Bump the npm_and_yarn group across 1 directory with 15 updates #9

dependabot · 2025-05-15T16:11:15Z

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
ws	`7.5.9`	`7.5.10`
@ethersproject/providers	`5.7.2`	`5.8.0`
ethers	`5.7.2`	`5.8.0`
base-x	`3.0.9`	`3.0.11`
braces	`3.0.2`	`3.0.3`
elliptic	`6.5.4`	`6.6.1`
eth-gas-reporter	`0.2.25`	`0.2.27`
flat	`4.1.1`	`5.0.2`
solidity-coverage	`0.8.2`	`0.8.16`
nanoid	`3.3.3`	`removed`
mocha	`10.2.0`	`10.8.2`
secp256k1	`4.0.3`	`4.0.4`
undici	`5.14.0`	`5.29.0`

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
See full diff in compare view

Updates @ethersproject/providers from 5.7.2 to 5.8.0

Release notes

Sourced from @ethersproject/providers's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]

A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Embedding UMD with SRI:
<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

Changelog

Sourced from @ethersproject/providers's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Commits

f345816 Bump ws package version to address DoS security concern (#4791).
fa5f647 admin: updated dist files
f7c813d Added modern networks, updated third-party backend URLs and added QuickNode (...
See full diff in compare view

Updates ethers from 5.7.2 to 5.8.0

Release notes

Sourced from ethers's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]

A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Embedding UMD with SRI:
<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

Changelog

Sourced from ethers's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Commits

5ff3dc9 admin: updated dist files with update-versions
808153e admin: updated sort issue in package.json
f8deaae Updated to latest elliptic library to fix audit warnings.
c6a1b15 Updated browser tests; but karma is still defunct
c7c07f5 admin: update dist files
01dccc7 tests: swapped goerli for sepolia; contracts re-deployed
0065547 Added ENS to Sepolia.
d7e8ad1 admin: updated dist files
f345816 Bump ws package version to address DoS security concern (#4791).
9f42637 tests: updates test details
Additional commits viewable in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
Additional commits viewable in compare view

Updates eth-gas-reporter from 0.2.25 to 0.2.27

Release notes

Sourced from eth-gas-reporter's releases.

v0.2.27

What's Changed

Remove @ethersproject/abi, use ethers.utils by @cgewecke in cgewecke/eth-gas-reporter#301

Full Changelog: cgewecke/eth-gas-reporter@v0.2.26...v0.2.27

v0.2.26

What's Changed

Update Mocha to v10 by @frangio in cgewecke/eth-gas-reporter#295

Bump ethers version by @ChristopherDedominici in cgewecke/eth-gas-reporter#296

Remove unused request package by @ChristopherDedominici in cgewecke/eth-gas-reporter#297

Replace request-promise-native with axios by @cgewecke in cgewecke/eth-gas-reporter#299

New Contributors

@ChristopherDedominici made their first contribution in cgewecke/eth-gas-reporter#296

Full Changelog: cgewecke/eth-gas-reporter@v0.2.2...v0.2.26

Changelog

Sourced from eth-gas-reporter's changelog.

0.2.27 / 2023-09-30

Remove @ethersproject/abi, use ethers.utils instead (cgewecke/eth-gas-reporter#301)

0.2.26 / 2023-09-29

Replace request-promise-native with axios / avoid default price API calls (cgewecke/eth-gas-reporter#299)

Remove request package (cgewecke/eth-gas-reporter#297)

Bump ethers version (cgewecke/eth-gas-reporter#296)

Update Mocha to v10 (cgewecke/eth-gas-reporter#295)

0.2.23 / 2021-11-26

Add notes to README about missing price data & remote data fetching race condition

Add support for multiple gas price tokens (BNB, MATIC, AVAX, HR, MOVR) (cgewecke/eth-gas-reporter#251)

Make @codechecks/client peer dep optional (cgewecke/eth-gas-reporter#257)

Update @solidity-parser/parser to 0.14.0 (cgewecke/eth-gas-reporter#261)

0.2.22 / 2021-03-04

Update @solidity-parser/parser to ^0.12.0 (support Panic keyword in catch blocks) (cgewecke/eth-gas-reporter#243)

0.2.21 / 2021-02-16

Fix missing truffle migration deployments data (cgewecke/eth-gas-reporter#240)

Upgrade solidity-parser/parser to 0.11.1 (cgewecke/eth-gas-reporter#239)

0.2.20 / 2020-12-01

Add support for remote contracts data pre-loading (hardhat-gas-reporter feature)

0.2.19 / 2020-10-29

Delegate contract loading/parsing to artifactor & make optional (#227)

0.2.18 / 2020-10-13

Support multiple codechecks reports per CI run

Add CI error threshold options: maxMethodDiff, maxDeploymentDiff

Add async collection methods for BuidlerEVM

Update solidity-parser/parser to 0.8.0 (contribution: @vicnaum)

Update dev deps / use Node 12 in CI

0.2.17 / 2020-04-13

Use @solidity-parser/parser for better solc 0.6.x parsing

Upgrade Mocha to ^7.1.1 (to remove minimist vuln warning)

Stop crashing when parser or ABI Encoder fails

Update @ethersproject/abi to ^5.0.0-beta.146 (and unpin)

... (truncated)

Commits

See full diff in compare view

Updates flat from 4.1.1 to 5.0.2

Commits

e5ffd66 Release 5.0.2
fdb79d5 Update dependencies, refresh lockfile, format with standard.
e52185d Test against node 14 in CI.
0189cb1 Avoid arrow function syntax.
f25d3a1 Release 5.0.1
54cc7ad use standard formatting
779816e drop dependencies
2eea6d3 Bump lodash from 4.17.15 to 4.17.19
a61a554 Bump acorn from 7.1.0 to 7.4.0
20ef0ef Fix prototype pollution on unflatten
Additional commits viewable in compare view

Updates solidity-coverage from 0.8.2 to 0.8.16

Release notes

Sourced from solidity-coverage's releases.

0.8.16

Support for custom storage layout syntax

This version updates the plugin's parser dependency to support the layout and at keywords introduced in Solidity v0.8.29

What's Changed

Update solidity-parser/parser to 0.20.1 by @cgewecke in sc-forks/solidity-coverage#905

Full Changelog: sc-forks/solidity-coverage@v0.8.15...v0.8.16

0.8.15

Speed up test runs when using viaIR

This release adds an irMinimum option which should improve execution speeds if you're generating coverage with solc's viaIR mode enabled. The plugin has handled viaIR for about a year but it runs more slowly in that setting because it has to search for execution traces across a wider range of opcodes. The performance hit is especially notable in solidity code that iterates hundreds of times in loops.

NOTE: Not all code will compile withirMinimum (you may get stack-too-deep errors unfortunately). But if yours does, this option should make things faster for you.

Usage
// .solcover.js
module.exports = {
  irMinimum: true,
}
What's Changed

docs: fixed dead link by @iamslown in sc-forks/solidity-coverage#904

Add irMinimum option by @cgewecke in sc-forks/solidity-coverage#907

New Contributors

@iamslown made their first contribution in sc-forks/solidity-coverage#904

Full Changelog: sc-forks/solidity-coverage@v0.8.14...v0.8.15

0.8.14

What's Changed

Update solidity-parser/parser dep to 0.19.0 for transient storage support by @cgewecke in sc-forks/solidity-coverage#898

fix: typos in documentation files by @leopardracer in sc-forks/solidity-coverage#896

New Contributors

@leopardracer made their first contribution in sc-forks/solidity-coverage#896

Full Changelog: sc-forks/solidity-coverage@v0.8.13...v0.8.14

v0.8.13

🐛 Bug Fixes

This release fixes a bug that caused the plugin to error when used with hardhat-viem in combination with a forked network.

What's Changed

... (truncated)

Changelog

Sourced from solidity-coverage's changelog.

Changelog

0.8.11 / 2024-03-07

Check all SWAP opcodes for inst. hashes when viaIR is true (sc-forks/solidity-coverage#873)

0.8.10 / 2024-02-29

Check all PUSH opcodes for instr. hashes when viaIR is true (sc-forks/solidity-coverage#871)

0.8.9 / 2024-02-27

Fix duplicate hash logic (sc-forks/solidity-coverage#868)

Improve organization of edge case code in collector (sc-forks/solidity-coverage#869)

0.8.8 / 2024-02-21

Coerce sources path to absolute path if necessary (sc-forks/solidity-coverage#866)

Only inject file-level instr. for first pragma in file (sc-forks/solidity-coverage#865)

0.8.7 / 2024-02-09

Documentation Cleanup & Improvements for 0.8.7 release (sc-forks/solidity-coverage#859)

Add tests for file-level function declarations (sc-forks/solidity-coverage#858)

Add try / catch unit tests (sc-forks/solidity-coverage#857)

Fix test project configs for viaIR detection in overrides (sc-forks/solidity-coverage#856)

Enable coverage when viaIR compiler flag is true (sc-forks/solidity-coverage#854)

Add missing onPreCompile hook (sc-forks/solidity-coverage#851)

Remove ganache-cli related code from API & tests (sc-forks/solidity-coverage#849)

Add command option to specify the source files to run the coverage on (sc-forks/solidity-coverage#838)

0.8.6 / 2024-01-28

Add test for multi-contract files with inheritance (sc-forks/solidity-coverage#836)

Add test for modifiers with post-conditions (sc-forks/solidity-coverage#835)

Document Istanbul check-coverage cli command (sc-forks/solidity-coverage#834)

Throw error when mocha parallel is set to true (sc-forks/solidity-coverage#833)

Fix instrumentation error for virtual modifiers (sc-forks/solidity-coverage#832)

Add test for file level using for statements

... (truncated)

Commits

c06fe7c Update solidity-parser/parser to 0.20.1 (#905)
5d5df74 Fix default irMinimum val in README.md
9feb914 0.8.15
993d7b8 Add irMinimum option (#907)
e2126e7 Fix link to fault localization academic paper in advanced.md (#904)
44f6607 Add OPRetro to FUNDING.json
0a9ac96 0.8.14
7c64eb6 Add transient storage support (#898)
de0452a Update matrix.md (#896)
97dadf8 0.8.13
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Removes nanoid

Updates mocha from 10.2.0 to 10.8.2

Release notes

Sourced from mocha's releases.

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)

test link in html reporter (#5224) (f054acc)

📚 Documentation

indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

deps: bump the github-actions group with 1 update (#5132) (e536ab2)

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

handle case of invalid package.json with no explicit config (#5198) (f72bc17)

Typos on mochajs.org (#5237) (d8ca270)

use accurate test links in HTML reporter (#5228) (68803b6)

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

highlight browser failures (#5222) (8ff4845)

🩹 Fixes

remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

10.8.2 (2024-10-30)

🩹 Fixes

support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)

test link in html reporter (#5224) (f054acc)

📚 Documentation

indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

🩹 Fixes

handle case of invalid package.json with no explicit config (#5198) (f72bc17)

Typos on mochajs.org (#5237) (d8ca270)

use accurate test links in HTML reporter (#5228) (68803b6)

10.8.0 (2024-10-29)

🌟 Features

highlight browser failures (#5222) (8ff4845)

🩹 Fixes

remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)

adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)

update README, LICENSE and fix outdated (#5197) (1203e0e)

🧹 Chores

fix npm scripts on windows (#5219) (1173da0)

remove trailing whitespace in SECURITY.md (7563e59)

10.7.3 (2024-08-09)

... (truncated)

Commits

05097db chore(main): release 10.8.2 (#5239)
14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
881e3b0 chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...
f054acc fix: test link in html reporter (#5224)
e536ab2 build(deps): bump the github-actions group with 1 update (#5132)
ba0fefe fix: support errors with circular dependencies in object values with --parall...
f44f71b chore(main): release 10.8.1 (#5238)
f72bc17 fix: handle case of invalid package.json with no explicit config (#5198)
68803b6 fix: use accurate test links in HTML reporter (#5228)
d8ca270 fix: Typos on mochajs.org (#5237)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates secp256k1 from 4.0.3 to 4.0.4

Commits

756fce1 4.0.4
8bd6446 elliptic: fix key verification in loadCompressedPublicKey
840834e Update elliptic to 6.5.7 (CVE-2024-42461) (#206)
See full diff in compare view

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in yahoo/serialize-javascript#149

Bump chai from 4.3.6 to 4.3.7 by @dependabot in yahoo/serialize-javascript#150

ci: test.yml - actions bump by @piwysocki in yahoo/serialize-javascript#151

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in yahoo/serialize-javascript#152

Bump mocha from 10.1.0 to 10.2.0 by @dependabot in yahoo/serialize-javascript#153

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in yahoo/serialize-javascript#155

Fix serialization issue for 0n. by @momocow in yahoo/serialize-javascript#156

Release v6.0.1 by @okuryu in yahoo/serialize-javascript#157

New Contributors

@piwysocki made their first contribution in yahoo/serialize-javascript#151

@momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

b71ec23 6.0.2
f27d65d fix: serialize URL string contents to prevent XSS (#173)
02499c0 Bump @babel/traverse from 7.10.1 to 7.23.7 (#171)
0d88527 docs: update readme with URL support (#146)
e2a3a91 chore: update node version and lock file
5a1fa64 fix typo (#164)
7139f92 Release v6.0.1 (#157)
7e23ae8 Fix serialization issue for 0n. (#156)
343abd9 Bump json5 from 2.1.3 to 2.2.3 (#155)
38d0e70 Bump mocha from 10.1.0 to 10.2.0 (#153)
Additional commits viewable in compare view

Updates undici from 5.14.0 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Fix tests in v5.x for Node 20 by @mcollina in nodejs/undici#4104

Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

... (truncated)

Commits

9528f68 Bumped v5.29.0
f1d75a4 increase timeout for redirect test
2d31ed6 remove fuzzing tests
6b36d49 fix redirect test in Node v16

Bumps the npm_and_yarn group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` | | [@ethersproject/providers](https://github.com/ethers-io/ethers.js/tree/HEAD/packages/providers) | `5.7.2` | `5.8.0` | | [ethers](https://github.com/ethers-io/ethers.js) | `5.7.2` | `5.8.0` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` | | [eth-gas-reporter](https://github.com/cgewecke/eth-gas-reporter) | `0.2.25` | `0.2.27` | | [flat](https://github.com/hughsk/flat) | `4.1.1` | `5.0.2` | | [solidity-coverage](https://github.com/sc-forks/solidity-coverage) | `0.8.2` | `0.8.16` | | [nanoid](https://github.com/ai/nanoid) | `3.3.3` | `removed` | | [mocha](https://github.com/mochajs/mocha) | `10.2.0` | `10.8.2` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` | | [undici](https://github.com/nodejs/undici) | `5.14.0` | `5.29.0` | Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `@ethersproject/providers` from 5.7.2 to 5.8.0 - [Release notes](https://github.com/ethers-io/ethers.js/releases) - [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md) - [Commits](https://github.com/ethers-io/ethers.js/commits/v5.8.0/packages/providers) Updates `ethers` from 5.7.2 to 5.8.0 - [Release notes](https://github.com/ethers-io/ethers.js/releases) - [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md) - [Commits](ethers-io/ethers.js@v5.7.2...v5.8.0) Updates `base-x` from 3.0.9 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.9...v3.0.11) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `eth-gas-reporter` from 0.2.25 to 0.2.27 - [Release notes](https://github.com/cgewecke/eth-gas-reporter/releases) - [Changelog](https://github.com/cgewecke/eth-gas-reporter/blob/master/CHANGELOG.md) - [Commits](https://github.com/cgewecke/eth-gas-reporter/commits/v0.2.27) Updates `flat` from 4.1.1 to 5.0.2 - [Release notes](https://github.com/hughsk/flat/releases) - [Commits](hughsk/flat@4.1.1...5.0.2) Updates `solidity-coverage` from 0.8.2 to 0.8.16 - [Release notes](https://github.com/sc-forks/solidity-coverage/releases) - [Changelog](https://github.com/sc-forks/solidity-coverage/blob/master/CHANGELOG.md) - [Commits](sc-forks/solidity-coverage@v0.8.2...v0.8.16) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Removes `nanoid` Updates `mocha` from 10.2.0 to 10.8.2 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.2.0...v10.8.2) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `undici` from 5.14.0 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.14.0...v5.29.0) --- updated-dependencies: - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@ethersproject/providers" dependency-version: 5.8.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ethers dependency-version: 5.8.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eth-gas-reporter dependency-version: 0.2.27 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flat dependency-version: 5.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: solidity-coverage dependency-version: 0.8.16 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mocha dependency-version: 10.8.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2025

This was referenced May 15, 2025

Bump nanoid and mocha #3

Closed

Bump undici from 5.14.0 to 5.29.0 #4

Closed

Bump base-x from 3.0.9 to 3.0.11 #5

Closed

Bump secp256k1 from 4.0.3 to 4.0.4 #6

Closed

Bump serialize-javascript and mocha #7

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 15 updates #9

Bump the npm_and_yarn group across 1 directory with 15 updates #9

Uh oh!

dependabot bot commented on behalf of github May 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 1 directory with 15 updates #9

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 15 updates #9

Uh oh!

Conversation

dependabot bot commented on behalf of github May 15, 2025

7.5.10

Bug fixes

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

Changes

ethers/v5.8.0 (2025-02-25 19:15)

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

Changes

ethers/v5.8.0 (2025-02-25 19:15)

v0.2.27

What's Changed

v0.2.26

What's Changed

New Contributors

0.2.27 / 2023-09-30

0.2.26 / 2023-09-29

0.2.23 / 2021-11-26

0.2.22 / 2021-03-04

0.2.21 / 2021-02-16

0.2.20 / 2020-12-01

0.2.19 / 2020-10-29

0.2.18 / 2020-10-13

0.2.17 / 2020-04-13

0.8.16

Support for custom storage layout syntax

What's Changed

0.8.15

Speed up test runs when using viaIR

What's Changed

New Contributors

0.8.14

What's Changed

New Contributors

v0.8.13

🐛 Bug Fixes

What's Changed

Changelog

0.8.11 / 2024-03-07

0.8.10 / 2024-02-29

0.8.9 / 2024-02-27

0.8.8 / 2024-02-21

0.8.7 / 2024-02-09

0.8.6 / 2024-01-28

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

📚 Documentation

🧹 Chores

🤖 Automation

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

10.8.2 (2024-10-30)

🩹 Fixes

📚 Documentation

🧹 Chores

🤖 Automation

10.8.1 (2024-10-29)

🩹 Fixes

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

🧹 Chores

10.7.3 (2024-08-09)

v6.0.2

v6.0.1

What's Changed

New Contributors

v5.29.0

Speed up test runs when using `viaIR`