Skip to content

Bump elliptic, web3 and ethers#1911

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-cc6244600a
Closed

Bump elliptic, web3 and ethers#1911
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-cc6244600a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 13, 2025

Bumps elliptic to 6.6.1 and updates ancestor dependencies elliptic, web3 and ethers. These dependencies need to be updated together.

Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates web3 from 1.10.0 to 4.16.0

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[4.16.0]

Fixed

web3

  • Export Web3Account, Wallet and signature related types. (#7374)

web3-utils

  • Make fromWei return "0" when input is 0 (#7387)

Removed

web3-eth-accounts

  • Move signature related types to web3-types. Re-export them for backwards compatibility. (#7374)

Added

web3-types

  • Add signature related types. (#7374)
  • Updated Typescript version 4 -> 5 (#7272)

web3-eth-accounts

  • Updated Typescript version 4 -> 5 (#7272)

web3

  • Updated Typescript version 4 -> 5 (#7272)

web3-core

  • Updated Typescript version 4 -> 5 (#7272)

web3-account-abstraction

  • RC release

web3-errors

  • Updated Typescript version 4 -> 5 (#7272)

web3-eth

  • Updated Typescript version 4 -> 5 (#7272)

web3-eth-contract

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by luu-alex, a new releaser for web3 since your current version.


Updates ethers from 5.7.2 to 6.13.5

Release notes

Sourced from ethers's releases.

ethers/v6.13.5 (2025-01-04 15:26)

  • Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
  • Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
  • Add newline delimiter to IPC providers for broader support (#4847; 474a8de).

ethers/v6.13.4 (2024-10-10 18:01)

ethers/v6.13.3 (2024-09-30 22:08)

  • Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).

ethers/v6.13.2 (2024-07-25 18:20)

  • Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:37)

  • Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:38)

  • Added Options for BrowserProvider (#4707; 33bb0bf).
  • Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
  • Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

  • Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
  • Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
  • Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 23:23)

  • Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
  • Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
  • Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
  • Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 02:09)

  • Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
  • Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
  • Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
  • Better error messages for transaction field mismatch (#4659; 9230aa0).
  • Added prevRandao to block (#3372; ec6a754).
  • Added Polygon Amoy testnet (#4645; 1717abb).
  • Added Chainstack provider (#2741; 014004d).
  • Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
  • Added EIP-4844 broadcast support (92bad88).
  • Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.12.0-beta.1 (2024-03-27 14:47)

  • Added EIP-4844 broadcast support.
  • Fix ignored throttle parameters (#4663; 12772e9).

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.13.5 (2025-01-04 15:26)

  • Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
  • Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
  • Add newline delimiter to IPC providers for broader support (#4847; 474a8de).

ethers/v6.13.4 (2024-10-10 18:01)

ethers/v6.13.3 (2024-09-30 22:08)

  • Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).

ethers/v6.13.2 (2024-07-25 17:54)

  • Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:09)

  • Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:01)

  • Added Options for BrowserProvider (#4707; 33bb0bf).
  • Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
  • Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

  • Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
  • Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
  • Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 22:46)

  • Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
  • Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
  • Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
  • Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

... (truncated)

Commits
  • ce7212d tests: debugging CI browser failure
  • f1821a6 tests: debugging CI browser failure
  • cc9119c tests: debugging CI browser failure
  • 3ac33f9 tests: debugging CI browser failure
  • 25b11ee tests: debugging CI browser failure
  • 3bcbcae tests: debug CI failing
  • 27eb944 admin: updated dist files
  • 3854b39 tests: added circular support to browser-safe inspect
  • 831b21d admin: updated dist files
  • e299a31 tests: added browser-safe inspect for tests
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
ethers [>= 6.a, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump elliptic, web3 and ethers
5cd5578 
Bumps [elliptic](https://github.com/indutny/elliptic) to 6.6.1 and updates ancestor dependencies [elliptic](https://github.com/indutny/elliptic), [web3](https://github.com/ChainSafe/web3.js) and [ethers](https://github.com/ethers-io/ethers.js). These dependencies need to be updated together.


Updates `elliptic` from 6.5.4 to 6.6.1
- [Commits](indutny/elliptic@v6.5.4...v6.6.1)

Updates `web3` from 1.10.0 to 4.16.0
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](web3/web3.js@v1.10.0...v4.16.0)

Updates `ethers` from 5.7.2 to 6.13.5
- [Release notes](https://github.com/ethers-io/ethers.js/releases)
- [Changelog](https://github.com/ethers-io/ethers.js/blob/main/CHANGELOG.md)
- [Commits](ethers-io/ethers.js@v5.7.2...v6.13.5)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-type: indirect
- dependency-name: web3
  dependency-type: indirect
- dependency-name: ethers
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Feb 13, 2025
@dependabot dependabot bot requested a review from paulo-ocean as a code owner February 13, 2025 20:37
@dependabot dependabot bot added the Type: Dependencies Pull requests that update a dependency file label Feb 13, 2025
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Feb 14, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-cc6244600a branch February 14, 2025 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihaisc mihaisc Awaiting requested review from mihaisc mihaisc is a code owner

@alexcos20 alexcos20 Awaiting requested review from alexcos20 alexcos20 is a code owner

@bogdanfazakas bogdanfazakas Awaiting requested review from bogdanfazakas bogdanfazakas is a code owner

@paulo-ocean paulo-ocean Awaiting requested review from paulo-ocean

@mariacarmina mariacarmina Awaiting requested review from mariacarmina

@jamiehewitt15 jamiehewitt15 Awaiting requested review from jamiehewitt15

Assignees

No one assigned

Labels

javascript Pull requests that update Javascript code Type: Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jamiehewitt15