Skip to content

chore(deps): update dependency @polkadot/extension-inject to ^0.63.1 - autoclosed#588

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/polkadot-extension-inject-0.x
Closed

chore(deps): update dependency @polkadot/extension-inject to ^0.63.1 - autoclosed#588
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/polkadot-extension-inject-0.x

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@polkadot/extension-inject (source) ^0.58.9^0.63.1 age confidence

Release Notes

polkadot-js/extension (@​polkadot/extension-inject)

v0.63.1

Compare Source

Changes:

  • Allow Ledger generic app accounts to sign on any chain (#​1613)
  • Bump polkadot-js dependencies (#​1614)
  • Support rawMetadata in metadataExpand alongside metaCalls (#​1612)
  • Improve Ledger reliability and signing (WebHID, lifecycle, mismatch guard) (#​1611)
  • Fix: set chainSpecific account type and disable Ethereum switch (#​1608)
  • Set headers to 2026 (#​1609)

Contributed:

v0.62.6

Compare Source

Changes:

  • Update polkadot-js dependecies (#​1603)

v0.62.5

Compare Source

Changes:

v0.62.4

Compare Source

Changes:

  • Update polkadot-api and polkadot-js dependecies (#​1599)

v0.62.3

Compare Source

Changes:

  • Update polkadot-api and polkadot-js dependecies (#​1596)

v0.62.2

Compare Source

Changes:

v0.62.1

Compare Source

Changes:

v0.61.7

Compare Source

Changes:

v0.61.6

Compare Source

Changes:

  • Update polkadot-api and polkadot-js (#​1582)

v0.61.5

Compare Source

Changes:

  • fix: signing extrinsics on ledger device (#​1579)
  • Update polkadot-api and polkadot-js (#​1580)

v0.61.4

Compare Source

Changes:

  • Update polkadot-api and polkadot-js (#​1575)

v0.61.3

Compare Source

Changes:

v0.61.2

Compare Source

Changes:

v0.61.1

Compare Source

Changes:

  • Implement rate limiting for sign requests (#​1562)
  • Prevent phishing validation bypass via credentialed URLs using tldts (#​1560)
  • feat: add password strength validation (#​1561)
  • Fixed missing checkmark for connected accounts (website access) (#​1567)

v0.60.1

Compare Source

Changes:

  • Sanitize dApp origin (#​1554)
  • Enforce distinct authorization for HTTP and HTTPS origins (#​1555)
  • Use Map instead of object for storing authorized URLs (#​1556)
  • Update polkadot-js deps (#​1557)
  • Set yarn to 4.9.2 (#​1558)

v0.59.2

Compare Source

Changes:

  • Upgrade polkadot-api, and polkadot-js deps (#​1552)

v0.59.1

Compare Source

Changes:

  • Upgrade @​polkadot/* deps (#​1550)
    @​polkdot/api -> 16.0.1
    @​polkadot/common -> 13.5.1
    @​polkadot/phishing -> 0.25.11
    

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jun 8, 2026
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch 8 times, most recently from fc3a8e3 to fc02538 Compare June 8, 2026 16:54
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch from fc02538 to 42cd4dc Compare June 8, 2026 18:22
jim-counter added a commit that referenced this pull request Jun 8, 2026
Revert the @polkadot/extension-dapp and @polkadot/extension-inject bumps
flagged by Bugbot. extension-inject@0.63.1 declares @polkadot/api@^16.5.6
as a direct dependency, which would pull in a parallel v16 stack
(@polkadot/api@16.5.6, @polkadot/types@16.5.6, @polkadot/util@14.x)
alongside the v15 stack used by auto-utils. Two complete Polkadot stacks
in the lockfile is exactly the version skew this PR was meant to prevent.

The extension package bumps (Renovate PR #588) require deciding on the
@polkadot/api v15 -> v16 major bump first and should be handled in a
separate PR alongside that decision.

Scope reduces to the three v15 alignment bumps which keep the lockfile
on a single Polkadot stack:

- @polkadot/api          ^15.8.1 -> ^15.10.2
- @polkadot/types        ^15.8.1 -> ^15.10.2
- @polkadot/types-codec  ^15.8.1 -> ^15.10.2

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
jim-counter added a commit that referenced this pull request Jun 8, 2026
The Polkadot monorepo requires matched versions across @polkadot/api,
@polkadot/types, and @polkadot/types-codec to avoid runtime metadata
decoding errors and TypeScript misalignment. Similarly, @polkadot/extension-dapp
depends on @polkadot/extension-inject and must be bumped together.

Bumps the full set in one coordinated change:

- @polkadot/api          ^15.8.1 -> ^15.10.2
- @polkadot/types        ^15.8.1 -> ^15.10.2
- @polkadot/types-codec  ^15.8.1 -> ^15.10.2
- @polkadot/extension-dapp   ^0.58.6 -> ^0.63.1
- @polkadot/extension-inject ^0.58.9 -> ^0.63.1

Supersedes Renovate PRs #588 (extension-inject), #589 (types), #590
(types-codec); plus the rate-limited @polkadot/api and @polkadot/extension-dapp
PRs that haven't yet been raised. Renovate should close the open three
on its next run.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
jim-counter added a commit that referenced this pull request Jun 8, 2026
Revert the @polkadot/extension-dapp and @polkadot/extension-inject bumps
flagged by Bugbot. extension-inject@0.63.1 declares @polkadot/api@^16.5.6
as a direct dependency, which would pull in a parallel v16 stack
(@polkadot/api@16.5.6, @polkadot/types@16.5.6, @polkadot/util@14.x)
alongside the v15 stack used by auto-utils. Two complete Polkadot stacks
in the lockfile is exactly the version skew this PR was meant to prevent.

The extension package bumps (Renovate PR #588) require deciding on the
@polkadot/api v15 -> v16 major bump first and should be handled in a
separate PR alongside that decision.

Scope reduces to the three v15 alignment bumps which keep the lockfile
on a single Polkadot stack:

- @polkadot/api          ^15.8.1 -> ^15.10.2
- @polkadot/types        ^15.8.1 -> ^15.10.2
- @polkadot/types-codec  ^15.8.1 -> ^15.10.2

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch 16 times, most recently from 00d2f44 to 0540ed8 Compare June 12, 2026 09:14
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch 6 times, most recently from 18fd1dd to 0668d29 Compare June 18, 2026 14:40
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch 16 times, most recently from 2dacc1d to 9415115 Compare June 29, 2026 16:44
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch 2 times, most recently from 43f2227 to f19529a Compare July 2, 2026 07:58
@renovate renovate Bot force-pushed the renovate/polkadot-extension-inject-0.x branch from f19529a to 87810d8 Compare July 2, 2026 08:15
@renovate renovate Bot changed the title chore(deps): update dependency @polkadot/extension-inject to ^0.63.1 chore(deps): update dependency @polkadot/extension-inject to ^0.63.1 - autoclosed Jul 2, 2026
@renovate renovate Bot closed this Jul 2, 2026
@renovate renovate Bot deleted the renovate/polkadot-extension-inject-0.x branch July 2, 2026 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants