chore(deps): bump the npm-dependencies group in /apps/backend with 4 updates

[dependabot]

Bumps the npm-dependencies group in /apps/backend with 4 updates: @filoz/synapse-sdk, filecoin-pin, undici and viem.

Updates @filoz/synapse-sdk from 0.36.0 to 0.37.0

Release notes

Sourced from @​filoz/synapse-sdk's releases.

synapse-sdk: v0.37.0

0.37.0 (2026-02-11)

⚠ BREAKING CHANGES

• change params to options object and remove withIpni (#601)
• remove pdp classes and change upload input to File
• transition from ethers to viem (#555)
• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526)
• use activePieceCount for accurate piece tracking (#517)
• change to only export Synapse from the main entrypoint

refactor

• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526) (a4956c7)

Features

• Add API for querying remaining egress (#430) (c40d6b8)
• add devnet support (#527) (773551b)
• change params to options object and remove withIpni (#601) (0d529e2)
• change to only export Synapse from the main entrypoint (4c0cc47), closes #232
• Endorsements Service (#553) (fba3280)
• examples/cli: add get-sp-peer-ids command (#546) (8aafdf1)
• move ethers to peer dependencies (242a2c1)
• remove pdp classes and change upload input to File (32700c2)
• storage: rename "pieces" callbacks, add piece info & dataSetId (#439) (f1bd585)
• transition from ethers to viem (#555) (3741241)
• use activePieceCount for accurate piece tracking (#517) (59fd863)

Bug Fixes

• cache clientDataSetId in StorageContext (#489) (ec1345a)
• change FilBeam URL to stats.filbeam.com (#539) (87ac7a8)
• createStorageContext without getClientDataSetsWithDetails (#438) (76e2439)
• expose getScheduledRemovals on storageContext (#490) (6a3b5cc)
• remove settlement fee (#502) (8c7537e), closes #243
• remove telemetry (#562) (128037e)
• resolveByProviderId doesnt use getClientDataSetsWithDetails (1049c05)
• revert back uploads to uint8array and stream (67a17ee)
• simplify upload input to Blob (908c042)
• treat status code 202 for findPiece as a retry (6b9e03f)
• warm-storage: check metadata withCDN key in addition to cdnRailId for CDN status (#505) (db234e5)

Chores

... (truncated)

Commits

• 2524aeb chore(master): release synapse-sdk 0.37.0 (#481)
• 0902a01 chore(master): release synapse-core 0.2.0 (#482)
• 0d529e2 feat!: change params to options object and remove withIpni (#601)
• 67a17ee fix: revert back uploads to uint8array and stream
• d7b9661 fix: namespace upload types
• 9b3f73f fix: move default nonces to the sign functions
• 908c042 fix: simplify upload input to Blob
• 78cfd25 chore: skip size limit test in StorageService due to browser limitations
• ac0e76e chore: linter
• 8061afb chore: update docs and export missing types
• Additional commits viewable in compare view

Updates filecoin-pin from 0.15.1 to 0.16.0

Release notes

Sourced from filecoin-pin's releases.

v0.16.0

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Changelog

Sourced from filecoin-pin's changelog.

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Commits

• 778928e chore(master): release 0.16.0 (#317)
• f15bba4 ci: Update auto-label workflow to use pull_request_target (#323)
• 97f6f1b chore(deps-dev): bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318)
• 63b34e0 chore(deps): bump @​clack/prompts from 0.11.0 to 1.0.0 (#315)
• 320a461 fix: use namespace import for Sentry SDK v8+ ESM compatibility (#319)
• e03719b feat: add --data-set and --new-data-set flags to add command (#296)
• c52ebbf feat: add provider command with info and ping subcommands (#295)
• See full diff in compare view

Updates undici from 7.16.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

• docs: fix syntax highlighting in WebSocket.md by @​styfle in nodejs/undici#4814
• fix: use OR operator in includesCredentials per WHATWG URL Standard by @​jackhax in nodejs/undici#4816
• feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @​SuperOleg39 in nodejs/undici#4676
• fix: route WebSocket upgrades through onRequestUpgrade by @​mcollina in nodejs/undici#4787
• build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @​dependabot[bot] in nodejs/undici#4821
• fix(deduplicate): do not deduplicate non-safe methods by default by @​mcollina in nodejs/undici#4818
• feat: Support async cache stores in revalidation by @​marcopiraccini in nodejs/undici#4826

New Contributors

• @​jackhax made their first contribution in nodejs/undici#4816
• @​marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

What's Changed

• build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @​dependabot[bot] in nodejs/undici#4796
• test: restore global dispatcher after fetch tests by @​mcollina in nodejs/undici#4790
• Add missing close method to WebSocketStream interface by @​piotr-cz in nodejs/undici#4802
• fix: error stream instead of canceling by @​KhafraDev in nodejs/undici#4804
• Fix clientTtl cleanup race in Agent by @​mcollina in nodejs/undici#4807
• feat(#4230): Implement pingInterval for dispatching PING frames by @​metcoder95 in nodejs/undici#4296
• fix: handle undefined __filename in bundled environments by @​mcollina in nodejs/undici#4812
• fix: set finalizer only for fetch responses by @​tsctx in nodejs/undici#4803

New Contributors

• @​piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

• fix: preserve fetch stack traces by @​mcollina in nodejs/undici#4778
• Fix error handling in MockPool example by @​dave-kennedy in nodejs/undici#4781
• feat: expose statusText in request() ResponseData by @​domenic in nodejs/undici#4784
• test: reduce retry-after invalid date flake by @​mcollina in nodejs/undici#4788
• extractBody fixes by @​KhafraDev in nodejs/undici#4791
• fix: MockAgent delayed response with AbortSignal (#4693) by @​mcollina in nodejs/undici#4772
• fix: onParserTimeout potentially accessing undefined by @​vbfox in nodejs/undici#4758

New Contributors

• @​dave-kennedy made their first contribution in nodejs/undici#4781
• @​vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

... (truncated)

Commits

• 0a23610 Bumped v7.22.0 (#4829)
• f3c5c61 feat: Support async cache stores in revalidation (#4826)
• 9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
• 0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
• 2453caf fix: route websocket upgrades through new handler API (#4787)
• 4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
• a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
• b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
• 393c0da Bumped v7.21.0 (#4813)
• 47f9b96 fix: set finalizer only for fetch responses (#4803)
• Additional commits viewable in compare view

Updates viem from 2.38.3 to 2.46.0

Release notes

Sourced from viem's releases.

viem@2.46.0

Minor Changes

• #4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

  TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

  await sendTransaction(client, {
    account,
  - nonceKey: 'random',
  + nonceKey: 'expiring',
    to: '0x...',
  })

viem@2.45.3

Patch Changes

• #4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

viem@2.45.2

Patch Changes

• #4300 cc60e25ca55c022a56ed9e991ec23cb615593da6 Thanks @​LXPDevs! - Added LuxePorts chain.

• #4306 e3901661ba0442d6ae66c4d702396e8ee247d03f Thanks @​izharan-fireblocks! - Added WalletConnectSessionSettlementError as a non-retryable transport error.

• #4301 662215f12310c3c2b17424093d3f4922693432f2 Thanks @​xGreen-project! - Added XGR Mainnet chain.

• #4315 56d0920fd654ab93e89fff77769b0c982b8928d5 Thanks @​jxom! - Fixed sendCallsSync to respect client-level action overrides (e.g. smart account clients).

• #4294 8c3fa2684820c80e8908cc799fd47815594e4871 Thanks @​Oighty! - Added Citrea Mainnet chain support.

• #4321 059274e18c19270e7f7e98f0b087e7986d5a6dd7 Thanks @​highonrice! - Updated the native currency of Stable Mainnet.

• #4319 746f5ae3b220313748bf7e0eb2d86f07848b6628 Thanks @​brotherlymite! - Added etherscan explorer for MegaETH.

• #4305 428ef7cd7b4d6e9860296df841ce2f4a8d494bc1 Thanks @​LxpSrDev! - Added LuxePorts chain.

viem@2.45.1

Patch Changes

• #4273 bf3f117aa4d6a4693af29894b1c27e130623cbc7 Thanks @​nicodlz! - Added Subtensor EVM chain.

• #4272 a3a4ff9a25c8f31d3caef533d3d100cf22c1ea5e Thanks @​matzapata! - Added Alpen Testnet

... (truncated)

Commits

• 93981f7 chore: version package (#4338)
• 2a28a31 chore: up snap
• 5ce7aeb chore: sponsors
• 1358b1b ci: tmp disable wagmi
• b3690ab chore: audit
• b6b50d4 feat(tempo): expiring nonces (#4304)
• 803d4d9 chore: version package (#4335)
• acbd802 chore: up
• 850c0da chore: up ox
• 71a324d fix: add blockCreated to MegaETH multicall3 contracts (#4333)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions