Bump the npm_and_yarn group across 3 directories with 15 updates by dependabot[bot] · Pull Request #12 · LFDT-Smoot/bridge

dependabot · 2025-05-21T12:12:06Z

Bumps the npm_and_yarn group with 6 updates in the /contracts_solidity/message-bridge-contracts directory:

Package	From	To
base-x	`3.0.9`	`3.0.11`
braces	`3.0.2`	`3.0.3`
follow-redirects	`1.15.2`	`1.15.9`
secp256k1	`4.0.3`	`4.0.4`
undici	`5.21.0`	`5.29.0`
word-wrap	`1.2.3`	`1.2.5`

Bumps the npm_and_yarn group with 6 updates in the /contracts_solidity/nft-market-contracts directory:

Package	From	To
base-x	`3.0.9`	`3.0.11`
braces	`3.0.2`	`3.0.3`
follow-redirects	`1.15.2`	`1.15.9`
secp256k1	`4.0.3`	`4.0.4`
undici	`5.21.0`	`5.29.0`
word-wrap	`1.2.3`	`1.2.5`

Bumps the npm_and_yarn group with 10 updates in the /relayers/crossRoute directory:

Package	From	To
base-x	`3.0.9`	`3.0.11`
cookie	`0.6.0`	`0.7.1`
express	`4.19.2`	`4.21.2`
elliptic	`6.5.5`	`6.6.1`
@ethersproject/signing-key	`5.7.0`	`5.8.0`
secp256k1	`4.0.3`	`4.0.4`
keythereum	`1.2.0`	`1.2.0`
tough-cookie	`2.5.0`	`removed`
web3	`1.2.9`	`4.16.0`
mongoose	`5.13.22`	`6.13.6`

Updates base-x from 3.0.9 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates secp256k1 from 4.0.3 to 4.0.4

Commits

756fce1 4.0.4
8bd6446 elliptic: fix key verification in loadCompressedPublicKey
840834e Update elliptic to 6.5.7 (CVE-2024-42461) (#206)
See full diff in compare view

Updates undici from 5.21.0 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Fix tests in v5.x for Node 20 by @mcollina in nodejs/undici#4104

Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

... (truncated)

Commits

9528f68 Bumped v5.29.0
f1d75a4 increase timeout for redirect test
2d31ed6 remove fuzzing tests
6b36d49 fix redirect test in Node v16
648dd8f more fix for the wpt runner on Windows
a0516ba don't use internal header state for cookies (#3295)
87ce4af fix test/client for node 20
c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
82200bd [v6.x] fix wpts on windows (#4093)
47546fa test: fix windows wpt (#4050)
Additional commits viewable in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates secp256k1 from 4.0.3 to 4.0.4

Commits

756fce1 4.0.4
8bd6446 elliptic: fix key verification in loadCompressedPublicKey
840834e Update elliptic to 6.5.7 (CVE-2024-42461) (#206)
See full diff in compare view

Updates undici from 5.21.0 to 5.29.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

Fix tests in v5.x for Node 20 by @mcollina in nodejs/undici#4104

Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

... (truncated)

Commits

9528f68 Bumped v5.29.0
f1d75a4 increase timeout for redirect test
2d31ed6 remove fuzzing tests
6b36d49 fix redirect test in Node v16
648dd8f more fix for the wpt runner on Windows
a0516ba don't use internal header state for cookies (#3295)
87ce4af fix test/client for node 20
c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
82200bd [v6.x] fix wpts on windows (#4093)
47546fa test: fix windows wpt (#4050)
Additional commits viewable in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
See full diff in compare view

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates elliptic from 6.5.5 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
See full diff in compare view

Updates @ethersproject/signing-key from 5.7.0 to 5.8.0

Release notes

Sourced from @ethersproject/signing-key's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]

A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Embedding UMD with SRI:
<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>
ethers/v5.7.2 (2022-10-19 04:19)

Updated tests to use goerli instead of ropsten. (1392803, 706d3ca)

Added new error strings Pocket returns. (9f990c5)

Fixed Alchemy goerli URL. (#3320, #3323, #3340, #3358, #3423; 74e3d98)

Update testnets for third-party providers. (#3320, #3323, #3340, #3358, #3423; 2a3a2e1)

Embedding UMD with SRI:
<script type="text/javascript"
        integrity="sha384-Htz1SE4Sl5aitpvFgr2j0sfsGUIuSXI6t8hEyrlQ93zflEF3a29bH2AvkUROUw7J"
        crossorigin="anonymous"
        src="https://cdn-cors.ethers.io/lib/ethers-5.7.2.umd.min.js">
</script>
ethers/v5.7.1 (2022-09-13 21:28)

Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)

Add support for all data URL formats. (#3341; 4c86dc9)

Added Sepolia network. (#3325; d083522)

... (truncated)

Changelog

Sourced from @ethersproject/signing-key's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

Updated to latest elliptic library to fix audit warnings. (f8deaae)

Added ENS to Sepolia. (0065547)

Bump ws package version to address DoS security concern. (#4791; f345816)

Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

ethers/v5.7.2 (2022-10-19 04:19)

Updated tests to use goerli instead of ropsten. (1392803, 706d3ca)

Added new error strings Pocket returns. (9f990c5)

Fixed Alchemy goerli URL. (#3320, #3323, #3340, #3358, #3423; 74e3d98)

Update testnets for third-party providers. (#3320, #3323, #3340, #3358, #3423; 2a3a2e1)

ethers/v5.7.1 (2022-09-13 21:28)

Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)

Add support for all data URL formats. (#3341; 4c86dc9)

Added Sepolia network. (#3325; d083522)

Commits

5ff3dc9 admin: updated dist files with update-versions

Bumps the npm_and_yarn group with 6 updates in the /contracts_solidity/message-bridge-contracts directory: | Package | From | To | | --- | --- | --- | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` | | [undici](https://github.com/nodejs/undici) | `5.21.0` | `5.29.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 6 updates in the /contracts_solidity/nft-market-contracts directory: | Package | From | To | | --- | --- | --- | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` | | [undici](https://github.com/nodejs/undici) | `5.21.0` | `5.29.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 10 updates in the /relayers/crossRoute directory: | Package | From | To | | --- | --- | --- | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `0.7.1` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.5` | `6.6.1` | | [@ethersproject/signing-key](https://github.com/ethers-io/ethers.js/tree/HEAD/packages/signing-key) | `5.7.0` | `5.8.0` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` | | [keythereum](https://github.com/ethereumjs/keythereum) | `1.2.0` | `1.2.0` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `removed` | | [web3](https://github.com/ChainSafe/web3.js) | `1.2.9` | `4.16.0` | | [mongoose](https://github.com/Automattic/mongoose) | `5.13.22` | `6.13.6` | Updates `base-x` from 3.0.9 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.9...v3.0.11) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) Updates `undici` from 5.21.0 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.21.0...v5.29.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `base-x` from 3.0.9 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.9...v3.0.11) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) Updates `undici` from 5.21.0 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.21.0...v5.29.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `base-x` from 3.0.9 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.9...v3.0.11) Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.1) Updates `express` from 4.19.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.19.2...4.21.2) Updates `elliptic` from 6.5.5 to 6.6.1 - [Commits](indutny/elliptic@v6.5.5...v6.6.1) Updates `@ethersproject/signing-key` from 5.7.0 to 5.8.0 - [Release notes](https://github.com/ethers-io/ethers.js/releases) - [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md) - [Commits](https://github.com/ethers-io/ethers.js/commits/v5.8.0/packages/signing-key) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) Updates `keythereum` from 1.2.0 to 1.2.0 - [Release notes](https://github.com/ethereumjs/keythereum/releases) - [Changelog](https://github.com/ethereumjs/keythereum/blob/master/CHANGELOG.md) - [Commits](ethereumjs/keythereum@1.2.0...1.2.0) Removes `tough-cookie` Updates `web3` from 1.2.9 to 4.16.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v1.2.9...v4.16.0) Updates `ws` from 3.3.3 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@3.3.3...8.17.1) Updates `mongoose` from 5.13.22 to 6.13.6 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@5.13.22...6.13.6) Updates `web3` from 1.2.9 to 4.16.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v1.2.9...v4.16.0) --- updated-dependencies: - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@ethersproject/signing-key" dependency-version: 5.8.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: keythereum dependency-version: 1.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: web3 dependency-version: 4.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.17.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 6.13.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: web3 dependency-version: 4.16.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2025

dependabot bot mentioned this pull request May 21, 2025

Bump elliptic and @ethersproject/signing-key in /relayers/crossRoute #8

Closed

dependabot bot requested a review from a team May 21, 2025 12:12

This was referenced May 21, 2025

Bump mongoose from 5.13.22 to 6.13.6 in /relayers/crossRoute #9

Closed

Bump base-x from 3.0.9 to 3.0.11 in /relayers/crossRoute #10

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 3 directories with 15 updates#12

Bump the npm_and_yarn group across 3 directories with 15 updates#12
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/contracts_solidity/message-bridge-contracts/npm_and_yarn-f63171852f

dependabot bot commented on behalf of github May 21, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github May 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.29.0

What's Changed

v5.28.5

⚠️ Security Release ⚠️

v5.28.4

⚠️ Security Release ⚠️

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

1.2.5

1.2.4

What's Changed

New Contributors

v5.29.0

What's Changed

v5.28.5

⚠️ Security Release ⚠️

v5.28.4

⚠️ Security Release ⚠️

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

1.2.5

1.2.4

What's Changed

New Contributors

0.7.1

0.7.0

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

Changes

ethers/v5.7.2 (2022-10-19 04:19)

ethers/v5.7.1 (2022-09-13 21:28)

ethers/v5.8.0 (2025-02-25 19:15)

ethers/v5.7.2 (2022-10-19 04:19)

ethers/v5.7.1 (2022-09-13 21:28)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github May 21, 2025 •

edited

Loading