Bump the npm_and_yarn group across 1 directory with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
@openzeppelin/contracts	4.9.5	4.9.6
@openzeppelin/contracts-upgradeable	4.9.5	5.4.0
ethers	6.10.0	6.15.0
@ethersproject/providers	5.7.2	5.8.0
ethers	5.7.2	5.8.0
axios	1.6.5	1.11.0
base-x	3.0.9	3.0.11
braces	3.0.2	3.0.3
pbkdf2	3.1.2	3.1.3
secp256k1	4.0.3	4.0.4
serialize-javascript	6.0.0	6.0.2
mocha	10.2.0	10.8.2
undici	5.28.2	5.29.0

Updates @openzeppelin/contracts from 4.9.5 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• See full diff in compare view

Updates @openzeppelin/contracts-upgradeable from 4.9.5 to 5.4.0

Release notes

Sourced from @​openzeppelin/contracts-upgradeable's releases.

v5.4.0

Breaking changes

• Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

• Reduced pragma requirement of interface files

Changes by category

Account

• Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
• AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
• AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
• EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
• IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

• GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

• ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5739)

Cryptography

Signers

• AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
• SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
• SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
• MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
• MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5741)

Verifiers

• ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)

Other

• SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
• ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
• ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

• EnumerableMap: Add support for BytesToBytesMap type. (#5658)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts-upgradeable's changelog.

5.4.0 (2025-07-17)

Breaking changes

• Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

• Reduced pragma requirement of interface files

Changes by category

Account

• Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
• AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
• AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
• EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
• IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

• GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

• ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5739)

Cryptography

Signers

• AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
• SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
• SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
• MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
• MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5741)

Verifiers

• ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)

Other

• SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
• ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
• ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

... (truncated)

Commits

• e725abd Transpile c64a1edb6
• 14f68d0 Transpile f19bf2900
• d95c31c Transpile 84a600ba7
• f163b61 Transpile fffade5f9
• 60d6d81 Transpile 54a8027af
• 59ee474 Transpile f12605ad4
• 29056a0 Transpile 83b829e0d
• 473630f Transpile 2e152ba69
• fe097cf Transpile a34185060
• 73cfbce Transpile e1277f7ad
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by arr00, a new releaser for @​openzeppelin/contracts-upgradeable since your current version.

Updates ethers from 6.10.0 to 6.15.0

Release notes

Sourced from ethers's releases.

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

ethers/v6.14.2 (2025-05-26 18:31)

• Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
• Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
• Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
• Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).

ethers/v6.14.1 (2025-05-15 14:17)

• Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).

ethers/v6.14.0 (2025-05-06 22:02)

• Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
• EIP-7702 support (#4916; db490e1, e7c1bdf).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).
• Added EIP-6963 discovery to BrowserProvider (f5469dd).
• Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
• Added BlockscoutProvider (#4790, b59b5a4).
• Added CommunityResourcable to exports (#4776; bca8d1b).

ethers/v6.13.7 (2025-04-25 21:50)

• Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
• Fixed Infura BSC network URLs (#4951; d01b4cb).

ethers/v6.13.5 (2025-01-04 15:26)

• Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
• Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
• Add newline delimiter to IPC providers for broader support (#4847; 474a8de).

ethers/v6.13.4 (2024-10-10 18:01)

• Updated dependencies (1d717ef).
• Fixed bug in JSON-RPC error checking (#4827, #4837, #4851; be3e6b1).

ethers/v6.13.3 (2024-09-30 22:08)

• Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).

ethers/v6.13.2 (2024-07-25 18:20)

• Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:37)

• Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:38)

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

ethers/v6.14.2 (2025-05-26 18:03)

• Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
• Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
• Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
• Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).

ethers/v6.14.1 (2025-05-15 14:17)

• Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).

ethers/v6.14.0 (2025-05-06 22:02)

• Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
• EIP-7702 support (#4916; db490e1, e7c1bdf).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).
• Added EIP-6963 discovery to BrowserProvider (f5469dd).
• Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
• Added CommunityResourcable to exports (#4776; bca8d1b).

ethers/v6.13.7 (2025-04-25 21:50)

• Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
• Fixed Infura BSC network URLs (#4951; d01b4cb).

ethers/v6.13.6 (2025-03-21 18:21)

• Implicitly use EIP-7702 if authorizationList is given and non-empty (#4961; e7c1bdf).
• Initial EIP-7702 support (#4916; db490e1).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).

... (truncated)

Commits

• 9fd9d41 admin: updated dist files
• 1405d74 docs: added EIP-2 to specs.txt
• 9944ec9 Allow non-canonical S values in Signatures moving errors to access-time (#5013).
• 4eada38 admin: updated dist files
• 389dc03 Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916).
• d31f5a7 admin: updated dist files
• a8803ca Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985).
• ac6022b admin: updated dist files
• 52a0522 Fixed call stack overflow in makeError stringify for recursive structures (#4...
• fe98f98 Explicitly throw error on gunzip failure to prevent uncaught exception (#4873...
• Additional commits viewable in compare view

Updates @ethersproject/providers from 5.7.2 to 5.8.0

Release notes

Sourced from @​ethersproject/providers's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

• A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]
• A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

• Updated to latest elliptic library to fix audit warnings. (f8deaae)
• Added ENS to Sepolia. (0065547)
• Bump ws package version to address DoS security concern. (#4791; f345816)
• Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

---

Embedding UMD with SRI:

<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

Changelog

Sourced from @​ethersproject/providers's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

• Updated to latest elliptic library to fix audit warnings. (f8deaae)
• Added ENS to Sepolia. (0065547)
• Bump ws package version to address DoS security concern. (#4791; f345816)
• Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Commits

• f345816 Bump ws package version to address DoS security concern (#4791).
• fa5f647 admin: updated dist files
• f7c813d Added modern networks, updated third-party backend URLs and added QuickNode (...
• See full diff in compare view

Updates ethers from 5.7.2 to 5.8.0

Release notes

Sourced from ethers's releases.

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

ethers/v6.14.2 (2025-05-26 18:31)

• Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
• Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
• Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
• Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).

ethers/v6.14.1 (2025-05-15 14:17)

• Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).

ethers/v6.14.0 (2025-05-06 22:02)

• Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
• EIP-7702 support (#4916; db490e1, e7c1bdf).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).
• Added EIP-6963 discovery to BrowserProvider (f5469dd).
• Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
• Added BlockscoutProvider (#4790, b59b5a4).
• Added CommunityResourcable to exports (#4776; bca8d1b).

ethers/v6.13.7 (2025-04-25 21:50)

• Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
• Fixed Infura BSC network URLs (#4951; d01b4cb).

ethers/v6.13.5 (2025-01-04 15:26)

• Use local dev net for testing Typed API to prevent tests getting throttled (7654ee3).
• Fixed bad logic for searching prefetched transactions by hash (#4868; ef3c9bc).
• Add newline delimiter to IPC providers for broader support (#4847; 474a8de).

ethers/v6.13.4 (2024-10-10 18:01)

• Updated dependencies (1d717ef).
• Fixed bug in JSON-RPC error checking (#4827, #4837, #4851; be3e6b1).

ethers/v6.13.3 (2024-09-30 22:08)

• Allow CCIP-read to continue during low-level fetch failures (#4842; 1c31f95).

ethers/v6.13.2 (2024-07-25 18:20)

• Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:37)

• Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:38)

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

ethers/v6.14.2 (2025-05-26 18:03)

• Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
• Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
• Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
• Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).

ethers/v6.14.1 (2025-05-15 14:17)

• Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).

ethers/v6.14.0 (2025-05-06 22:02)

• Remove BlockscoutProvider temporarily until custom error issues are fixed (805a8b3).
• EIP-7702 support (#4916; db490e1, e7c1bdf).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).
• Added EIP-6963 discovery to BrowserProvider (f5469dd).
• Accept modern KZG library API while exposing legacy API (#4841; e5036e7).
• Added CommunityResourcable to exports (#4776; bca8d1b).

ethers/v6.13.7 (2025-04-25 21:50)

• Fix FallbackProvider coalescing call exceptions when backends return slightly different error message (268a0ac).
• Fixed Infura BSC network URLs (#4951; d01b4cb).

ethers/v6.13.6 (2025-03-21 18:21)

• Implicitly use EIP-7702 if authorizationList is given and non-empty (#4961; e7c1bdf).
• Initial EIP-7702 support (#4916; db490e1).
• Added support for to override fetch init options in the Browser (#3895; 844ae68).

... (truncated)

Commits

• 9fd9d41 admin: updated dist files
• 1405d74 docs: added EIP-2 to specs.txt
• 9944ec9 Allow non-canonical S values in Signatures moving errors to access-time (#5013).
• 4eada38 admin: updated dist files
• 389dc03 Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916).
• d31f5a7 admin: updated dist files
• a8803ca Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985).
• ac6022b admin: updated dist files
• 52a0522 Fixed call stack overflow in makeError stringify for recursive structures (#4...
• fe98f98 Explicitly throw error on gunzip failure to prevent uncaught exception (#4873...
• Additional commits viewable in compare view

Updates axios from 1.6.5 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

Release v1.10.0

Release notes:

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

Release v1.9.0

Release notes:

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
• http: send minimal end multipart boundary (#6661) (987d2e2)
• types: fix autocomplete for adapter config (#6855) (e61a893)

... (truncated)

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

1.10.0 (2025-06-14)

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

1.9.0 (2025-04-24)

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

... (truncated)

Commits

• b76c4ac chore(release): v1.11.0 (#6974)
• e72c193 fix: form-data npm pakcage (#6970)
• 8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
• a2214ca fix: prevent RangeError when using large Buffers (#6961)
• 6161947 refactor: use spread operator instead of '.apply()' (#6938)
• a1d16dd refactor: use an object spread instead of Object.assign (#6939)
• 07183cd chore(sponsor): update sponsor block (#6952)