chore: add changeset for security vulnerability fixes

ignaciosantise · claude · ignaciosantise · commit 6389490fcd41 · 2026-01-22T10:08:47.000-03:00
Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.changeset/fix-security-vulnerabilities.md b/.changeset/fix-security-vulnerabilities.md
@@ -0,0 +1,24 @@
+---
+'@reown/appkit-react-native': patch
+'@reown/appkit-common-react-native': patch
+'@reown/appkit-bitcoin-react-native': patch
+'@reown/appkit-coinbase-react-native': patch
+'@reown/appkit-core-react-native': patch
+'@reown/appkit-ethers-react-native': patch
+'@reown/appkit-solana-react-native': patch
+'@reown/appkit-ui-react-native': patch
+'@reown/appkit-wagmi-react-native': patch
+---
+
+fix: resolve high-severity security vulnerabilities in transitive dependencies
+
+Patched 9 vulnerable packages via resolutions/overrides:
+- h3 1.15.5 (Request Smuggling)
+- tar 7.5.6 (Race Condition, Arbitrary File Overwrite)
+- node-forge 1.3.2 (ASN.1 vulnerabilities)
+- qs 6.14.1 (arrayLimit DoS)
+- undici 6.23.0 (Decompression DoS)
+- preact 10.28.2 (VNode Injection)
+- js-yaml 4.1.1 (Prototype Pollution)
+- valibot 1.2.0 (CVE-2025-66020 EMOJI_REGEX ReDoS)
+- hono 4.11.4 (JWT Algorithm Confusion)
