Skip to content

[Snyk] Upgrade ethers from 6.6.0 to 6.14.4#27

Open
X-oss-byte wants to merge 1 commit intomainfrom
snyk-upgrade-c46c578271db1aca5696438888718608
Open

[Snyk] Upgrade ethers from 6.6.0 to 6.14.4#27
X-oss-byte wants to merge 1 commit intomainfrom
snyk-upgrade-c46c578271db1aca5696438888718608

Conversation

@X-oss-byte
Copy link
Copy Markdown
Owner

@X-oss-byte X-oss-byte commented Jul 12, 2025
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade ethers from 6.6.0 to 6.14.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 35 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 696 Proof of Concept
Release notes
Package name: ethers
  • 6.14.4 - 2025-06-13
    • Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).
  • 6.14.3 - 2025-05-27
    • Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).
  • 6.14.2 - 2025-05-26
    • Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
    • Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
    • Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
    • Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).
  • 6.14.1 - 2025-05-15
    • Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).
  • 6.14.0 - 2025-05-07
    • Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
    • EIP-7702 support (#4916; db490e1, e7c1bdf).
    • Added support for to override fetch init options in the Browser (#3895; 844ae68).
    • Added EIP-6963 discovery to BrowserProvider (f5469dd).
    • Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
    • Added BlockscoutProvider (#4790, b59b5a4).
    • Added CommunityResourcable to exports (#4776; bca8d1b).
  • 6.13.7 - 2025-04-26
    • Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
    • Fixed Infura BSC network URLs (#4951; d01b4cb).
  • 6.13.6 - 2025-03-21
  • 6.13.6-beta.1 - 2025-03-21
  • 6.13.5 - 2025-01-06
    • Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
    • Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
    • Add newline delimiter to IPC providers for broader support (#4847; 474a8de).
  • 6.13.4 - 2024-10-12
  • 6.13.3 - 2024-10-01
    • Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).
  • 6.13.2 - 2024-07-25
  • 6.13.1 - 2024-06-18
  • 6.13.0 - 2024-06-04
  • 6.12.2 - 2024-06-02
  • 6.12.1 - 2024-05-01
  • 6.12.0 - 2024-04-17
  • 6.12.0-beta.1 - 2024-03-27
  • 6.11.1 - 2024-02-14
  • 6.11.0 - 2024-02-09
  • 6.10.0 - 2024-01-13
  • 6.9.2 - 2024-01-03
  • 6.9.1 - 2023-12-20
  • 6.9.0 - 2023-11-27
  • 6.8.1 - 2023-11-01
  • 6.8.0 - 2023-10-11
  • 6.7.1 - 2023-08-15
  • 6.7.0 - 2023-08-03
  • 6.6.7 - 2023-07-28
  • 6.6.6 - 2023-07-28
  • 6.6.5 - 2023-07-24
  • 6.6.4 - 2023-07-16
  • 6.6.3 - 2023-07-12
  • 6.6.2 - 2023-06-28
  • 6.6.1 - 2023-06-23
  • 6.6.0 - 2023-06-14
from ethers GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Summary by Sourcery

Upgrade the ethers library to version 6.14.4 to address security issues and include recent upstream enhancements

Bug Fixes:

  • Fix Denial of Service vulnerability (SNYK-JS-WS-7266574) by upgrading ethers

Enhancements:

  • Bump ethers dependency from 6.6.0 to 6.14.4 to incorporate the latest upstream fixes and improvements

@snyk-bot
fix: upgrade ethers from 6.6.0 to 6.14.4
d086e43 
Snyk has created this PR to upgrade ethers from 6.6.0 to 6.14.4.

See this package in npm:
ethers

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/5a5244eb-d014-4635-9818-8ddb177a1f58?utm_source=github&utm_medium=referral&page=upgrade-pr
@bolt-new-by-stackblitz
Copy link
Copy Markdown

bolt-new-by-stackblitz bot commented Jul 12, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai bot commented Jul 12, 2025
edited
Loading

Reviewer's Guide

This PR upgrades the ethers library from version 6.6.0 to 6.14.4 by updating the package.json entry and regenerating the lockfile, addressing a high-severity DoS vulnerability and incorporating upstream fixes.

File-Level Changes

Change Details Files
Bump ethers dependency and refresh lockfile
  • Updated ethers version in dependencies from ^6.6.0 to ^6.14.4
  • Regenerated package-lock.json to capture updated dependency graph
 package.json
package-lock.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Jul 12, 2025

⚠️ No Changeset found

Latest commit: d086e43

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@X-oss-byte @snyk-bot