WalletConnect
fix(deps): update dependency @ethersproject/hash to v5.8.0
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| @ethersproject/hash (source) | 5.7.0 -> 5.8.0 |
Release Notes
ethers-io/ethers.js (@ethersproject/hash)
v5.8.0: ethers/v5.8.0 (2025-02-25 19:15) [legacy version]
This is a security update for the legacy Ethers v5 branch, addressing two security fixes.
- A bug in
elliptic, which does not affect ethers but triggers a critical security warning duringnom audit[see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input] - A bug in
wswhich can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning duringnom audit[see: too many HTTP headers]
For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.
Changes
- Updated to latest elliptic library to fix audit warnings. (f8deaae)
- Added ENS to Sepolia. (0065547)
- Bump ws package version to address DoS security concern. (#4791; f345816)
- Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)
Embedding UMD with SRI:
<script type="text/javascript"
integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
crossorigin="anonymous"
src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | @ethersproject/transactions@5.7.0 ⏵ 5.8.0 |  | |  |  | |
| @ethersproject/hash@5.7.0 ⏵ 5.8.0 | | |  | | |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}