chore(deps): update dependency chai to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
chai (source)	5.2.0 → 6.2.2

---

Release Notes

chaijs/chai (chai)

v6.2.2

Compare Source

What's Changed

• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in #​1745
• chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 by @​renovate[bot] in #​1746
• build(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in #​1747
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​1749
• fix: avoid BigInt literal in closeTo for runtime compat by @​bheemreddy-samsara in #​1748
• chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 by @​renovate[bot] in #​1751
• chore(deps): update dependency prettier to v3.7.3 by @​renovate[bot] in #​1754
• chore(deps): update dependencies by @​renovate[bot] in #​1755
• chore(deps): update dependencies to v9.39.2 by @​renovate[bot] in #​1757
• chore: add --legal-comments=none option by @​hyperz111 in #​1756
• chore(deps): update dependency esbuild to v0.27.2 by @​renovate[bot] in #​1759

New Contributors

• @​bheemreddy-samsara made their first contribution in #​1748
• @​hyperz111 made their first contribution in #​1756

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

Compare Source

What's Changed

• chore: add renovate config by @​43081j in #​1709
• chore: use new renovate schema by @​43081j in #​1713
• chore(deps): update actions/setup-node action to v5 (main) by @​renovate[bot] in #​1711
• chore(deps): update actions/checkout action to v5 (main) by @​renovate[bot] in #​1710
• chore(deps): update dependency eslint to v9 (main) by @​renovate[bot] in #​1715
• chore(deps): update dependency @​rollup/plugin-commonjs to v28 (main) by @​renovate[bot] in #​1714
• chore(deps): update dependency mocha to v11 (main) by @​renovate[bot] in #​1717
• chore(deps): update dependency eslint-plugin-jsdoc to v60 (main) by @​renovate[bot] in #​1716
• chore: disable renovate for 4.x.x by @​43081j in #​1722
• chore(deps): update dependency eslint-plugin-jsdoc to v61 by @​renovate[bot] in #​1727
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in #​1729
• chore(deps): update dependencies by @​renovate[bot] in #​1726
• chore(deps): update dependencies by @​renovate[bot] in #​1730
• chore(deps): update dependency node to v24 by @​renovate[bot] in #​1731
• chore(deps): update dependency @​rollup/plugin-commonjs to v29 by @​renovate[bot] in #​1732
• chore(deps): update dependencies by @​renovate[bot] in #​1734
• build(deps): bump koa from 2.14.2 to 2.16.1 by @​dependabot[bot] in #​1683
• docs: update browser usage by @​43081j in #​1736
• chore(deps): update dependencies by @​renovate[bot] in #​1740
• docs: add comprehensive documentation for containSubset assertion by @​Aashish-Jha-11 in #​1739
• Set esbuild target to es2021 to support Safari < 16.4 by @​larabr in #​1737

New Contributors

• @​renovate[bot] made their first contribution in #​1711
• @​Aashish-Jha-11 made their first contribution in #​1739
• @​larabr made their first contribution in #​1737

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

v6.2.0

Compare Source

What's Changed

• feat(events): add addChainableMethod event by @​perrin4869 in #​1707

Full Changelog: chaijs/chai@v6.1.0...v6.2.0

v6.1.0

Compare Source

What's Changed

• build(deps-dev): bump tar-fs from 3.0.9 to 3.1.1 by @​dependabot[bot] in #​1706
• feat: add eventEmitter (#​1693)
  Adds an event emitter for hooking into method/property creation in #​1693

Full Changelog: chaijs/chai@v6.0.2...v6.1.0

v6.0.1

Compare Source

What's Changed

• fix: keep function/class names in bundle by @​43081j in #​1701

Full Changelog: chaijs/chai@v6.0.0...v6.0.1

v6.0.0

Compare Source

BREAKING CHANGES

Chai is now bundled into a single file. The lib/*.js files are no longer present, and so any code that imports those files directly will need to change. The only file that can be imported now is ./index.js.

What's Changed

• feat: remove unbundled sources by @​43081j in #​1700

Full Changelog: chaijs/chai@v5.3.2...v6.0.0

v5.3.3

Compare Source

What's Changed

• fix: keep names in bundle by @​43081j in #​1702
• chore: support publishing v5 by @​43081j in #​1703
• chore: update npm tag name by @​43081j in #​1704

Full Changelog: chaijs/chai@v5.3.2...v5.3.3

v5.3.2

Compare Source

Reverts the removal of the bundled version of chai in 5.3.1

What's Changed

• Update core contributors by @​keithamus in #​1697
• feat: reintroduce bundle by @​43081j in #​1699

Full Changelog: chaijs/chai@v5.3.1...v5.3.2

v5.3.1

Compare Source

What's Changed

• chore: remove bundled chai by @​43081j in #​1694

Full Changelog: chaijs/chai@v5.3.0...v5.3.1

v5.3.0

Compare Source

What's Changed

• chore: change main to point at chai directly by @​43081j in #​1696

Full Changelog: chaijs/chai@v5.2.2...v5.3.0

v5.2.2

Compare Source

What's Changed

• chore: use files for publishing by @​43081j in #​1695

Full Changelog: chaijs/chai@v5.2.1...v5.2.2

v5.2.1

Compare Source

What's Changed

Mostly internal changes but @​SuperchupuDev realised the package.json engines field was out of date, so it has been updated to reflect that v5.0.0 onwards only supports Node >=18.

• build(deps): bump serialize-javascript and mocha by @​dependabot in #​1673
• build(deps-dev): bump esbuild from 0.19.10 to 0.25.0 by @​dependabot in #​1671
• Enable no-var rule and fix violations by @​koddsson in #​1675
• Convert Assertion function to a class by @​koddsson in #​1677
• More typing by @​koddsson in #​1679
• build(deps-dev): bump tar-fs from 3.0.6 to 3.0.8 by @​dependabot in #​1682
• build(deps-dev): bump tar-fs from 3.0.8 to 3.0.9 by @​dependabot in #​1688
• chore: fix lint errors and add lint to CI by @​43081j in #​1689
• docs: update minimum node version in readme by @​SuperchupuDev in #​1691
• chore: update minimum node version by @​SuperchupuDev in #​1692

New Contributors

• @​SuperchupuDev made their first contribution in #​1691

Full Changelog: chaijs/chai@v5.2.0...v5.2.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
nft-app	Error		Dec 22, 2025 10:37pm

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[changeset-bot]

⚠️ No Changeset found

Latest commit: f3d3a63

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[gitstream-cm]

🚨 gitStream Monthly Automation Limit Reached 🚨

Your organization has exceeded the number of pull requests allowed for automation with gitStream.
Monthly PRs automated: 250/250

To continue automating your PR workflows and unlock additional features, please contact LinearB.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 2.5.4 From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to c8c1603 in 59 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. package.json:56

• Draft comment:
  The chai dependency was updated to 6.0.0, but @types/chai remains at 5.2.1. Ensure the TypeScript type definitions are compatible or update @types/chai accordingly.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% While the comment identifies a real version mismatch, it falls into the category of dependency-related comments that we should avoid. The rules explicitly state "Do NOT comment on dependency changes, library versions that you don't recognize, or anything else related to dependencies." TypeScript will catch any actual type incompatibilities at build time. The version mismatch could potentially cause real TypeScript compilation issues that would be better to catch early. Maybe this is an exception to the dependency rule since it's about type safety. No, the rules are clear about not commenting on dependencies. Additionally, any real type incompatibilities would be caught by the TypeScript compiler during build. Delete this comment as it violates the rule about not commenting on dependency changes, and any real issues would be caught by the build system.

Workflow ID: wflow_8BNcEPQfJDrukC4S

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	chai@​5.2.0 ⏵ 6.2.2	+1

View full report

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 25 minutes (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/itman?upgradeToPro=build-rate-limit