chore(deps): bump the production-major group across 1 directory with 8 updates

[dependabot]

Bumps the production-major group with 8 updates in the / directory:

Package	From	To
@noble/hashes	1.8.0	2.0.1
@hookform/resolvers	4.0.0	5.2.2
zod	3.25.76	4.2.1
react-syntax-highlighter	15.6.6	16.1.0
wagmi	2.19.4	3.1.3
@fastify/static	8.3.0	9.0.0
eslint-plugin-react-hooks	5.2.0	7.0.1
non.geist	1.0.4	2.0.1

Updates @noble/hashes from 1.8.0 to 2.0.1

Release notes

Sourced from @​noble/hashes's releases.

2.0.1

• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers
  • This was planned for 2.0.0, but was accidentally left out
• package.json: specify exported submodules to ensure typescript autocompletion
• scrypt: Fix error message for maxmem check by @​ChALkeR in paulmillr/noble-hashes#121
• scrypt: 4% speed-up by @​ChALkeR in paulmillr/noble-hashes#122

Full Changelog: paulmillr/noble-hashes@2.0.0...2.0.1

2.0.0

High-level

• The package is now ESM-only. ESM can finally be loaded from common.js on node v20.19+
  • Node v20.19 is now the minimum required version
  • Package imports now work correctly in bundler-less environments, such as browsers
  • Reduces npm package size (traffic consumed): 152KB => 136KB
  • Reduces unpacked npm size (on-disk space): 1.1MB => 669KB
• Make bundle sizes smaller, compared to v1.x
• .js extension must be used for all modules
  • Old: @noble/hashes/sha3
  • New: @noble/hashes/sha3.js
  • This simplifies working in browsers natively without transpilers

Changes

• Only allow Uint8Array as hash inputs, prohibit string
  • Strict validation checks improve security
  • To replicate previous behavior, use utils.utf8ToBytes
• Rename / remove some modules for consistency. Previously, sha384 resided in sha512, which was weird
  • sha256, sha512 => sha2.js (consistent with sha3.js)
  • blake2b, blake2s => blake2.js (consistent with blake3.js, blake1.js)
  • ripemd160, sha1, md5 => legacy.js (all low-security hashes are there)
  • _assert => utils.js
  • crypto internal module got removed: use built-in WebCrypto instead
• Improve typescript types & option autocomplete
• Upgrade typescript compilation env to ts5.9 and es2022
• Massively improve error messages, make them more descriptive

Full Changelog: paulmillr/noble-hashes@1.8.0...2.0.0

Commits

• d30e070 Release 2.0.1.
• 4485505 anumber: fix error msg
• dd62b81 pkg.json: add back export maps for text editor autocompletion
• 59fda2c Merge pull request #122 from ChALkeR/chalker/perf/scrypt/0
• 90dfe17 adjust comment
• e6099ae add a comment
• 15ee761 perf: tiny improvement in scrypt
• 30f8780 Merge pull request #121 from ChALkeR/patch-2
• f43e04b Fix error message for scrypt maxmem check
• b048d14 Release 2.0.0 to JSR.
• Additional commits viewable in compare view

Updates @hookform/resolvers from 4.0.0 to 5.2.2

Release notes

Sourced from @​hookform/resolvers's releases.

v5.2.2

5.2.2 (2025-09-14)

Bug Fixes

• zod: fix output type for Zod 4 resolver (#803) (e95721d)

v5.2.1

5.2.1 (2025-07-29)

Bug Fixes

• discriminated union for zod v4 mini (#784) (49a0d7b)
• zod v4 peer deps (#798) (2d28e6a)
• zod: fix output type for Zod 4 resolver (#801) (bc09647)

v5.2.0

5.2.0 (2025-07-25)

Features

• ajv: add ajv-formats for ajvResolver (#797) (f040039)

v5.1.1

5.1.1 (2025-06-09)

Bug Fixes

• zod peer dep issue (#780) (79cd8b2)

v5.1.0

5.1.0 (2025-06-07)

Features

• support Zod 4, Zod v4 mini, and retains compatibility with Zod v3. (#777) (8d083bd)

v5.0.1

5.0.1 (2025-04-02)

Bug Fixes

... (truncated)

Commits

• e95721d fix(zod): fix output type for Zod 4 resolver (#803)
• 49a0d7b fix: discriminated union for zod v4 mini (#784)
• bc09647 fix(zod): fix output type for Zod 4 resolver (#801)
• 2d28e6a fix: zod v4 peer deps (#798)
• f040039 feat(ajv): add ajv-formats for ajvResolver (#797)
• 79cd8b2 fix: zod peer dep issue (#780)
• 8d083bd feat: support Zod 4 (#777)
• 3bc2ad5 docs: fix table formatting (#774)
• 6e88393 fix: relax version constraint for react-hook-form 7.55.0 → ^7.55.0 (#758)
• a54d05a Merge branch 'dev'
• Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.2.1

Release notes

Sourced from zod's releases.

v4.2.1

Commits:

• 5b5b129315fbc94a3b0d6244185eaeefcbe438d1 4.2.1

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

... (truncated)

Commits

• 5b5b129 4.2.1
• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• Additional commits viewable in compare view

Updates react-syntax-highlighter from 15.6.6 to 16.1.0

Release notes

Sourced from react-syntax-highlighter's releases.

v16.1.0

What's Changed

• Bump simple-git and lint-staged by @​dependabot[bot] in react-syntax-highlighter/react-syntax-highlighter#614
• Bump Webpack to v5 by @​mxdvl in react-syntax-highlighter/react-syntax-highlighter#594
• Fix refractor imports, migrate to webpack 5, update deps by @​UncleJart in react-syntax-highlighter/react-syntax-highlighter#621

New Contributors

• @​mxdvl made their first contribution in react-syntax-highlighter/react-syntax-highlighter#594
• @​UncleJart made their first contribution in react-syntax-highlighter/react-syntax-highlighter#621

Full Changelog: react-syntax-highlighter/react-syntax-highlighter@v16.0.0...v16.1.0

v16.0.0

New major version!

16.0.0 brings a major version update to the refractor dependency, which remedies some security issues but could result in a breaking change to your app's dependencies. Please update with care.

What's Changed

• Update refractor to version 5 by @​lodinukal in react-syntax-highlighter/react-syntax-highlighter#604

New Contributors

• @​lodinukal made their first contribution in react-syntax-highlighter/react-syntax-highlighter#604

Full Changelog: react-syntax-highlighter/react-syntax-highlighter@v15.6.6...v16.0.0

Commits

• 5eedb74 16.1.0
• c71356f fix refractor imports, migrate to webpack 5, update deps (#621)
• f024a8c Revert "chore: bump Webpack to v5 (#594)"
• 7b0027b chore: bump Webpack to v5 (#594)
• 9dafbf1 Bump simple-git and lint-staged (#614)
• 8d154ff remove codecov step
• 506ee72 yank out failing codecov
• a647b59 16.0.0
• 8629e59 build with node 16.20.1
• a0decc7 Update refractor to version 5 (#604)
• See full diff in compare view

Updates wagmi from 2.19.4 to 3.1.3

Release notes

Sourced from wagmi's releases.

wagmi@3.1.3

Patch Changes

• Fixed published exports. (ed86500)

• Updated dependencies [ed86500]:

  • @​wagmi/connectors@​7.0.5

wagmi@3.1.2

Patch Changes

• Updated dependencies [9bbf13e]:
  • @​wagmi/connectors@​7.0.4

wagmi@3.1.1

Patch Changes

• Fixed useReadContract return type inference for ABI function overloads. (058c8c1)

• Updated dependencies [058c8c1]:

  • @​wagmi/core@​3.0.1
  • @​wagmi/connectors@​7.0.3

wagmi@3.1.0

Minor Changes

• Deprecated custom mutate function names and renamed to mutate/mutateAsync to reduce destructure key renaming fatigue and align with TanStack Query terminology. (#4878)

  Before

  Had to destructure hook result and often rename keys when using multiple of the same hook. Could decide not to destructure, but syntax becomes awkward for mutate functions (e.g. connect.connect or connect.connectAsync).

  const { connect, isPending: connectIsPending } = useConnect();
  const {
    writeContract: transfer,
    error: transferError,
    isPending: transferIsPending,
  } = useWriteContract();
  const { writeContract: approve, error: approveError } = useWriteContract();

  After

  Allows you to name the hook result whatever you want and not worry about also renaming properties.

  const connect = useConnect(); // connect.isPending
  const transfer = useWriteContract(); // transfer.mutate, transfer.error, transfer.isPending
  const approve = useWriteContract(); // approve.mutate, approve.error

... (truncated)

Changelog

Sourced from wagmi's changelog.

3.1.3

Patch Changes

• Fixed published exports. (ed86500)

• Updated dependencies [ed86500]:

  • @​wagmi/connectors@​7.0.5

3.1.2

Patch Changes

• Updated dependencies [9bbf13e]:
  • @​wagmi/connectors@​7.0.4

3.1.1

Patch Changes

• Fixed useReadContract return type inference for ABI function overloads. (058c8c1)

• Updated dependencies [058c8c1]:

  • @​wagmi/core@​3.0.1
  • @​wagmi/connectors@​7.0.3

3.1.0

Minor Changes

• Deprecated custom mutate function names and renamed to mutate/mutateAsync to reduce destructure key renaming fatigue and align with TanStack Query terminology. (#4878)

  Before

  Had to destructure hook result and often rename keys when using multiple of the same hook. Could decide not to destructure, but syntax becomes awkward for mutate functions (e.g. connect.connect or connect.connectAsync).

  const { connect, isPending: connectIsPending } = useConnect();
  const {
    writeContract: transfer,
    error: transferError,
    isPending: transferIsPending,
  } = useWriteContract();
  const { writeContract: approve, error: approveError } = useWriteContract();

  After

  Allows you to name the hook result whatever you want and not worry about also renaming properties.

... (truncated)

Commits

• c6a73fd chore: version packages (#4918)
• 16f8e7b chore: bump viem (#4912)
• 7761de1 chore: version packages (#4914)
• 9bbf13e fix(connectors): webpack dynamic import optional peer dep (#4911)
• ab2a819 chore: version packages (#4910)
• 058c8c1 fix(core,react): fix read contract return type inference for overloads
• 763d370 chore: version packages (#4895)
• d7b132e refactor(react,vue): rename mutate functions to mutate/mutateAsync (#4878)
• 7e58fe1 chore: version packages (#4892)
• 1245dac chore: version packages (#4885)
• Additional commits viewable in compare view

Updates @fastify/static from 8.3.0 to 9.0.0

Release notes

Sourced from @​fastify/static's releases.

v9.0.0

What's Changed

• build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @​dependabot[bot] in fastify/fastify-static#547
• Update glob@13 by @​mcollina in fastify/fastify-static#550

Full Changelog: fastify/fastify-static@v8.3.0...v9.0.0

Commits

• 4eec671 Bumped v9.0.0
• 4080e44 Update glob@13 (#550)
• f6716f9 build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#547)
• See full diff in compare view

Updates eslint-plugin-react-hooks from 5.2.0 to 7.0.1

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.0.1

• Disallowed passing inline useEffectEvent values as JSX props to guard against accidental propagation. (#34820 by @​jf-eirinha)
• Switch to export = so eslint-plugin-react-hooks emits correct types for consumers in Node16 ESM projects. (#34949 by @​karlhorky)
• Tightened the typing of configs.flat so the configs export is always defined. (#34950 by @​poteto)
• Fix named import runtime errors. (#34951, #34953 by @​karlhorky)

7.0.0

This release slims down presets to just 2 configurations (recommended and recommended-latest), and all compiler rules are enabled by default.

• Breaking: Removed recommended-latest-legacy and flat/recommended configs. The plugin now provides recommended (legacy and flat configs with all recommended rules), and recommended-latest (legacy and flat configs with all recommended rules plus new bleeding edge experimental compiler rules). (@​poteto in #34757)

6.1.1

Note: 6.1.0 accidentally allowed use of recommended without flat config, causing errors when used with ESLint v9's defineConfig() helper. This has been fixed in 6.1.1.

• Fix recommended config for flat config compatibility. The recommended config has been converted to flat config format. Non-flat config users should use recommended-legacy instead. (@​poteto in #34700)
• Add recommended-latest and recommended-latest-legacy configs that include React Compiler rules. (@​poteto in #34675)
• Remove unused NoUnusedOptOutDirectives rule. (@​poteto in #34703)
• Remove hermes-parser and dependency. (@​poteto in #34719)
• Remove @babel/plugin-proposal-private-methods dependency. (@​ArnaudBarre and @​josephsavona in #34715)
• Update for Zod v3/v4 compatibility. (@​kolian and @​josephsavona in #34717)

6.1.0

Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497

6.0.0

Accidentally released. See 6.1.0 for the actual changes.

Commits

• See full diff in compare view

Updates non.geist from 1.0.4 to 2.0.1

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.