Suppress Dynamic SDK self-XSS console warning

[fedemint]

Description

The Dynamic SDK (@dynamic-labs/sdk-react-core), which is used internally by the Crossmint SDK for crypto wallet connections, outputs a self-XSS protection warning to the browser console prefixed with [DynamicSDK] [INFO]: Warning!. This is confusing for Crossmint SDK consumers since they don't interact with Dynamic directly.

This sets suppressEndUserConsoleWarning: true in the DynamicContextProviderWrapper settings to suppress it. The prop is placed before the ...settings spread, so consumers can still override it if needed.

Link to Devin run | Requested by @fedemint

Human review checklist

• Verify that placing suppressEndUserConsoleWarning before ...settings (allowing consumer override) is the desired behavior vs. placing it after (always suppressing)

Test plan

No automated tests needed — this is a single config flag passed to the Dynamic SDK's DynamicContextProvider. Can be verified by opening the browser console in any app using the Crossmint embedded checkout or wallet provider and confirming the [DynamicSDK] [INFO]: Warning! message no longer appears.

Package updates

• @crossmint/client-sdk-react-ui: patch (changeset added)

[changeset-bot]

🦋 Changeset detected

Latest commit: 46086ba

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages

Name	Type
@crossmint/client-sdk-react-ui	Patch
@crossmint/auth-ssr-nextjs-demo	Patch
@crossmint/client-sdk-nextjs-starter	Patch
@crossmint/wallets-quickstart-devkit	Patch
@crossmint/client-sdk-smart-wallet-next-starter	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[devin-ai-integration]

Original prompt from Fede

I'm working on an Onramp demo and I got this message in the console:

[DynamicSDK] [INFO]: Warning!
index.js:185 [DynamicSDK] [INFO]: This is a browser feature intended for developers. You are reading this message because you opened the browser console, a developer tool.1. Never share your tokens or sensitive information with anyone.2. Do not paste any code you do not fully understand.3. If someone instructed you to do this, it is likely a scam.Injecting code into your browser could result in loss of tokens or control of your account that cannot be recovered or protected.

could you help me find where is this in our code and why is there a warning from the sdk?

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[github-actions]

🔥 Smoke Test Results

⚠️ Test results file not found.

[jmderby]

small nit: dynamics docs doesn't mention the prop suppressEndUserConsoleWarning so my concern is it maybe partially works? maybe to safeguard and guarantee this change we should also add logLevel: "MUTE", in addition.

[jmderby]

small nit but approving anyways