defender-sdk icon indicating copy to clipboard operation
defender-sdk copied to clipboard
verified publisher icon OpenZeppelin

Update ethers dependencies to ^6 ?

Open thelinuxlich opened this issue 1 year ago • 6 comments

The v5 ethers dependencies on this project creates a lot of security alerts on things like Dependabot.

thelinuxlich avatar Dec 13 '24 17:12 thelinuxlich

Hi @thelinuxlich , Can I work on this issue

HMSagar2701 avatar Jan 01 '25 16:01 HMSagar2701

Sure why not?

thelinuxlich avatar Jan 01 '25 16:01 thelinuxlich

Is it fine to use @ethersproject/[email protected], or should we wait for a stable release? Let me know if you want further adjustments!

HMSagar2701 avatar Jan 02 '25 03:01 HMSagar2701

Hi @thelinuxlich & @HMSagar2701 . We already support ethers v6 in our relayers and other packages, see ethers v6 example.

Although we understand it's a deprecated package, we still keep backwards compatibility with ethers v5 because many of our users and clients still depend it

MCarlomagno avatar Jan 02 '25 12:01 MCarlomagno

Wouldn't it be possible to split the package supporting ethers v5 into a separate legacy one?

thelinuxlich avatar Jan 02 '25 12:01 thelinuxlich

For example, on one of my projects, these elliptic alerts are all because of that dependency:

image

thelinuxlich avatar Jan 02 '25 12:01 thelinuxlich