fix(wallet): address dependency vulnerabilities and upgrade to Next.js 16 (#979)

* fix(wallet): address dependency vulnerabilities

- Update direct dependencies to patch transitive vulnerabilities
- Add pnpm overrides for protobufjs, elliptic, prismjs, @babel/runtime
- Remove @solana/spl-token to eliminate bigint-buffer vulnerability
- Remove SPL token transfer functionality (not critical)

Reduces vulnerabilities from 30 to 2 (both without stable patches).

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(wallet): fix breaking changes from dependency updates

- Update MultiversX SDK to v15: replace SignableMessage with Message/MessageComputer,
  replace Transaction.fromPlainObject with newFromPlainObject, use TransactionComputer
- Update Sui SDK to v2: replace SuiClient with SuiJsonRpcClient, add network param
- Update permissionless imports: use permissionless/types instead of internal paths
- Add TypeScript 5.4.5 and moduleResolution: bundler for ESM support
- Fix NextUI Tooltip props for stricter types
- Add explicit event types for onClick handlers
- Define local KeySigner type to replace viem internal import

Co-authored-by: Cursor <cursoragent@cursor.com>

* feat(wallet): upgrade to Next.js 16 and React 19

- Upgrade next 15.5.10 → 16.1.6
- Upgrade react/react-dom 18.2.0 → 19.1.0
- Upgrade framer-motion 6.5.1 → 11.18.x (React 19 compatible)
- Upgrade valtio 1.13.2 → 2.1.x (React 19 compatible)
- Add turbopack config with empty object for webpack compat
- Fix AnimatePresence: replace deprecated exitBeforeEnter with mode="wait"
- Fix JSX.Element type annotations (removed for React 19 compat)
- Use --webpack flag for build (turbopack has fs module issues)

This resolves the moderate Next.js PPR Resume Endpoint vulnerability.
Remaining: 1 low-severity elliptic vulnerability (no patch available).

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(wallet): use webpack for build to fix Vercel deployment

Turbopack (default in Next.js 16) doesn't support the fs fallback
needed by @multiversx/sdk-core. Use --webpack flag explicitly.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(wallet): fix UI styling issues for React 19 compatibility

- Create StyledDivider component with explicit background for visibility
- Replace all Divider usages with StyledDivider throughout the app
- Fix PageHeader flex alignment for Account picker dropdown
- Fix Input border styling on walletconnect page
- Constrain Modal max-width to 420px to match main content area

NextUI v1 components lose some default styles in React 19 due to
CSS-in-JS (Stitches) rendering differences.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: ganchoradkov

advanced/wallets/react-wallet-v2/next-env.d.ts

@@ -1,7 +1,7 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
 /// <reference types="next/navigation-types/compat/navigation" />
-/// <reference path="./.next/types/routes.d.ts" />
+import "./.next/types/routes.d.ts";
 
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.

advanced/wallets/react-wallet-v2/next.config.js

@@ -1,5 +1,11 @@
 module.exports = {
   reactStrictMode: true,
+  turbopack: {
+    resolveAlias: {
+      fs: { browser: './node_modules/next/dist/compiled/edge-runtime/primitives/crypto.js' },
+      path: { browser: 'path-browserify' }
+    }
+  },
   webpack(config) {
     config.resolve.fallback = {
       ...config.resolve.fallback,

advanced/wallets/react-wallet-v2/package.json

@@ -3,53 +3,52 @@
   "private": true,
   "scripts": {
     "dev": "next dev -p 3001",
-    "build": "next build",
+    "build": "next build --webpack",
     "start": "next start -p 3001",
     "lint": "next lint",
     "prettier": "prettier --check '**/*.{js,ts,jsx,tsx}'",
     "prettier:write": "prettier --write '**/*.{js,ts,jsx,tsx}'"
   },
   "dependencies": {
-    "@cosmjs/amino": "0.32.3",
-    "@cosmjs/encoding": "0.32.3",
-    "@cosmjs/proto-signing": "0.32.3",
-    "@emotion/react": "^11.11.1",
-    "@emotion/styled": "^11.11.0",
+    "@cosmjs/amino": "0.32.4",
+    "@cosmjs/encoding": "0.32.4",
+    "@cosmjs/proto-signing": "0.32.4",
+    "@emotion/react": "^11.14.0",
+    "@emotion/styled": "^11.14.1",
     "@ethersproject/providers": "^5.8.0",
     "@json-rpc-tools/utils": "1.7.6",
-    "@kadena/cryptography-utils": "^0.4.0",
-    "@kadena/types": "^0.6.0",
+    "@kadena/cryptography-utils": "^0.4.4",
+    "@kadena/types": "^0.6.2",
     "@material-ui/core": "^4.12.4",
     "@material-ui/icons": "^4.11.3",
-    "@mui/icons-material": "^5.14.9",
-    "@mui/material": "^5.14.10",
-    "@multiversx/sdk-core": "12.18.0",
+    "@mui/icons-material": "^5.18.0",
+    "@mui/material": "^5.18.0",
+    "@multiversx/sdk-core": "15.3.2",
     "@multiversx/sdk-wallet": "4.2.0",
-    "@mysten/sui": "^1.29.1",
-    "@near-wallet-selector/wallet-utils": "^8.0.0",
+    "@mysten/sui": "^2.1.0",
+    "@near-wallet-selector/wallet-utils": "^8.10.2",
     "@nextui-org/react": "1.0.8-beta.5",
-    "@noble/curves": "^1.6.0",
+    "@noble/curves": "^1.9.7",
     "@noble/hashes": "^1.8.0",
     "@noble/secp256k1": "^3.0.0",
-    "@polkadot/keyring": "^10.1.2",
-    "@polkadot/types": "^9.3.3",
-    "@polkadot/util": "^10.1.2",
-    "@polkadot/util-crypto": "^10.1.2",
-    "@reown/appkit-experimental": "1.6.8",
+    "@polkadot/keyring": "^10.4.2",
+    "@polkadot/types": "^9.14.2",
+    "@polkadot/util": "^10.4.2",
+    "@polkadot/util-crypto": "^10.4.2",
+    "@reown/appkit-experimental": "1.8.17",
     "@reown/walletkit": "1.5.0",
     "@rhinestone/module-sdk": "0.1.25",
-    "@solana/spl-token": "^0.4.13",
     "@solana/web3.js": "1.98.2",
-    "@stacks/network": "^7.2.0",
-    "@stacks/transactions": "^7.2.0",
-    "@stacks/wallet-sdk": "^7.0.6",
-    "@taquito/local-forging": "^23.0.1",
-    "@taquito/signer": "^15.1.0",
-    "@taquito/taquito": "^15.1.0",
+    "@stacks/network": "^7.3.1",
+    "@stacks/transactions": "^7.3.1",
+    "@stacks/wallet-sdk": "^7.2.0",
+    "@taquito/local-forging": "^24.0.2",
+    "@taquito/signer": "^24.0.2",
+    "@taquito/taquito": "^24.0.2",
     "@ton/core": "^0.61.0",
     "@ton/crypto": "^3.3.0",
-    "@ton/ton": "^15.3.1",
-    "@types/semver": "^7.5.8",
+    "@ton/ton": "^15.4.0",
+    "@types/semver": "^7.7.1",
     "@walletconnect/core": "2.23.4",
     "@walletconnect/pay": "1.0.2-canary.0",
     "@walletconnect/types": "2.23.4",
@@ -59,48 +58,57 @@
     "@zerodev/sdk": "5.3.1",
     "@zerodev/session-key": "5.4.0",
     "@zerodev/weighted-ecdsa-validator": "5.3.0",
-    "axios": "^1.12.2",
+    "axios": "^1.13.4",
     "bip32": "^4.0.0",
     "bip39": "^3.1.0",
-    "bitcoinjs-lib": "^6.1.5",
+    "bitcoinjs-lib": "^6.1.7",
     "bitcoinjs-message": "^2.2.0",
     "borsh": "^1.0.0",
     "bs58": "6.0.0",
     "cosmos-wallet": "1.2.0",
     "crc-32": "^1.2.2",
     "ecpair": "^2.1.0",
     "ed25519-hd-key": "^1.3.0",
-    "ethers": "5.7.2",
-    "framer-motion": "6.5.1",
-    "graphql": "^16.8.2",
-    "near-api-js": "^0.45.0",
+    "ethers": "5.8.0",
+    "framer-motion": "^11.18.0",
+    "graphql": "^16.12.0",
+    "near-api-js": "^0.45.1",
     "near-seed-phrase": "^0.2.1",
-    "next": "15.5.9",
+    "next": "16.1.6",
     "permissionless": "0.1.43",
-    "react": "18.2.0",
+    "react": "19.1.0",
     "react-code-blocks": "0.1.5",
-    "react-dom": "18.2.0",
-    "react-hot-toast": "^2.4.1",
+    "react-dom": "19.1.0",
+    "react-hot-toast": "^2.6.0",
     "react-qr-reader-es6": "2.2.1-2",
     "solana-wallet": "^1.0.2",
-    "tiny-secp256k1": "^2.2.3",
-    "tronweb": "^6.0.4",
+    "tiny-secp256k1": "^2.2.4",
+    "tronweb": "^6.1.1",
     "tweetnacl": "^1.0.3",
-    "valtio": "1.13.2",
+    "valtio": "^2.1.0",
     "viem": "2.17.8",
     "webauthn-p256": "0.0.2",
-    "zod": "^3.22.4"
+    "zod": "^3.25.76"
   },
   "devDependencies": {
     "@types/node": "17.0.35",
-    "@types/react": "18.2.61",
-    "@types/react-dom": "18.2.19",
-    "eslint": "8.15.0",
-    "eslint-config-next": "14.1.3",
-    "eslint-config-prettier": "8.5.0",
-    "eslint-plugin-package-json": "^0.13.1",
-    "jsonc-eslint-parser": "^2.4.0",
+    "@types/react": "19.1.6",
+    "@types/react-dom": "19.1.6",
+    "eslint": "9.39.2",
+    "eslint-config-next": "16.1.6",
+    "eslint-config-prettier": "10.1.5",
+    "eslint-plugin-package-json": "^0.88.2",
+    "jsonc-eslint-parser": "^2.4.2",
     "prettier": "2.6.2",
-    "typescript": "5.2.2"
+    "typescript": "5.4.5"
+  },
+  "pnpm": {
+    "overrides": {
+      "protobufjs@>=6.10.0 <6.11.4": ">=6.11.4",
+      "protobufjs@>=7.0.0 <7.2.5": ">=7.2.5",
+      "elliptic@<=6.6.0": ">=6.6.1",
+      "prismjs@<1.30.0": ">=1.30.0",
+      "@babel/runtime@<7.26.10": ">=7.26.10"
+    }
   }
 }