chore(deps): update dependency viem to v2.48.4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
viem (source)	devDependencies	minor	2.43.5 → 2.48.4

---

Release Notes

wevm/viem (viem)

v2.48.4

Compare Source

Patch Changes

• #​4532 cb3206e1039b21e45e4ed17898aa1ff561cdecb4 Thanks @​jxom! - viem/tempo: Added virtual address actions for the TIP-1022 Address Registry precompile: virtualAddress.getMasterAddress, virtualAddress.resolve, virtualAddress.registerMaster, virtualAddress.registerMasterSync. Re-exported VirtualAddress and VirtualMaster from ox/tempo.

v2.48.3

Compare Source

v2.48.2

Compare Source

Patch Changes

• #​4526 28fcb0d487ecc525d687201b4eb47136ace7f7b9 Thanks @​mk0walsk! - Added OP Stack chain config to Zircuit.

• #​4520 3e88a77f8eb92fa1ce4410ad14bdbab8f04cce4b Thanks @​pxrl! - Added Tron block time

• 67d979c678c4835ace58c00e43eaf2291cd5764b Thanks @​jxom! - Fixed prepareTransactionRequest to preserve nonce: 0 instead of dropping it.

• #​4455 c0c09a6adf8cafc75f3ace8b892e57f41538baa7 Thanks @​nikicat! - Fixed LogTopic type to accept readonly arrays.

• 59b69da17293f626650f211f0129b7ccfdaf957d Thanks @​jxom! - Added resolveAccessKey to support alternative access key formats ({ address, type }, { publicKey, type }) in addition to { accessKeyAddress, keyType } for signKeyAuthorization and access key actions.

• #​4428 30ac0cf8517a013d9869cf2a9c2a652c80abaf46 Thanks @​hashcashier! - Replaced manual extraData decoding with l2SequenceNumber() contract call in getGames.

v2.48.1

Compare Source

Patch Changes

• 099684399e5d4807de02e97f4902e3c0e56ee65c Thanks @​jxom! - Fixed feePayerSignature being dropped in Tempo's formatTransactionRequest.

• #​4525 64556ad0973ea7b9926ed46f23ed9f1689b7047f Thanks @​jxom! - Fixed Tempo formatter to forward feePayer: false in transaction requests.

• #​4516 336b748469483a622153c10bf7bf9110a3fb9b72 Thanks @​0xtomm! - Added missing testnet: false for testnet / devnets.

• #​4517 25cc59c6eb235770b1a843b99bef606d2f1d7206 Thanks @​0xtomm! - Fixed native currencies on chains.

• #​4518 eb655cc7e04e08c7008b0a19f69b8b7e4d3c95d3 Thanks @​RekCuy63! - Preserved explicit nonce in fillTransaction.

v2.48.0

Compare Source

Minor Changes

• #​4510 23fbf03f915acd046087d25f859a90c51a44d030 Thanks @​Zygimantass! - Added Tempo zones support

v2.47.19

Compare Source

Patch Changes

• #​4513 dd2452464f114361473423a6ce4da045a5a435a4 Thanks @​decofe! - Updated Tempo RPC URLs.

v2.47.18

Compare Source

Patch Changes

• #​4499 24a1544c8a26fbf93f8029078ca310dba4df5b45 Thanks @​deodad! - Added withRelay to viem/tempo as the primary relay transport, and deprecated withFeePayer in favor of it.

• 2c4239dc07737ffc6631677324828bde6a17b9f7 Thanks @​jxom! - viem/tempo: Added combined abis export to Abis in viem/tempo that concatenates all Tempo precompile ABIs into a single array.

• 2c4239dc07737ffc6631677324828bde6a17b9f7 Thanks @​jxom! - viem/tempo: Added error capability to FillTransactionCapabilities in viem/tempo for structured execution error reporting from the relay.

• #​4492 7b95669c23f86885bdd059f17d41f93c846b8dd6 Thanks @​Dhruv-2003! - Fixed getTimeToNextGame crash when dispute game factory has zero or one games.

• #​4497 0a465ce232e1f1a239d7a45bac946ae9405f3eee Thanks @​deodad! - Updated withFeePayer transports to forward eth_fillTransaction requests to the fee payer transport only when feePayer: true is requested.

v2.47.17

Compare Source

Patch Changes

• 0b4bde619e71eefa206381e1be43b02ff4b1305b Thanks @​jxom! - viem/tempo: Fixed prepareTransactionRequest dropping feeToken from eth_fillTransaction response.

• 0b4bde619e71eefa206381e1be43b02ff4b1305b Thanks @​jxom! - viem/tempo: Fixed Account.signTransaction computing wrong presign hash when feePayerSignature is present by normalizing it to null before hashing.

• 0b4bde619e71eefa206381e1be43b02ff4b1305b Thanks @​jxom! - viem/tempo: Fixed serializeTempo collapsing feePayerSignature: null (presign marker) to undefined, causing the 0x00 fee-payer marker to be omitted from serialization.

v2.47.16

Compare Source

Patch Changes

• d4754544554200a01d226464ec6bded3eb44c88f Thanks @​jxom! - Fixed types.

v2.47.15

Compare Source

Patch Changes

• c1893fa232bd0f4fe747167cf4ea44a9a7cf05be Thanks @​jxom! - Added EIP-5792 capabilities to fillTransaction return type.

v2.47.14

Compare Source

Patch Changes

• d916060143305c4d321d30fd29b061069427d2a3 Thanks @​jxom! - Fixed formatTransactionRequest to include from field from account address.

• d916060143305c4d321d30fd29b061069427d2a3 Thanks @​jxom! - Fixed fillTransaction to skip fee multiplier when feePayerSignature is present.

• d916060143305c4d321d30fd29b061069427d2a3 Thanks @​jxom! - Added meta property to fillTransaction return type.

• d916060143305c4d321d30fd29b061069427d2a3 Thanks @​jxom! - Fixed simulateBlocks and simulateCalls tokenMetadata return type.

v2.47.12

Compare Source

Patch Changes

• ee5e2575faa5489c0f8316b07f342fc1dff1ec96 Thanks @​jxom! - viem/tempo: Added Expiry module for generating unix timestamp expiries (e.g. Expiry.hours(1), Expiry.days(30)).

v2.47.11

Compare Source

Patch Changes

• #​4440 75ae99e2654043d927ac7e20d630fc93932fce9c Thanks @​luanxu-dev! - Fixed shouldRetry to handle RPC code 429 in batch mode, where some providers (e.g. Alchemy) return HTTP 200 with a JSON-RPC body of { code: 429 } instead of an HTTP 429.

• #​4407 fa6edb93203fbd108aba1f4cbbfc47f29bec8253 Thanks @​d1r1! - Added Fluent Mainnet chain.

• #​4474 51ee597f6e01ddcd98feb1e9663d5be97e3db4ea Thanks @​jxom! - viem/tempo: Added scopes and limits.period to access key authorizations for contract call scoping and periodic spending limits (TIP-1011).

v2.47.10

Compare Source

Patch Changes

• #​4443 19dd6e54001a82f20ab13e42eacdbe61814e6e52 Thanks @​TJ-Frederick! - Added Radius Network (chain ID 723487) and Radius Test Network (chain ID 72344) chain definitions.

• #​4456 7b2cca5ab72c56b4c1a18d9765f4f323ca6b162d Thanks @​jxom! - viem/tempo: Extracted keyAuthorization from eth_fillTransaction response in prepareTransactionRequest.

• #​4457 39d42e515f33f54102d56705cf25c51f8d8f4087 Thanks @​jxom! - viem/tempo: Added hardfork-aware getRemainingLimit that uses getRemainingLimitWithPeriod on T3+ chains. Returns { remaining, periodEnd } object.

• #​4448 3b1908405105bf9d2a08dd1943b4b3fad2cee38a Thanks @​jxom! - Fixed transaction type detection for secp256k1 access key accounts.

• #​4450 4555ee6329235335d4278a3f9f33af69091a1c79 Thanks @​jxom! - viem/tempo: Fixed gas estimation for access key transactions with a fee payer.

• #​4432 3aa680df95bda40adc9306749e0fd46b93cc6bde Thanks @​jxom! - viem/tempo: Added access key signature verification support to verifyHash via mode: 'allowAccessKey'.

• #​4442 0ece4d9d08f53c817b0401fdd39ac3abb59c05f2 Thanks @​decofe! - viem/tempo: Added TIP-1004 (EIP-2612) permit functions to the tip20 ABI (permit, nonces, DOMAIN_SEPARATOR, PermitExpired, InvalidSignature).

• #​4419 4f77ac880ed81e104a68a530665b42661e0c1ebf Thanks @​emdin! - Added Igra Network chain.

• #​4422 3c950f70495df4a357b57b6c90ffb828f0a8a884 Thanks @​ryanRfox! - Added Mezo and Mezo Testnet chains.

• #​4426 63ab458812b15fe5d737de08356f8b4e635c6da3 Thanks @​PatrickAlphaC! - Added BattleChain Testnet

• #​4423 16f6ca238cd5e6d86b36dbb92098a180af6d8ef7 Thanks @​pxrl! - Added basic OP definitions to MegaETH, fixed Blockscout defs.

• 621b0856e55e710c61bd0a2d57c125d559bd9ae4 Thanks @​jxom! - Propagated execution reverted errors (code 3) from eth_fillTransaction in prepareTransactionRequest instead of silently falling through.

• #​4409 25634335611498ecaead8435b1403e5f28d30fc1 Thanks @​abs3ntdev! - Added Gensyn Mainnet

• #​4425 ce08d9a4dc9ab986d5d9f6cfe380ae6ec1fec2d9 Thanks @​o-az! - Removed Tempo Andantino network and updated references

• #​4420 c158236bd6e0d5c80881243d85a535723f61dd7e Thanks @​mycodecrafting! - Added Eden chain.

• #​4421 26bf275307bf6e31430fa5283770f5caa4033aee Thanks @​KirienzoEth! - Add the multicall3 configuration to the Katana chain's config

v2.47.6

Compare Source

Patch Changes

• 09d9f3520ce8837cb352e0bf3a7d735b511abd6f Thanks @​jxom! - Updated Ox

• #​4401 928ae87a32a13c72c9adf9390172d7b92bf99ce7 Thanks @​ndavd! - Ensured that dataSuffix is applied to all transactions regardless of data presence.

• #​4405 4ad0de0ebc543a9054bd7d57976eede1d3612440 Thanks @​jxom! - Added mode parameter to verifyMessage and verifyHash.

v2.47.5

Compare Source

Patch Changes

• #​4376 64383c9e53cb42e5c371cc8da5a91cdfa47a3331 Thanks @​nowooj! - Added CONX chain.

• #​4377 94248ab65c00c6254158e4cd985d8f5eec41f870 Thanks @​Aboudjem! - Fixed unbounded LRU cache growth on iOS 18+.

• a168f08272962f495306f72301a9d6c148428564 Thanks @​tmm! - Updated chain definition.

• #​4391 a8c8e6ed4ee40f6259899742a2be20d0772841ce Thanks @​mohamedhesham840! - Fixed incorrect error message for PaymasterStakeTooLowError (code -32505)

• #​4403 e8435e340592986fcd9c21a7626ff40b1af1e850 Thanks @​GuillermoEscobero! - Removed Zircuit Mainnet deprecated RPCs and Zircuit old testnet.

• #​4385 ee1f2950dc5f8bf51ed9682ac0e9c4d9ef96a7bf Thanks @​pxrl! - Defined DisputeGameFactory for Lisk, Mode & Zora

• #​4388 60f701f16217ef099c25184be97dc0e70e686b40 Thanks @​alcuadrado! - Added error preservation in getContractError.

v2.47.4

Compare Source

Patch Changes

• 6c3dc97e9d19718580ea8aa4db04f5e065594a49 Thanks @​jxom! - Updated Ox.

v2.47.2

Compare Source

Patch Changes

• 1b522780cd9c24339a2d01dbc6ee9638ebf7143c Thanks @​jxom! - Updated ox to 0.14.1.

v2.47.1

Compare Source

Patch Changes

• #​4383 66457cbb5de7a3086732f9016af798c9ec5222a5 Thanks @​jxom! - Changed default internal_version on access keys to v2.

v2.47.0

Compare Source

Minor Changes

• 1adb83804d5f6c3f36d5f293de88532330d52dc7 Thanks @​jxom! - Breaking (viem/tempo): chainId is now required when signing access key authorizations with signKeyAuthorization. It is recommended to use client.accessKey.signAuthorization instead for inferred chain ID.

  import { client } from './viem.config'
  import { Account } from 'viem/tempo'
  
  const account = Account.from({ privateKey: '0x...' })
  const accessKey = Account.fromP256(generatePrivateKey(), {
    access: account,
  })
  
  - const keyAuthorization = await account.signKeyAuthorization(accessKey)
  + const keyAuthorization = await client.accessKey.signAuthorization({
  +   account,
  +   accessKey,
  + })

Patch Changes

• #​4374 141a367cd4fec97224477d5cef008c0f66a43926 Thanks @​jxom! - viem/tempo: Exported TempoAddress from ox/tempo.

v2.46.3

Compare Source

Patch Changes

• #​4345 0e5d47967ec4294fe3896d284cad7df9d5a48e87 Thanks @​mrehmankrown! - Added Krown chain.

• #​4359 2e96ebdf3eb7b727bb9e0cf0395922f1c9c4b71d Thanks @​jxom! - viem/tempo: Added accessKey actions (getMetadata, getRemainingLimit, revoke, updateLimit).

• cbcd16bb9480881537df5a4f922f9f4e2cc9c52f Thanks @​jxom! - viem/tempo: Exported from from Account.

• #​4346 45ff3ff2480bc43c9dfd36ae30330f309318ce2f Thanks @​Kropiunig! - Fixed parseEventLogs to normalize RpcLog inputs before decoding.

• #​4352 cbda35cf01f9da2de2464cf18f1ffbcdee4d46e0 Thanks @​ClockRide! - Updated Polygon chain default RPC URL.

• #​4269 1ce50f716b002295b0bcc4dc6c6db65ae041d2bc Thanks @​yigiterdev! - Fixed sendRawTransactionSync to send timeout as integer instead of hex.

• #​4170 4c821db0aa2763a1ab0bb18762be7d6665ac2617 Thanks @​Kemperino! - Added getDelegation utility for EIP7702

• #​4351 c5f3bef7508c640f4b13068758e550ee5a726141 Thanks @​dwi! - Changed Ronin Saigon Testnet chainId after L2 migration.

• #​4357 ea5f5a2b5b0481aa4bf0e129f8c8a8b48c88a806 Thanks @​alexander-sei! - Updated Sei block explorer from Seitrace to Seiscan. Removed seiDevnet chain (network is defunct).

v2.46.2

Compare Source

Patch Changes

• 1a10fb7812cc13bd72495552c4a590aa5ce8cf15 Thanks @​jxom! - viem/tempo: Removed fee payer magic in favor of pure support for 0x78-prefixed fee payer envelopes.

v2.46.1

Compare Source

Patch Changes

• 44cbba75ab219c4e297f6cfd21c04f47548585e2 Thanks @​jxom! - Removed Ekta chain.

v2.46.0

Compare Source

Minor Changes

• #​4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

  TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

  await sendTransaction(client, {
    account,
  - nonceKey: 'random',
  + nonceKey: 'expiring',
    to: '0x...',
  })

v2.45.3

Compare Source

Patch Changes

• #​4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #​4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #​4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

v2.45.2

Compare Source

Patch Changes

• #​4300 cc60e25ca55c022a56ed9e991ec23cb615593da6 Thanks @​LXPDevs! - Added LuxePorts chain.

• #​4306 e3901661ba0442d6ae66c4d702396e8ee247d03f Thanks @​izharan-fireblocks! - Added WalletConnectSessionSettlementError as a non-retryable transport error.

• #​4301 662215f12310c3c2b17424093d3f4922693432f2 Thanks @​xGreen-project! - Added XGR Mainnet chain.

• #​4315 56d0920fd654ab93e89fff77769b0c982b8928d5 Thanks @​jxom! - Fixed sendCallsSync to respect client-level action overrides (e.g. smart account clients).

• #​4294 8c3fa2684820c80e8908cc799fd47815594e4871 Thanks @​Oighty! - Added Citrea Mainnet chain support.

• #​4321 059274e18c19270e7f7e98f0b087e7986d5a6dd7 Thanks @​highonrice! - Updated the native currency of Stable Mainnet.

• #​4319 746f5ae3b220313748bf7e0eb2d86f07848b6628 Thanks @​brotherlymite! - Added etherscan explorer for MegaETH.

• #​4305 428ef7cd7b4d6e9860296df841ce2f4a8d494bc1 Thanks @​LxpSrDev! - Added LuxePorts chain.

v2.45.1

Compare Source

Patch Changes

• #​4273 bf3f117aa4d6a4693af29894b1c27e130623cbc7 Thanks @​nicodlz! - Added Subtensor EVM chain.

• #​4272 a3a4ff9a25c8f31d3caef533d3d100cf22c1ea5e Thanks @​matzapata! - Added Alpen Testnet

• #​4228 26ffdfbef41e08a4d6837051eda615fb659c2c31 Thanks @​sakulstra! - Improved performance in parseEventLogs by memoizing.

• #​4275 ea8398b80c6fa90747e979d959c32e276bdd43e1 Thanks @​GiovaniGuizzo! - Added KiiChain mainnet chain definition

• #​4259 1ae28c2a9acb55b8fc599643549a52ec71a02e72 Thanks @​cruzdanilo! - Fixed error decoding in simulateBlocks when RPC returns revert data in returnData instead of error.data.

• #​4260 1f2a1839c201a2f5b97bddf26d605fb0394cdbd7 Thanks @​akitothemoon! - Added Horizen Testnet.

• 4fe411bd4231ec0a89159723ec68fcfe13c10071 Thanks @​jxom! - Added nonce and faucet.fundSync actions to decorator.

v2.45.0

Compare Source

Minor Changes

• #​4249 0e1d62dae5091e43bd4f12102e270a17a1456ffe Thanks @​dgca! - Added dataSuffix param to createWalletClient. When added, this will automatically add a dataSuffix to transaction actions submitted by this client.

• #​4264 dc4c100fec297efab4f38d92995832d9bb86d3c1 Thanks @​dgca! - Added dataSuffix param to createBundlerClient and related prepareUserOperation/sendUserOperation actions to attach additional calldata to transactions.

Patch Changes

• #​4256 08e1bb654a6f8d7075cc5f634d5b83c4d9a0379f Thanks @​paperCPU! - Added stable mainnet and updated stable testnet definitions

• #​4267 fc9c6e373c94b6a278493c8f499730232de46b2b Thanks @​marthendalnunes! - Exported SignTransactionRequest type

• #​4257 685c3f867f38d24df547643540b0bb53ec52af5a Thanks @​gndelia! - Exported missing OP Stack actions

• #​4247 d2b3c835806d9397146830551466fc6afd346fa1 Thanks @​kiyoakii! - Added MegaETH Mainnet chain and fixed MegaETH Testnet chain ID (6342 → 6343).

• #​4254 93c70b4b4a25cbdd25ee3007b4fc87a79dd14126 Thanks @​awesamarth! - Added RISE Mainnet

v2.44.4

Compare Source

Patch Changes

• #​4245 fcd86e90785b101d5f903ffc15478baa4442fe01 Thanks @​jxom! - Added assertChainId parameter to sendTransaction and sendTransactionSync to optionally skip chain ID assertion.

v2.44.2

Compare Source

Patch Changes

• #​4229 ffdc0f11cf3d87c91288d5d6242687e20ae15b42 Thanks @​frangio! - Fixed hexToNumber silent error when the value exceeds the safe range.

• #​4227 d235b894009c327145267a48c1739cd865ccf55b Thanks @​tomiir! - Added support for ADI_Chain.

• 51b6bf6d452fbabf7516614e2f0ca976edd3f19a Thanks @​jxom! - Added tempo chain mainnet placeholder.

• #​4211 e5050455f226de77587b0069532e886b520e46c2 Thanks @​akitothemoon! - Added zkXPLA network.

• #​4234 4d6349593f21c37fa2e97945521efc011a1bb350 Thanks @​jxom! - Added support for embeddable Basic authentication on http transport.

v2.44.1

Compare Source

Patch Changes

• #​4225 9d0a5a0b345d33c5ae396a81a3df87b66e4ee6b0 Thanks @​jxom! - viem/tempo: Bumped gas for feePayer + keyAuthorization tempo transactions.

v2.44.0

Compare Source

Minor Changes

• #​4201 0268ca88c67c7851ae03d8d41508657f2b62729d Thanks @​jxom! - ### viem/tempo Extension

  Added support for Tempo Moderato testnet.

  • (Breaking): Renamed tempoTestnet → tempoModerato. The old export is deprecated but still available as an alias.
  • (Breaking): Renamed reward.start → reward.distribute: Renamed for distributing rewards (no longer supports streaming).
  • (Breaking): Renamed reward.getTotalPerSecond → reward.getGlobalRewardPerToken: Returns the global reward per token value instead of per-second rate.
  • (Breaking): Renamed reward.watchRewardScheduled → reward.watchRewardDistributed: Watches for reward distributed events.
  • (Breaking): Removed nonce.getNonceKeyCount.
  • (Breaking): Removed nonce.watchActiveKeyCountChanged.
  • (Breaking): Removed amm.watchFeeSwap (FeeSwap event no longer emitted by protocol).
  • (Breaking): OrderPlaced event now includes isFlipOrder and flipTick fields. The FlipOrderPlaced event has been removed and merged into OrderPlaced.
  • (Breaking): Renamed Address.stablecoinExchange → Address.stablecoinDex.
  • (Breaking): Renamed Abis.stablecoinExchange → Abis.stablecoinDex.
  • Added dex.cancelStale action to cancel stale orders from restricted makers.
  • Added salt parameter to token.create.

Patch Changes

• e9967a932db94b62e9bb8fb309865a3104f59788 Thanks @​tmm! - Exported missing types for inference.

• 295bd73bc620f57448d43bcb80acfae3e4562b99 Thanks @​jxom! - Fixed sendTransactionSync timeout propagation.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cubic-dev-ai]

No issues found across 2 files

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @img/sharp-libvips-darwin-x64 under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-darwin-x64@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-darwin-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @img/sharp-libvips-linux-arm under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-linux-arm@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @img/sharp-libvips-linux-arm64 under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-linux-arm64@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @img/sharp-libvips-linux-ppc64 under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-linux-ppc64@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-ppc64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @img/sharp-libvips-linux-riscv64 under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-linux-riscv64@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-riscv64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @img/sharp-libvips-linux-s390x under LGPL-3.0-or-later License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: LGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) From: ? → npm/@img/sharp-libvips-linux-s390x@1.2.4 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-s390x@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report