[Snyk] Upgrade ethers from 6.6.0 to 6.14.1

[X-oss-byte]

Snyk has created this PR to upgrade ethers from 6.6.0 to 6.14.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 32 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept

Release notes

Package name: ethers

• 6.14.1 - 2025-05-15
  
  • Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).
• 6.14.0 - 2025-05-07
  
  • Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
  • EIP-7702 support (#4916; db490e1, e7c1bdf).
  • Added support for to override fetch init options in the Browser (#3895; 844ae68).
  • Added EIP-6963 discovery to BrowserProvider (f5469dd).
  • Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
  • Added BlockscoutProvider (#4790, b59b5a4).
  • Added CommunityResourcable to exports (#4776; bca8d1b).
• 6.13.7 - 2025-04-26
  
  • Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
  • Fixed Infura BSC network URLs (#4951; d01b4cb).
• 6.13.6 - 2025-03-21
• 6.13.6-beta.1 - 2025-03-21
• 6.13.5 - 2025-01-06
  
  • Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
  • Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
  • Add newline delimiter to IPC providers for broader support (#4847; 474a8de).
• 6.13.4 - 2024-10-12
  
  • Updated dependencies (1d717ef).
  • Fixed bug in JSON-RPC error checking (#4827, #4837, #4851; be3e6b1).
• 6.13.3 - 2024-10-01
  
  • Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).
• 6.13.2 - 2024-07-25
  
  • Prevent mutating transactions when signing (#4789; 1a51af8).
• 6.13.1 - 2024-06-18
  
  • Update ws package to address possible DoS vulnerability (a4b1d1f).
• 6.13.0 - 2024-06-04
  
  • Added Options for BrowserProvider (#4707; 33bb0bf).
  • Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
  • Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).
• 6.12.2 - 2024-06-02
• 6.12.1 - 2024-05-01
• 6.12.0 - 2024-04-17
• 6.12.0-beta.1 - 2024-03-27
• 6.11.1 - 2024-02-14
• 6.11.0 - 2024-02-09
• 6.10.0 - 2024-01-13
• 6.9.2 - 2024-01-03
• 6.9.1 - 2023-12-20
• 6.9.0 - 2023-11-27
• 6.8.1 - 2023-11-01
• 6.8.0 - 2023-10-11
• 6.7.1 - 2023-08-15
• 6.7.0 - 2023-08-03
• 6.6.7 - 2023-07-28
• 6.6.6 - 2023-07-28
• 6.6.5 - 2023-07-24
• 6.6.4 - 2023-07-16
• 6.6.3 - 2023-07-12
• 6.6.2 - 2023-06-28
• 6.6.1 - 2023-06-23
• 6.6.0 - 2023-06-14

from ethers GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade ethers dependency from 6.6.0 to 6.14.1 to address a high-severity Denial of Service vulnerability and include recent library improvements.

Bug Fixes:

• Resolve high-severity DoS vulnerability in WebSocket transport by upgrading ethers

Chores:

• Bump ethers dependency from 6.6.0 to 6.14.1

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 529163a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

Reviewer's Guide

Upgrade the ethers library from v6.6.0 to v6.14.1 by updating the package manifest and regenerating the lockfile to address a high-severity DoS vulnerability and pull in recent fixes and features.

Sequence Diagram: Snyk's Automated Dependency Upgrade Process

sequenceDiagram
    actor Snyk
    participant Repo as "Project Repository (GitHub)"
    actor Dev as Developer

    Snyk->>Repo: Scan project dependencies
    activate Repo
    Repo-->>Snyk: Report ethers@6.6.0 (vulnerable: SNYK-JS-WS-7266574)
    deactivate Repo
    Snyk->>Repo: Create Pull Request to upgrade ethers to 6.14.1
    activate Repo
    Dev->>Repo: Review Pull Request
    Dev->>Repo: Merge Pull Request
    Repo-->>Repo: ethers dependency updated to 6.14.1
    deactivate Repo

Loading

File-Level Changes

Change	Details	Files
Bump ethers dependency version	Updated ethers version specifier in package.json Regenerated package-lock.json to lock in v6.14.1	package.json package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.