chore: Update dependencies

[rogaldh]

Description

Update several dependencies:

• typescript
• eslint
• axios
• jspdf
• sentry
• fast-xml-parser
• storybook
• @solana/eslint-config-solana

Type of change

• Other (please describe): chore update + audit

Screenshots

n/a

Testing

All tests pass

Related Issues

HOO-334
Closes these: #731 #800 #812 #850 #856

Checklist

• My code follows the project's style guidelines
• I have added tests that prove my fix/feature works
• All tests pass locally and in CI
• I have run build:info script to update build information
• CI/CD checks pass

[vercel]

@rogaldh is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
explorer	Ready	Preview, Comment	Mar 21, 2026 0:58am

[greptile-apps]

Greptile Summary

This PR is a routine dependency maintenance update for the Solana Explorer, bumping several packages to newer minor/patch releases and adding new pnpm overrides to patch transitive security vulnerabilities. All changes are contained to package.json and pnpm-lock.yaml.

Key dependency changes:

• typescript: 5.3.3 → 5.5.4 — significant minor-version jump; TS 5.4 adds NoInfer<T> and stricter closure narrowing, 5.5 adds inferred type predicates and regex syntax checking. Author reports all tests pass.
• axios: 1.12.2 → 1.13.5
• jspdf: ^4.1.0 → pinned 4.2.1 — range specifier removed in favour of an exact pin, which improves reproducibility.
• eslint: 8.39.0 → 8.57.1 and eslint-config-next: 14.2.5 → 14.2.35 — the next package in package.json was already at 14.2.35, so this simply aligns the ESLint config package with the installed Next.js version.
• @solana/eslint-config-solana: 1.0.1 → 1.0.2
• fast-xml-parser: 5.3.3 → 5.3.6
• storybook: 10.1.4 → 10.1.10

New security overrides (transitive vulnerability patches):

• fast-xml-parser@>=4.1.3 <4.5.4 → 4.5.4
• minimatch@<3.1.4 → 3.1.4 (ReDoS, CVE-2022-3517)
• minimatch@>=9.0.0 <9.0.7 → 9.0.7
• serialize-javascript@<=7.0.2 → 7.0.3 (prototype pollution / code injection)
• axios@<0.30.0 override updated to axios@<0.30.2 → 0.30.2

No source code changes are included, and the lockfile appears consistent with all declared changes.

Confidence Score: 5/5

• This PR is safe to merge; it is a well-scoped dependency maintenance update with no source-code changes and critical security patches applied via overrides.
• All changes are confined to dependency manifests. The version bumps are minor/patch-level for most packages; the TypeScript jump (5.3→5.5) is the most significant but is validated by the author's test suite. Security overrides address known CVEs in transitive dependencies. The eslint-config-next version now correctly matches the already-installed next@14.2.35. No logic, API, or UI changes are introduced.
• No files require special attention.

Important Files Changed

Filename	Overview
package.json	Bumps several dependencies (typescript 5.3→5.5, axios 1.12→1.13, jspdf ^4.1→4.2.1, eslint 8.39→8.57, fast-xml-parser 5.3.3→5.3.6, storybook 10.1.4→10.1.10) and adds four new security overrides for fast-xml-parser, minimatch, and serialize-javascript vulnerabilities. All changes look correct and well-formed.
pnpm-lock.yaml	Lockfile faithfully reflects all package.json changes: typescript peer specifiers updated from 5.3.3 to 5.5.4 across all relevant packages, new overrides section entries added, and direct dependency resolutions updated. No inconsistencies observed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[package.json and pnpm-lock.yaml updated] --> B[Direct dependency bumps]
    A --> C[New pnpm security overrides]

    B --> D[typescript 5.3.3 to 5.5.4]
    B --> E[axios 1.12.2 to 1.13.5]
    B --> F[jspdf pinned to 4.2.1]
    B --> G[eslint 8.39 to 8.57.1]
    B --> H[eslint-config-next 14.2.5 to 14.2.35]
    B --> I[fast-xml-parser 5.3.3 to 5.3.6]
    B --> J[storybook 10.1.4 to 10.1.10]

    C --> L[fast-xml-parser patched to 4.5.4]
    C --> M[minimatch patched - ReDoS CVE-2022-3517]
    C --> N[serialize-javascript patched to 7.0.3]
    C --> O[axios override updated to 0.30.2]

    style L fill:#f9f,stroke:#333
    style M fill:#f9f,stroke:#333
    style N fill:#f9f,stroke:#333
    style O fill:#f9f,stroke:#333

Loading

_{Last reviewed commit: "audit: make pkg audi..."}