Skip to content

chore: bump polkadot-api to 2.1.6 (double-notification fix)#207

Merged
pgherveou merged 1 commit into
mainfrom
chore/bump-polkadot-api-2.1.6
Jun 5, 2026
Merged

chore: bump polkadot-api to 2.1.6 (double-notification fix)#207
pgherveou merged 1 commit into
mainfrom
chore/bump-polkadot-api-2.1.6

Conversation

@pgherveou

@pgherveou pgherveou commented Jun 5, 2026

Copy link
Copy Markdown
Collaborator

Bumps the locked resolution of polkadot-api from 2.1.2 → 2.1.6.

Ran:

npm update polkadot-api

Our workspace packages declare the range polkadot-api: ">=2", so this only re-pins the lockfile resolution

Why

2.1.6 ships polkadot-api/polkadot-api#1385. That PR fixes a bug where a getWsProvider connection deliver every notification twice**:

Ran `npm update polkadot-api`, which re-pins the locked resolution from
2.1.2 to 2.1.6 (workspace ranges are `>=2`, so no package.json change).

2.1.6 includes polkadot-api/polkadot-api#1385
(fix(ws-middleware): deliver legacy subscription notifications once),
which fixes legacy/custom RPC subscriptions opened through a
`getWsProvider` connection delivering every notification twice. The root
cause was `hybridMiddleware` multiplexing one socket into modern + legacy
providers that share a single `msg$` stream. This affects our
`statement-store` (`statement_subscribeStatement`) and any other legacy
subscriptions.

The lockfile diff is large because `npm update` also floats
polkadot-api's dependency family (@polkadot-api/*) and transitive deps
(rollup platform binaries, commander) to their newest in-range versions.
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​polkadot-api@​2.1.2 ⏵ 2.1.688 +110094 +198 +1100

View full report

@pgherveou pgherveou merged commit c7d35f3 into main Jun 5, 2026
5 checks passed
@johnthecat johnthecat deleted the chore/bump-polkadot-api-2.1.6 branch June 11, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants