chore(deps): bump the npm-production group across 1 directory with 7 updates

[dependabot]

Bumps the npm-production group with 7 updates in the / directory:

Package	From	To
@stripe/stripe-js	9.7.0	9.8.0
ox	0.14.24	0.14.29
viem	2.51.3	2.52.2
@tanstack/react-query	5.100.14	5.101.0
react	19.2.6	19.2.7
react-dom	19.2.6	19.2.7
accounts	0.14.6	0.14.8

Updates @stripe/stripe-js from 9.7.0 to 9.8.0

Release notes

Sourced from @​stripe/stripe-js's releases.

v9.8.0

Changed

• Add CurrencySelector element definitions for getElement and create (#930)
• Add new appearance API variable types (#931)
• add unit label to checkout.d.ts (#929)

Commits

• e5654a3 v9.8.0
• 6753d06 Add CurrencySelector element definitions for getElement and create (#930)
• bd1be88 Add new appearance API variable types (#931)
• 730dbdb add unit label to checkout.d.ts (#929)
• See full diff in compare view

Updates ox from 0.14.24 to 0.14.29

Release notes

Sourced from ox's releases.

ox@0.14.29

Patch Changes

• #268 ed93945 Thanks @​jxom! - viem/tempo: Added genesisConfig shorthand to TIP-1061 multisig helpers and renamed configId → genesisConfigId on the typed SignatureEnvelope.Multisig.

ox@0.14.28

Patch Changes

• #265 f5328d2 Thanks @​jxom! - viem/tempo: Added support for TIP-1061 native multisig accounts.

ox@0.14.27

Patch Changes

• #263 451a442 Thanks @​jxom! - ox/tempo: Added the ReceivePolicyReceipt module for encoding/decoding TIP-1028 receive-policy claim receipts (ClaimReceiptV1 witnesses) with decode, encode, from, fromLog, and fromTransactionReceipt (returns one receipt per TransferBlocked log).

ox@0.14.26

Patch Changes

• #262 b1ac8c8 Thanks @​jxom! - ox/tempo: Added support for TIP-1049 (admin access keys) via optional isAdmin and account fields on KeyAuthorization that bind into the signing hash.

• #260 581ccee Thanks @​jxom! - ox/tempo: Added support for TIP-1053 (witnesses in key authorizations) via an optional 32-byte witness field on KeyAuthorization that is included in the signing hash.

ox@0.14.25

Patch Changes

• #256 ad7610b Thanks @​jxom! - Renamed ChannelDescriptor.from to Channel.from, made Channel.Channel the descriptor type, and changed Channel.computeId to receive channel and options separately.

Commits

• 58ca601 chore: version packages (#269)
• ed93945 feat(tempo): add genesisConfig shorthand to multisig helpers (#268)
• ad3330f chore: version packages (#267)
• 4b3fe3e chore: version packages (#266)
• ef64a52 ci(tempo): use edge image (tracks main) instead of latest
• b8a0714 test(tempo): skip TIP-1049 admin e2e until tempo release ships PR #4265
• f5328d2 feat(tempo): native multisig (#265)
• ae54345 ci: bump vitest hookTimeout to 60s for tempo localnet cold start
• 7bb96ea chore: version packages (#264)
• 451a442 feat(tempo): add ReceivePolicyReceipt module for TIP-1028 claim receipts (#263)
• Additional commits viewable in compare view

Updates viem from 2.51.3 to 2.52.2

Release notes

Sourced from viem's releases.

viem@2.52.2

Patch Changes

• #4718 1969c01715736de8a16b841cfed81640f0d708c2 Thanks @​jxom! - Tempo: Set the t5 hardfork on the Tempo Testnet (Moderato) chain.

viem@2.52.0

Minor Changes

• #4689 fb032ee43ace76bbe72170c1b3ed48880033b763 Thanks @​jxom! - viem/tempo: Added admin access key actions, and an accessKey.verifyHash action.

• #4688 19a26084eb448632883602b401516e17cc9f7e0d Thanks @​jxom! - viem/tempo: Added access-key witness actions.

• #4683 42d54ef89a85aa9ef8658a89b67271331b5a31d4 Thanks @​jxom! - viem/tempo: Updated precompile ABIs and added the receivePolicyGuard and signatureVerifier precompile addresses to Addresses, plus the t4/t5/t6 hardforks to Hardfork.

• #4687 0e826149964a6e76d8079b368ca6f034bde7f482 Thanks @​jxom! - viem/tempo: Added receivePolicy actions.

Commits

• 1b6a888 chore: version package (#4719)
• 78a9a60 chore: version package (#4707)
• 5fe74ca docs(tempo): use calls in multisig transaction examples (#4716)
• 1969c01 feat(chains): set t5 hardfork on Tempo Testnet (Moderato) (#4718)
• 394f1c5 chore: bump chains size-limit budgets (#4717)
• 51c51ba Update multisig account support in viem/tempo
• a74b05d chore: bump vitest to fix audit vulnerability (#4715)
• f5ae20d feat(tempo): infer multisig config from account in prepareTransactionRequest ...
• 25c2d6a feat(tempo): add native multisig account support (#4710)
• cee9b68 chore: bump vocs to 2.0.11 (#4708)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.100.14 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

• Updated dependencies [3042860, e631dc3]:
  • @​tanstack/query-devtools@​5.101.0
  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

• #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

• Updated dependencies []:

  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.101.0
  • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.0

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.0

Commits

• f3d8d2a ci: Version Packages (#10774)
• 532bb29 fix(tests): disable local coverage instrumentation (#10776)
• See full diff in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates accounts from 0.14.6 to 0.14.8

Release notes

Sourced from accounts's releases.

accounts@0.14.8

Patch Changes

• d0d3cea: Added OIDC identity-token support for verified email extraction.

accounts@0.14.7

Patch Changes

• 8a9564b: Persist CLI access keys in filesystem-backed provider storage.

• edab403: Allow Provider.create({ authorizeAccessKey }) to return undefined to skip access-key authorization for the current wallet_connect.

• df1615e: Persist access keys through provider storage.

• 1478791: Add provider-owned RPC action handling for adapters that expose a viem account with getAccount.

  Adapters can now implement getAccount and optional generateAccessKey instead of duplicating transaction, signing, and access-key RPC actions.

• ad48834: Allowed the React Native adapter to connect without requesting an access key.

• 648df76: Make accounts/react-native adapter-only and move React Native storage adapters behind explicit subpaths.

• 694e022: Added a React Privy adapter at accounts/react/privy, backed Privy Ethereum signing with secp256k1_sign, and stopped exporting the lower-level Core JS Privy adapter from the root package entrypoint.

• b1a3a69: Added ability to batch key authorization + server auth into one digest.

• 18052eb: Added opt-in identity.email request capability to wallet_connect.

Changelog

Sourced from accounts's changelog.

0.14.8

Patch Changes

• d0d3cea: Added OIDC identity-token support for verified email extraction.

0.14.7

Patch Changes

• 8a9564b: Persist CLI access keys in filesystem-backed provider storage.

• edab403: Allow Provider.create({ authorizeAccessKey }) to return undefined to skip access-key authorization for the current wallet_connect.

• df1615e: Persist access keys through provider storage.

• 1478791: Add provider-owned RPC action handling for adapters that expose a viem account with getAccount.

  Adapters can now implement getAccount and optional generateAccessKey instead of duplicating transaction, signing, and access-key RPC actions.

• ad48834: Allowed the React Native adapter to connect without requesting an access key.

• 648df76: Make accounts/react-native adapter-only and move React Native storage adapters behind explicit subpaths.

• 694e022: Added a React Privy adapter at accounts/react/privy, backed Privy Ethereum signing with secp256k1_sign, and stopped exporting the lower-level Core JS Privy adapter from the root package entrypoint.

• b1a3a69: Added ability to batch key authorization + server auth into one digest.

• 18052eb: Added opt-in identity.email request capability to wallet_connect.

Commits

• ddcb2cf chore: version packages (#625)
• d0d3cea feat: OIDC identity tokens (#622)
• d815544 feat: add wallet_authorizeAccessKey deposit amount controls (#585)
• ea121e9 chore: version packages (#601)
• 18052eb feat: add identity.email capability (#621)
• 7bf77df fix(playground): dedupe Privy React provider imports (#620)
• 998689a fix(playground): keep Privy React in one chunk (#618)
• 694e022 feat: add Privy React adapter (#595)
• 36ed74f feat: automatic access key authorizations (#614)
• 648df76 fix: narrow react-native exports (#615)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​react@​19.2.17
	accounts@​0.14.6 ⏵ 0.14.8	+3		+1	+1
	@​typescript/​native-preview@​7.0.0-dev.20260616.1
	react@​19.2.7
	@​tanstack/​react-query@​5.101.0
	react-dom@​19.2.7
	ox@​0.14.29
	viem@​2.52.2
	@​stripe/​stripe-js@​9.7.0 ⏵ 9.8.0	+1			+2

View full report

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/mppx@560

commit: 017a848