Fix merge branch 0xsequence/master

[Dargon789]

Summary by Sourcery

Update dependencies, improve security and issue management workflows, and adjust account address rendering.

New Features:

• Add Fortify AST GitHub Actions workflow for automated security scanning.
• Add CircleCI configuration with a basic custom executor and workflow.
• Introduce GitHub issue templates for bug reports, feature requests, and custom issues.

Bug Fixes:

• Resolve duplicate and outdated Express and Hardhat entries in the root package.json dependencies.
• Render account addresses individually instead of as a JSON string in the wagmi project UI.

Enhancements:

• Pin wagmi, viem, @wagmi/cli, and @tanstack/react-query to compatible version ranges in the wagmi project.
• Clarify security vulnerability reporting instructions in SECURITY.md with a concrete contact method and response expectations.

CI:

• Add Fortify AST scan GitHub Actions workflow for SAST scanning on pushes, PRs, and a weekly schedule.
• Introduce a basic CircleCI pipeline configuration using a custom Docker-based executor.

Documentation:

• Update SECURITY.md to specify how to report vulnerabilities and expected response times.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
sequence-js-docs	Error		Dec 13, 2025 3:19pm
sequence-js-web	Error		Dec 13, 2025 3:19pm
sequence.js	Ready	Preview, Comment	Dec 13, 2025 3:19pm

[sourcery-ai]

Reviewer's Guide

This PR resolves merge-related inconsistencies while upgrading wagmi/viem-related dependencies, fixing a React rendering detail, clarifying security reporting instructions, and adding basic CI/issue-management configuration files (Fortify workflow, CircleCI stub, and GitHub issue templates).

File-Level Changes

Change	Details	Files
Align wagmi project dependencies on explicit compatible versions for wagmi, viem, and react-query.	Bump @tanstack/react-query from 5.45.1 to 5.64.2. Replace loose 'latest' ranges for viem and wagmi with explicit compatible version ranges (^2.x and ^0.x.x). Pin @wagmi/cli in devDependencies to ^0.x.x instead of latest.	wagmi-project/package.json
Resolve dependency duplication/merge artifact in root package.json.	Remove duplicate express entry and ensure a single express dependency at ^4.19.2. Set hardhat to ^2.22.7 as the effective version.	package.json
Improve account addresses rendering in the wagmi demo app.	Change JSON.stringify rendering of account.addresses to mapping each address into its own keyed . Add optional chaining on account.addresses to avoid runtime errors when addresses is undefined.	wagmi-project/src/App.tsx
Clarify and concretize the security vulnerability reporting process.	Replace placeholder instructions with a concrete security contact email and SLA-like expectations for initial response and updates.	SECURITY.md
Introduce Fortify AST scanning workflow for application security testing.	Add a GitHub Actions workflow that runs Fortify SAST scans on pushes, PRs to master, scheduled runs, and manual triggers. Configure Java setup and Fortify action with environment variables sourced from repository secrets.	.github/workflows/fortify.yml
Add standard GitHub issue templates for bug reports, feature requests, and custom issues.	Create a structured bug report template capturing reproduction steps and environment details. Create a feature request template including problem, solution, alternatives, and context sections. Add a generic custom issue template scaffold.	.github/ISSUE_TEMPLATE/bug_report.md .github/ISSUE_TEMPLATE/feature_request.md .github/ISSUE_TEMPLATE/custom.md
Introduce initial CircleCI configuration with a custom executor and stub job.	Define a Docker-based executor using cimg/base:stable with Docker Hub auth placeholders. Add a minimal job and workflow wiring using that executor, serving as a starting point for future CI steps.	.circleci/config.yml

Possibly linked issues

• Fix merge branch 0xsequence/master #86: The PR’s Fortify workflow, wagmi app, CI configs, and issue templates directly implement what the issue describes.
• 0xsequence/master #79: PR adds the Fortify AST workflow, CircleCI config, and GitHub issue templates exactly as outlined in the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates a series of updates and new configurations, likely stemming from a merge operation as indicated by the title. It focuses on enhancing development infrastructure by introducing CI/CD setup, standardizing issue reporting with new templates, and updating core project dependencies. Additionally, it includes a domain name change, refines the security vulnerability reporting process, and makes a minor but impactful improvement to how account addresses are rendered in the UI.

Highlights

• CI/CD Configuration: A new CircleCI configuration file has been added, setting up a basic continuous integration pipeline with a custom executor and a job named 'web3-defi-game-project-'.
• Issue Templates: Standard issue templates for bug reports and feature requests, along with a generic custom template, have been introduced to streamline issue management.
• Dependency Updates: Several key dependencies have been updated, including 'hardhat' in the root 'package.json', and '@tanstack/react-query', 'viem', 'wagmi', and '@wagmi/cli' in the 'wagmi-project/package.json'.
• Domain Name Change: The CNAME record has been updated from 'wagmi-project-two.vercel.app' to 'sequence.app', indicating a potential domain or branding change.
• Security Policy Enhancement: The 'SECURITY.md' file has been updated to provide more specific instructions for reporting vulnerabilities, including an email address and expected response times.
• UI Rendering Improvement: The 'wagmi-project/src/App.tsx' file has been modified to improve the display of multiple account addresses by mapping them to individual 'div' elements instead of using JSON stringification.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/fortify.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The updated wagmi-project/package.json uses invalid or overly loose semver ranges (e.g., "viem": "^2.x", "wagmi": "^0.x.x", "@wagmi/cli": "^0.x.x"); please replace these with valid, concrete version ranges (like "2.x" or "^2.10.0") so installs don’t fail or drift unexpectedly.
• In the root package.json diff, eslint-plugin-prettier and ethers are removed from dependencies while only express and hardhat are re-added; double-check that these drops are intentional, as this change will remove them from the installed dependency graph.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The updated `wagmi-project/package.json` uses invalid or overly loose semver ranges (e.g., `"viem": "^2.x"`, `"wagmi": "^0.x.x"`, `"@wagmi/cli": "^0.x.x"`); please replace these with valid, concrete version ranges (like `"2.x"` or `"^2.10.0"`) so installs don’t fail or drift unexpectedly.
- In the root `package.json` diff, `eslint-plugin-prettier` and `ethers` are removed from `dependencies` while only `express` and `hardhat` are re-added; double-check that these drops are intentional, as this change will remove them from the installed dependency graph.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces several valuable updates, including the setup of a basic CircleCI pipeline, the addition of GitHub issue templates for improved project management, and a clearer security vulnerability reporting process. Dependency management has been streamlined by removing duplicate entries in package.json and updating package versions in wagmi-project/package.json. The rendering of account addresses in the wagmi project UI has also been enhanced for better readability. Overall, these changes contribute positively to the project's maintainability, security, and development workflow.

[Dargon789]

#99 fix merge master