[Snyk] Upgrade ethers from 5.3.0 to 6.15.0

[Dustin4444]

Snyk has created this PR to upgrade ethers from 5.3.0 to 6.15.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 111 versions ahead of your current version.

• The recommended version was released 3 months ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	482	No Known Exploit
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	482	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ETHERS-1586048	482	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	482	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIMECOREJS3-9397696	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	482	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	482	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	482	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	482	Proof of Concept
	Information Exposure SNYK-JS-ELLIPTIC-8720086	482	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482	No Known Exploit

Release notes

Package name: ethers

• 6.15.0 - 2025-07-02
  
  • Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).
• 6.14.4 - 2025-06-13
  
  • Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).
• 6.14.3 - 2025-05-27
  
  • Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).
• 6.14.2 - 2025-05-26
  
  • Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
  • Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
  • Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
  • Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).
• 6.14.1 - 2025-05-15
  
  • Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).
• 6.14.0 - 2025-05-07
  
  • Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
  • EIP-7702 support (#4916; db490e1, e7c1bdf).
  • Added support for to override fetch init options in the Browser (#3895; 844ae68).
  • Added EIP-6963 discovery to BrowserProvider (f5469dd).
  • Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
  • Added BlockscoutProvider (#4790, b59b5a4).
  • Added CommunityResourcable to exports (#4776; bca8d1b).
• 6.13.7 - 2025-04-26
  
  • Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
  • Fixed Infura BSC network URLs (#4951; d01b4cb).
• 6.13.6 - 2025-03-21
• 6.13.6-beta.1 - 2025-03-21
• 6.13.5 - 2025-01-06
  
  • Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
  • Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
  • Add newline delimiter to IPC providers for broader support (#4847; 474a8de).
• 6.13.4 - 2024-10-12
  
  • Updated dependencies (1d717ef).
  • Fixed bug in JSON-RPC error checking (#4827, #4837, #4851; be3e6b1).
• 6.13.3 - 2024-10-01
• 6.13.2 - 2024-07-25
• 6.13.1 - 2024-06-18
• 6.13.0 - 2024-06-04
• 6.12.2 - 2024-06-02
• 6.12.1 - 2024-05-01
• 6.12.0 - 2024-04-17
• 6.12.0-beta.1 - 2024-03-27
• 6.11.1 - 2024-02-14
• 6.11.0 - 2024-02-09
• 6.10.0 - 2024-01-13
• 6.9.2 - 2024-01-03
• 6.9.1 - 2023-12-20
• 6.9.0 - 2023-11-27
• 6.8.1 - 2023-11-01
• 6.8.0 - 2023-10-11
• 6.7.1 - 2023-08-15
• 6.7.0 - 2023-08-03
• 6.6.7 - 2023-07-28
• 6.6.6 - 2023-07-28
• 6.6.5 - 2023-07-24
• 6.6.4 - 2023-07-16
• 6.6.3 - 2023-07-12
• 6.6.2 - 2023-06-28
• 6.6.1 - 2023-06-23
• 6.6.0 - 2023-06-14
• 6.5.1 - 2023-06-08
• 6.5.0 - 2023-06-07
• 6.4.2 - 2023-06-06
• 6.4.1 - 2023-06-02
• 6.4.0 - 2023-05-20
• 6.3.0 - 2023-04-07
• 6.2.3 - 2023-03-28
• 6.2.2 - 2023-03-24
• 6.2.1 - 2023-03-23
• 6.2.0 - 2023-03-20
• 6.1.0 - 2023-03-07
• 6.0.8 - 2023-02-23
• 6.0.7 - 2023-02-23
• 6.0.6 - 2023-02-23
• 6.0.5 - 2023-02-19
• 6.0.4 - 2023-02-16
• 6.0.3 - 2023-02-13
• 6.0.2 - 2023-02-04
• 6.0.1 - 2023-02-04
• 6.0.0 - 2023-02-03
• 6.0.0-beta-exports.16 - 2023-02-02
• 6.0.0-beta-exports.15 - 2023-01-31
• 6.0.0-beta-exports.14 - 2023-01-27
• 6.0.0-beta-exports.13 - 2023-01-27
• 6.0.0-beta-exports.12 - 2023-01-27
• 6.0.0-beta-exports.11 - 2023-01-22
• 6.0.0-beta-exports.10 - 2023-01-15
• 6.0.0-beta-exports.9 - 2022-12-30
• 6.0.0-beta-exports.8 - 2022-12-10
• 6.0.0-beta-exports.7 - 2022-11-30
• 6.0.0-beta-exports.6 - 2022-11-09
• 6.0.0-beta-exports.5 - 2022-11-09
• 6.0.0-beta-exports.4 - 2022-10-01
• 6.0.0-beta-exports.3 - 2022-09-30
• 6.0.0-beta-exports.2 - 2022-09-27
• 6.0.0-beta-exports.1 - 2022-09-16
• 6.0.0-beta-exports.0 - 2022-09-05
• 6.0.0-beta.9 - 2022-04-20
• 6.0.0-beta.8 - 2022-04-20
• 6.0.0-beta.7 - 2022-04-20
• 6.0.0-beta.6 - 2022-04-20
• 6.0.0-beta.5 - 2022-04-19
• 6.0.0-beta.4 - 2022-04-17
• 6.0.0-beta.3 - 2022-04-14
• 6.0.0-beta.2 - 2022-04-11
• 6.0.0-beta.1 - 2022-04-11
• 5.8.0 - 2025-02-26
  

  This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

  • A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]
  • A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

  For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

  Changes

  • Updated to latest elliptic library to fix audit warnings. (f8deaae)
  • Added ENS to Sepolia. (0065547)
  • Bump ws package version to address DoS security concern. (#4791; f345816)
  • Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

  ---

  Embedding UMD with SRI:

  <script type="text/javascript"
    integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
    crossorigin="anonymous"
    src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
  </script>

• 5.7.2 - 2022-10-19
• 5.7.1 - 2022-09-14
• 5.7.0 - 2022-08-19
• 5.6.9 - 2022-06-18
• 5.6.8 - 2022-05-24
• 5.6.7 - 2022-05-21
• 5.6.6 - 2022-05-14
• 5.6.5 - 2022-05-03
• 5.6.4 - 2022-04-14
• 5.6.3 - 2022-04-13
• 5.6.2 - 2022-03-26
• 5.6.1 - 2022-03-16
• 5.6.0 - 2022-03-10
• 5.5.4 - 2022-01-31
• 5.5.3 - 2022-01-07
• 5.5.2 - 2021-12-01
• 5.5.1 - 2021-10-20
• 5.5.0 - 2021-10-20
• 5.4.7 - 2021-09-16
• 5.4.6 - 2021-08-27
• 5.4.5 - 2021-08-18
• 5.4.4 - 2021-08-05
• 5.4.3 - 2021-07-30
• 5.4.2 - 2021-07-23
• 5.4.1 - 2021-07-03
• 5.4.0 - 2021-06-26
• 5.3.1 - 2021-06-11
• 5.3.0 - 2021-06-01

from ethers GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-50d53679ad3070319e45134865b2e1d1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}