

Features

• support Zod 4, Zod v4 mini, and retains compatibility with Zod v3. (#777) (8d083bd)

v5.0.1

5.0.1 (2025-04-02)

Bug Fixes

... (truncated)

Commits

• e95721d fix(zod): fix output type for Zod 4 resolver (#803)
• 49a0d7b fix: discriminated union for zod v4 mini (#784)
• bc09647 fix(zod): fix output type for Zod 4 resolver (#801)
• 2d28e6a fix: zod v4 peer deps (#798)
• f040039 feat(ajv): add ajv-formats for ajvResolver (#797)
• 79cd8b2 fix: zod peer dep issue (#780)
• 8d083bd feat: support Zod 4 (#777)
• 3bc2ad5 docs: fix table formatting (#774)
• 6e88393 fix: relax version constraint for react-hook-form 7.55.0 → ^7.55.0 (#758)
• a54d05a Merge branch 'dev'
• Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.3.5

Release notes

Sourced from zod's releases.

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

z.fromJSONSchema()

Convert JSON Schema to Zod (#5534, #5586)

You can now convert JSON Schema definitions directly into Zod schemas. This function supports JSON Schema "draft-2020-12", "draft-7", "draft-4", and OpenAPI 3.0.

import * as z from "zod";
const schema = z.fromJSONSchema({
type: "object",
properties: {
</tr></table>

... (truncated)

Commits

• 0cdc0b8 4.3.5
• e36743e Improve mini treeshaking
• 21afffd [Docs] Update migration guide docs for deprecation of message (#5595)
• b4ab94c 4.3.4
• 66bda74 Remove .refine() from ZodMiniType
• 9443aab Drop iso time in fromJSONSchema
• decef9c Fix lint
• 089e5fb Improve looseRecord docs
• e01cd02 Support patternProperties for looserecord (#5592)
• 1a8bea3 Add integration tests
• Additional commits viewable in compare view

Updates react-syntax-highlighter from 15.6.6 to 16.1.0

Release notes

Sourced from react-syntax-highlighter's releases.

v16.1.0

What's Changed

• Bump simple-git and lint-staged by @​dependabot[bot] in react-syntax-highlighter/react-syntax-highlighter#614
• Bump Webpack to v5 by @​mxdvl in react-syntax-highlighter/react-syntax-highlighter#594
• Fix refractor imports, migrate to webpack 5, update deps by @​UncleJart in react-syntax-highlighter/react-syntax-highlighter#621

New Contributors

• @​mxdvl made their first contribution in react-syntax-highlighter/react-syntax-highlighter#594
• @​UncleJart made their first contribution in react-syntax-highlighter/react-syntax-highlighter#621

Full Changelog: react-syntax-highlighter/react-syntax-highlighter@v16.0.0...v16.1.0

v16.0.0

New major version!

16.0.0 brings a major version update to the refractor dependency, which remedies some security issues but could result in a breaking change to your app's dependencies. Please update with care.

What's Changed

• Update refractor to version 5 by @​lodinukal in react-syntax-highlighter/react-syntax-highlighter#604

New Contributors

• @​lodinukal made their first contribution in react-syntax-highlighter/react-syntax-highlighter#604

Full Changelog: react-syntax-highlighter/react-syntax-highlighter@v15.6.6...v16.0.0

Commits

• 5eedb74 16.1.0
• c71356f fix refractor imports, migrate to webpack 5, update deps (#621)
• f024a8c Revert "chore: bump Webpack to v5 (#594)"
• 7b0027b chore: bump Webpack to v5 (#594)
• 9dafbf1 Bump simple-git and lint-staged (#614)
• 8d154ff remove codecov step
• 506ee72 yank out failing codecov
• a647b59 16.0.0
• 8629e59 build with node 16.20.1
• a0decc7 Update refractor to version 5 (#604)
• See full diff in compare view

Updates wagmi from 2.19.4 to 3.3.2

Release notes

Sourced from wagmi's releases.

[email protected]

Patch Changes

• Updated query internals. (4fefa57)

• Updated dependencies [4fefa57]:

  • @​wagmi/core@​3.2.2
  • @​wagmi/connectors@​7.1.2

[email protected]

Patch Changes

• Updated dependencies [a373b50]:
  • @​wagmi/core@​3.2.1
  • @​wagmi/connectors@​7.1.1

[email protected]

Minor Changes

• Updated to [email protected] with Tempo Moderato support. (#4940)

  Breaking Changes (Tempo)

  • Renamed reward.useStart → reward.useDistribute
  • Renamed reward.useStartSync → reward.useDistributeSync
  • Renamed reward.useGetTotalPerSecond → reward.useGetGlobalRewardPerToken
  • Renamed reward.useWatchRewardScheduled → reward.useWatchRewardDistributed
  • Removed nonce.useNonceKeyCount
  • Removed nonce.useWatchActiveKeyCountChanged
  • Removed amm.useWatchFeeSwap

  New Features (Tempo)

  • Added dex.useCancelStale hook
  • Added dex.useCancelStaleSync hook

Patch Changes

• Updated dependencies [2ee3f55]:
  • @​wagmi/core@​3.2.0
  • @​wagmi/connectors@​8.0.0

[email protected]

Minor Changes

• Added first-class support and extension for Tempo via /tempo entrypoint. (#4922)

Patch Changes

• Updated dependencies [14989e4]:

... (truncated)

Changelog

Sourced from wagmi's changelog.

3.3.2

Patch Changes

• Updated query internals. (4fefa57)

• Updated dependencies [4fefa57]:

  • @​wagmi/core@​3.2.2
  • @​wagmi/connectors@​7.1.2

3.3.1

Patch Changes

• Updated dependencies [a373b50]:
  • @​wagmi/core@​3.2.1
  • @​wagmi/connectors@​7.1.1

3.3.0

Minor Changes

• Updated to [email protected] with Tempo Moderato support. (#4940)

  Breaking Changes (Tempo)

  • Renamed reward.useStart → reward.useDistribute
  • Renamed reward.useStartSync → reward.useDistributeSync
  • Renamed reward.useGetTotalPerSecond → reward.useGetGlobalRewardPerToken
  • Renamed reward.useWatchRewardScheduled → reward.useWatchRewardDistributed
  • Removed nonce.useNonceKeyCount
  • Removed nonce.useWatchActiveKeyCountChanged
  • Removed amm.useWatchFeeSwap

  New Features (Tempo)

  • Added dex.useCancelStale hook
  • Added dex.useCancelStaleSync hook

Patch Changes

• Updated dependencies [2ee3f55]:
  • @​wagmi/core@​3.2.0
  • @​wagmi/connectors@​8.0.0

3.2.0

Minor Changes

• Added first-class support and extension for Tempo via /tempo entrypoint. (#4922)

... (truncated)

Commits

• 3ae2d17 chore: version packages (#4946)
• 4fefa57 chore: changeset
• c337819 refactor: improve query options (#4937)
• befb190 chore: version packages (#4945)
• 34b5938 chore: version packages (#4944)
• e0f4f38 test: bump
• 5e4ef9d test: up flakes
• e135372 refactor: rename actions/hooks dir (#4941)
• 2ee3f55 refactor(tempo): update actions/hooks (#4940)
• e0cdfbd chore: version packages (#4933)
• Additional commits viewable in compare view

Updates @fastify/static from 8.3.0 to 9.0.0

Release notes

Sourced from @​fastify/static's releases.

v9.0.0

What's Changed

• build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @​dependabot[bot] in fastify/fastify-static#547
• Update glob@13 by @​mcollina in fastify/fastify-static#550

Full Changelog: fastify/fastify-static@v8.3.0...v9.0.0

Commits

• 4eec671 Bumped v9.0.0
• 4080e44 Update glob@13 (#550)
• f6716f9 build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#547)
• See full diff in compare view

Updates eslint-plugin-react-hooks from 5.2.0 to 7.0.1

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.0.1

• Disallowed passing inline useEffectEvent values as JSX props to guard against accidental propagation. (#34820 by @​jf-eirinha)
• Switch to export = so eslint-plugin-react-hooks emits correct types for consumers in Node16 ESM projects. (#34949 by @​karlhorky)
• Tightened the typing of configs.flat so the configs export is always defined. (#34950 by @​poteto)
• Fix named import runtime errors. (#34951, #34953 by @​karlhorky)

7.0.0

This release slims down presets to just 2 configurations (recommended and recommended-latest), and all compiler rules are enabled by default.

• Breaking: Removed recommended-latest-legacy and flat/recommended configs. The plugin now provides recommended (legacy and flat configs with all recommended rules), and recommended-latest (legacy and flat configs with all recommended rules plus new bleeding edge experimental compiler rules). (@​poteto in #34757)

6.1.1

Note: 6.1.0 accidentally allowed use of recommended without flat config, causing errors when used with ESLint v9's defineConfig() helper. This has been fixed in 6.1.1.

• Fix recommended config for flat config compatibility. The recommended config has been converted to flat config format. Non-flat config users should use recommended-legacy instead. (@​poteto in #34700)
• Add recommended-latest and recommended-latest-legacy configs that include React Compiler rules. (@​poteto in #34675)
• Remove unused NoUnusedOptOutDirectives rule. (@​poteto in #34703)
• Remove hermes-parser and dependency. (@​poteto in #34719)
• Remove @babel/plugin-proposal-private-methods dependency. (@​ArnaudBarre and @​josephsavona in #34715)
• Update for Zod v3/v4 compatibility. (@​kolian and @​josephsavona in #34717)

6.1.0

Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497

6.0.0

Accidentally released. See 6.1.0 for the actual changes.

Commits

• See full diff in compare view

Updates globals from 16.5.0 to 17.0.0

Release notes

Sourced from globals's releases.

v17.0.0

Breaking

• Split audioWorklet environment from browser (#320) 7bc293e

Improvements

• Update globals (#329) ebe1063
• Get all browser globals from both chrome and firefox (#321) 59ceff8
• Add bunBuiltin environment (#324) 1bc6e3b
• Add denoBuiltin environment (#324) 1bc6e3b
• Add paintWorklet environment (#323) 4b78f56
• Add sharedWorker environment (#322) 4a02a85

---

sindresorhus/globals@v16.5.0...v17.0.0

Commits

• bb89b18 17.0.0
• ebe1063 Update globals (2026-01-01) (#329)
• e3d8da3 Revert "Automate script for paintWorklet environment (#325)" (#328)
• e7c0453 Automate script for paintWorklet environment (#325)
• 1bc6e3b Add bunBuiltin and denoBuiltin (#324)
• 4b78f56 Add paintWorklet environment (#323)
• 59ceff8 Get all browser globals from both chrome and firefox (#321)
• 4a02a85 Add sharedWorker environment (#322)
• 7bc293e Split audioWorklet environment from browser (#320)
• 814075f Fix browser launch (#319)
• Additional commits viewable in compare view

Updates non.geist from 1.0.4 to 2.0.1

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.