chore(deps): bump ws and viem in /client

[dependabot]

Bumps ws to 8.20.1 and updates ancestor dependency viem. These dependencies need to be updated together.

Updates ws from 8.18.3 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

8.20.0

Features

• Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).

8.19.0

Features

• Added the closeTimeout option (#2308).

Bug fixes

• Handled a forthcoming breaking change in Node.js core (19984854).

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• 3ee5349 [api] Convert the isServer and maxPayload parameters to options
• 91707b4 [doc] Add missing space
• 8b55319 [pkg] Update eslint to version 10.0.1
• Additional commits viewable in compare view

Updates viem from 2.38.6 to 2.50.4

Release notes

Sourced from viem's releases.

viem@2.50.4

Patch Changes

• #4647 423131df9e00e3df062274e483b98a4921674cea Thanks @​jxom! - Fixed Tempo chain declarations to emit portable inferred types for exported derived chains.

viem@2.50.3

Patch Changes

• #4642 5bafcd444f7ebae9bb06a8efbc801a7ea845154d Thanks @​jxom! - viem/tempo: Updated wallet.deposit to use amount and supported token symbols for wallet_deposit requests.

viem@2.49.3

Patch Changes

• #4621 6d80eaeea315c552a57e9683607ed36f7d219a9e Thanks @​Blessing-Circle! - Added Arc chain.

• #4622 c5dc4d63506f787e92417eff77dd0ef84e3a2c8c Thanks @​struong! - viem/tempo: Preserved feeToken on broadcast envelope when feePayerSignature is present. Previously stripped unconditionally when feePayer === true, breaking fee payer signature verification on-chain.

viem@2.49.2

Patch Changes

• 215469280e57b4ec729bd2537857a4ca363c984b Thanks @​jxom! - viem/tempo: Renamed Actions.wallet.send to Actions.wallet.transfer.

viem@2.49.0

Minor Changes

• #4584 4cd686d4acf2c0f14955509a91a3c7ee6d0257f9 Thanks @​tmm! - Added AbortSignal support to request options and call action.

Patch Changes

• #4608 0e282d69d534e7fc277300260e31c07c4d8cb325 Thanks @​jxom! - viem/tempo: Updated Actions.wallet.send parameters to match the latest wallet RPC schema: renamed value to amount, added an optional memo field (UTF-8, max 32 bytes; rejected for non-TIP-20 tokens), and widened token to also accept curated tokenlist symbols.

  await Actions.wallet.send(client, {
  +  amount: '1.5',
  +  memo: 'thanks',
     to: '0x...',
  -  token: '0x...',
  +  token: 'pathUsd',
  -  value: '1.5',
  })

viem@2.48.11

Patch Changes

• #4585 18ccb586bd40d8410703e426261b0f03e530ade5 Thanks @​gakonst! - viem/tempo: Added wallet_ JSON-RPC Actions for opening send, swap, and deposit flows.

viem@2.48.8

Patch Changes

... (truncated)

Commits

• eb95848 chore: version package (#4648)
• 423131d fix(tempo): export portable chain types (#4647)
• 7cc3bc3 test(tempo): update export snapshot (#4646)
• 2b3b327 fix(tempo): use configured zone rpc (#4645)
• 41d7dcf chore: version package (#4643)
• fce9095 feat(tempo): update wallet.deposit params (#4644)
• 5bafcd4 fix(tempo): update wallet.deposit params (#4642)
• d530b1f chore: version package (#4641)
• dfe1964 feat(tempo): expose Chain namespace (#4640)
• 50ade6c chore: version package (#4639)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
avalanche-sdk-typescript	Error		May 20, 2026 3:27pm