chore: bump dependencies; fix typing

[coffeexcoin]

PR-Codex overview

This PR focuses on updating dependencies and making minor adjustments in type definitions across various packages in the project.

Detailed summary

• Updated BaseError, Address, and Chain types in prepareTransaction.ts, linkToAgw.ts, and useGlobalWalletSignerClient.ts.
• Increased versions of several dependencies in package.json files.
• Updated typescript and viem versions across multiple packages.
• Adjusted @privy-io/cross-app-connect version to 0.5.2.
• Enhanced type definitions for address in useGlobalWalletSignerClient.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[changeset-bot]

🦋 Changeset detected

Latest commit: f2d9cef

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages

Name	Type
@abstract-foundation/web3-react-agw	Minor
@abstract-foundation/agw-client	Minor
@abstract-foundation/agw-react	Minor
@abstract-foundation/agw-web	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cursor]

PR Summary

Medium Risk
Mostly dependency bumps, but they target core web3/wallet libraries (viem, wagmi, Privy) and may introduce subtle runtime/type behavior changes for consumers.

Overview
Updates package dependencies across agw-client, agw-react, agw-web, and web3-react-agw, including bumping viem to ^2.37.0, @privy-io/cross-app-connect to ^0.5.2, wagmi to ^2.17.5, thirdweb to ^5.72.0, and @types/node.

Adjusts TypeScript imports/usages to match the upgraded libraries: moves BaseError/Address typing to come from viem (dropping abitype usage) and tightens useGlobalWalletSignerClient typing by explicitly typing the signer address and the useWalletClient generics. Adds a changeset to publish minor version bumps for the affected packages.

^{Written by Cursor Bugbot for commit f2d9cef. This will update automatically on new commits. Configure here.}

[aikido-pr-checks]

CVE-2025-13465 in lodash - medium severity
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.

The issue permits deletion of properties but does not allow overwriting their original behavior.

This issue is patched on 4.17.23

Remediation Aikido suggests bumping this package to version 4.17.23 to resolve this issue
^{View details in Aikido Security}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Files with missing lines	Coverage Δ
packages/agw-client/src/actions/linkToAgw.ts	7.35% <ø> (-0.68%)	⬇️
...kages/agw-client/src/actions/prepareTransaction.ts	86.22% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}