chore: remove bigint-buffer dependency to fix security vulnerability

[soinclined]

Remove bigint-buffer dependency to fix security vulnerability

Summary

Removes the bigint-buffer dependency to address a HIGH severity buffer overflow vulnerability (CVE affecting versions ≤ 1.1.5). This involves:

1. Upgrading @solana/web3.js to 1.98.4+ (which no longer depends on bigint-buffer)
2. Creating a pnpm patch for @solana/[email protected] that replaces bigint-buffer usage with native JavaScript BigInt implementations
3. Using pnpm overrides to completely block bigint-buffer installation

The patch replaces four core conversion functions (toBigIntLE, toBufferLE, toBigIntBE, toBufferBE) with native implementations that provide equivalent functionality without the security vulnerability.

Review & Testing Checklist for Human

⚠️ HIGH RISK CHANGES - Please verify all 4 items below:

• Test Solana transaction signing and blockchain operations - This change affects core BigInt conversion functions used in Solana transactions. Verify that transaction creation, signing, and submission still work correctly.
• Verify the app builds and starts successfully - Run pnpm build and pnpm dev to ensure no runtime errors from the bigint-buffer removal.
• Compare BigInt conversion behavior - The patch replaces library functions with custom implementations. Test edge cases like large numbers, different endianness, and overflow scenarios to ensure identical behavior.
• End-to-end test critical user flows - Test any features that interact with Solana wallets or perform blockchain operations to ensure no regressions.

Test Plan

1. Install dependencies and verify no bigint-buffer in node_modules: grep -r "bigint-buffer" node_modules/ (should return no results)
2. Start the application: pnpm dev
3. Test wallet connection and any Solana operations
4. Monitor browser console for any BigInt-related errors

Notes

• The security vulnerability (buffer overflow in bigint-buffer ≤ 1.1.5) has been completely eliminated
• The pnpm patch will require maintenance if @solana/buffer-layout-utils is updated
• This change affects the my-own-fintech repository and was implemented identically across amazon-shopper and stellar-server-wallets

Link to Devin run: https://app.devin.ai/sessions/65d3e8006fc94200836c2612732193ff
Requested by: Penelope (@soinclined)

[devin-ai-integration]

Original prompt from Penelope

Please go to each of the following repositories and see if you can you remove the dependency to bigint-buffer and replace it with an alternative such as BigInt without breaking anything?

crossmint/stellar-server-wallets

crossmint/my-own-fintech

crossmint/amazon-shopper

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
my-own-fintech	Error			Oct 2, 2025 8:00pm