Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates #1614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates #1614

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 22, 2025

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
brace-expansion 2.0.1 2.0.2
braces 3.0.2 3.0.3
elliptic 6.5.4 6.6.1
@ethersproject/signing-key 5.7.0 5.8.0
follow-redirects 1.15.2 1.15.11
nanoid 3.3.3 removed
mocha 10.2.0 10.8.2
undici 5.14.0 5.29.0
ws 7.5.9 7.5.10

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates @ethersproject/signing-key from 5.7.0 to 5.8.0

Release notes

Sourced from @​ethersproject/signing-key's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

  • Updated to latest elliptic library to fix audit warnings. (f8deaae)
  • Added ENS to Sepolia. (0065547)
  • Bump ws package version to address DoS security concern. (#4791; f345816)
  • Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Embedding UMD with SRI:

<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

ethers/v5.7.2 (2022-10-19 04:19)

Embedding UMD with SRI:

<script type="text/javascript"
        integrity="sha384-Htz1SE4Sl5aitpvFgr2j0sfsGUIuSXI6t8hEyrlQ93zflEF3a29bH2AvkUROUw7J"
        crossorigin="anonymous"
        src="https://cdn-cors.ethers.io/lib/ethers-5.7.2.umd.min.js">
</script>

ethers/v5.7.1 (2022-09-13 21:28)

  • Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
  • Add support for all data URL formats. (#3341; 4c86dc9)
  • Added Sepolia network. (#3325; d083522)

... (truncated)

Changelog

Sourced from @​ethersproject/signing-key's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

  • Updated to latest elliptic library to fix audit warnings. (f8deaae)
  • Added ENS to Sepolia. (0065547)
  • Bump ws package version to address DoS security concern. (#4791; f345816)
  • Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

ethers/v5.7.2 (2022-10-19 04:19)

ethers/v5.7.1 (2022-09-13 21:28)

  • Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
  • Add support for all data URL formats. (#3341; 4c86dc9)
  • Added Sepolia network. (#3325; d083522)
Commits
  • 5ff3dc9 admin: updated dist files with update-versions
  • f8deaae Updated to latest elliptic library to fix audit warnings.
  • fa5f647 admin: updated dist files
  • See full diff in compare view

Updates follow-redirects from 1.15.2 to 1.15.11

Commits
  • 21ef28a Release version 1.15.11 of the npm package.
  • 7c88135 Roll back tree shaking.
  • 6e389ba Release version 1.15.10 of the npm package.
  • 5bc496e Shake me up before you go-go.
  • 694d6b4 Bump minimist from 1.2.5 to 1.2.8
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • Additional commits viewable in compare view

Removes nanoid

Updates mocha from 10.2.0 to 10.8.2

Release notes

Sourced from mocha's releases.

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

  • support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
  • test link in html reporter (#5224) (f054acc)

📚 Documentation

  • indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

  • fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

  • deps: bump the github-actions group with 1 update (#5132) (e536ab2)

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

10.8.2 (2024-10-30)

🩹 Fixes

  • support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
  • test link in html reporter (#5224) (f054acc)

📚 Documentation

  • indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

  • fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

  • deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

🩹 Fixes

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

🧹 Chores

  • fix npm scripts on windows (#5219) (1173da0)
  • remove trailing whitespace in SECURITY.md (7563e59)

10.7.3 (2024-08-09)

... (truncated)

Commits
  • 05097db chore(main): release 10.8.2 (#5239)
  • 14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
  • 881e3b0 chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...
  • f054acc fix: test link in html reporter (#5224)
  • e536ab2 build(deps): bump the github-actions group with 1 update (#5132)
  • ba0fefe fix: support errors with circular dependencies in object values with --parall...
  • f44f71b chore(main): release 10.8.1 (#5238)
  • f72bc17 fix: handle case of invalid package.json with no explicit config (#5198)
  • 68803b6 fix: use accurate test links in HTML reporter (#5228)
  • d8ca270 fix: Typos on mochajs.org (#5237)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.


Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

  • fix: serialize URL string contents to prevent XSS (#173) f27d65d
  • Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
  • docs: update readme with URL support (#146) 0d88527
  • chore: update node version and lock file e2a3a91
  • fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

Updates undici from 5.14.0 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

... (truncated)

Commits

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 10 u…
f053fd2 
…pdates

Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` |
| [@ethersproject/signing-key](https://github.com/ethers-io/ethers.js/tree/HEAD/packages/signing-key) | `5.7.0` | `5.8.0` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.11` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.3` | `removed` |
| [mocha](https://github.com/mochajs/mocha) | `10.2.0` | `10.8.2` |
| [undici](https://github.com/nodejs/undici) | `5.14.0` | `5.29.0` |
| [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` |



Updates `brace-expansion` from 2.0.1 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.2)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `elliptic` from 6.5.4 to 6.6.1
- [Commits](indutny/elliptic@v6.5.4...v6.6.1)

Updates `@ethersproject/signing-key` from 5.7.0 to 5.8.0
- [Release notes](https://github.com/ethers-io/ethers.js/releases)
- [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md)
- [Commits](https://github.com/ethers-io/ethers.js/commits/v5.8.0/packages/signing-key)

Updates `follow-redirects` from 1.15.2 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.11)

Removes `nanoid`

Updates `mocha` from 10.2.0 to 10.8.2
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v10.2.0...v10.8.2)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `undici` from 5.14.0 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.14.0...v5.29.0)

Updates `ws` from 7.5.9 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...7.5.10)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@ethersproject/signing-key"
  dependency-version: 5.8.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mocha
  dependency-version: 10.8.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant