chore: update SDK dependencies#825
Conversation
Weekly dependency refresh for morpho-org/sdks. - Update root and non-deprecated workspace dependencies/devDependencies. - Preserve frozen deprecated package paths. - Keep peerDependency ranges unchanged unless devDependency compatibility requires widening. - Add changeset for the WDK runtime dependency update.
| "viem": "2.53.1", | ||
| "vitest": "^4.1.9" |
There was a problem hiding this comment.
🟡 Viem dev-dependency version specifier changed inconsistently across packages
The viem dev-dependency version specifier is updated to an exact pin ("2.53.1") in two packages (package.json:60, packages/blue-sdk/package.json:42) but to a caret range ("^2.53.1") in all eight other packages, breaking the previously uniform exact-pin pattern ("2.52.2").
Impact: Future dependency resolution or pnpm update runs may drift viem versions across packages that were previously locked in sync.
Mechanical inconsistency in the version-bump transformation
Before this PR, every workspace package pinned viem to the same exact version "2.52.2" in devDependencies. This PR bumps to 2.53.1, but the specifier format diverges:
package.json:60andpackages/blue-sdk/package.json:42→"2.53.1"(exact)- All other 8 packages (
blue-sdk-viem,evm-simulation,liquidity-sdk-viem,midnight-sdk,morpho-sdk,morpho-test,test,wdk-protocol-lending-morpho-evm) →"^2.53.1"(caret range)
While the pnpm lockfile and prefer-workspace-packages=true in .npmrc currently keep versions aligned, the inconsistency breaks the established convention and will cause divergent behavior on future pnpm update operations.
Prompt for agents
The viem dev-dependency version specifier was changed inconsistently. Before this PR, all packages used exact pins (2.52.2). After the PR, root package.json and packages/blue-sdk/package.json kept exact pins (2.53.1) while all 8 other packages switched to caret ranges (^2.53.1). Pick one convention and apply it uniformly. If the intent is to move to caret ranges (matching how most other devDependencies like vitest are specified), update root package.json line 60 and packages/blue-sdk/package.json line 42 to use ^2.53.1. If the intent is to keep exact pins for viem specifically, update the other 8 packages to use 2.53.1 without the caret.
Was this helpful? React with 👍 or 👎 to provide feedback.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8db2522850
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -168,7 +168,7 @@ importers: | |||
| version: 2.52.2(typescript@6.0.3)(zod@4.4.3) | |||
| vitest: | |||
| specifier: ^4.1.7 | |||
| version: 4.1.7(@types/node@25.9.3)(@vitest/coverage-v8@4.1.8(vitest@4.1.8))(@vitest/ui@4.1.8(vitest@4.1.8))(happy-dom@20.10.3)(vite@8.0.16(@types/node@25.9.3)(jiti@2.7.0)(yaml@2.9.0)) | |||
| version: 4.1.7(@types/node@26.0.1)(@vitest/coverage-v8@4.1.9(vitest@4.1.9))(@vitest/ui@4.1.9(vitest@4.1.9))(happy-dom@20.10.6)(vite@8.1.0(@types/node@26.0.1)(jiti@2.7.0)(yaml@2.9.0)) | |||
There was a problem hiding this comment.
Restore the frozen workspace lock entries
The root /workspace/sdks/AGENTS.md §2 rule 11 forbids dependency updates to frozen deprecated packages such as @morpho-org/blue-sdk-wagmi unless the PR is scoped to deprecation metadata or source deletion. This lockfile change still updates that package's resolved Vitest/tooling peer graph, and the same pattern appears for the other frozen workspaces, so local installs/tests no longer preserve the frozen dependency set even though their package.json files were skipped. Please regenerate or revert the lockfile entries for frozen workspaces as part of excluding them from the dependency refresh.
Useful? React with 👍 / 👎.
Summary
dependenciesanddevDependenciesacross the root package and non-deprecated workspaces.workspace:^devDependency protocol entries that the recursive update rewrote to published semver ranges.graphqlon latest compatible v16 in@morpho-org/liquidity-sdk-vieminstead ofgraphql@17, because the current GraphQL Codegen /graphql-requestpeer set still rejects v17.@biomejs/biomeversion.pnpm-lock.yaml.peerDependencies widened only when required: yes
Changesets markdown:
.changeset/weekly-sdk-deps-2026-06-29.mdChangesets release scope matches direct/peer/source-only criteria: yes
Dependency policy notes
@morpho-org/liquidation-sdk-viem,@morpho-org/bundler-sdk-viem,@morpho-org/migration-sdk-viem,@morpho-org/simulation-sdk,@morpho-org/blue-sdk-wagmi,@morpho-org/simulation-sdk-wagmi, and@morpho-org/test-wagmiwere excluded; existing frozen package paths have no file diffs.pnpm.overridessynchronized for direct dependencies: none present.@morpho-org/wdk-protocol-lending-morpho-evm, because its direct runtime dependencies changed. DevDependency-only package updates were intentionally not included in the changeset.Compatibility fixes
workspace:^.@morpho-org/liquidity-sdk-viemdevgraphqlto^16.14.2after the updater selected^17.0.1, preserving current peer/tooling compatibility.biome.jsonandbiome.ci.jsonschema URLs from 2.5.0 to 2.5.1.Verification
HUSKY=0 npx --yes pnpm@10.27.0 install --frozen-lockfile --ignore-scripts: passedHUSKY=0 npx --yes pnpm@10.27.0 run build:ci: passedHUSKY=0 npx --yes pnpm@10.27.0 run lint:ci: passedHUSKY=0 npx --yes pnpm@10.27.0 run test:ci: local environment blocker; failed in fork/RPC-backed suites with zero-data/storage-slot/RPC reset errors. A focused replay on unchangedorigin/mainreproduced the same class of failures (packages/liquidity-sdk-viem/test/loader.test.tszero-data reads andpackages/test/test/utils.test.tsviem-deal storage-slot lookup), so no dependency-induced test code fix was applied.HUSKY=0 npx --yes pnpm@10.27.0 exec changeset status --since=origin/main: passed; reports patch bump for@morpho-org/wdk-protocol-lending-morpho-evm.git diff --check: passedRequest Context
morpho-org/sdks