ethers.js icon indicating copy to clipboard operation
ethers.js copied to clipboard
verified publisher icon ethers-io

pinned to outdated dependencies

Open dynst opened this issue 5 months ago • 1 comments

Ethers Version

6.15.0

Search Terms

No response

Describe the Problem

https://github.com/ethers-io/ethers.js/blob/9fd9d41d017a5e3b329aca47c79786e69cd40b99/package.json#L11-L19

All of the dependencies and devDependencies use an exact version, with no caret ^ to allow newer semver compatible versions.

The latest @noble/hashes is 1.8.0 now, and @noble/curves 1.9.2, for example.

Projects that depend on ethers end up bundling 2 versions of the exact same package because ethers only accepts the old version, while other libraries in the dependency tree will accept the newer version.

Code Snippet

Contract ABI

Errors

Environment

No response

Environment (Other)

No response

dynst avatar Jul 11 '25 20:07 dynst

Thanks for the info! I will update to the latest versions in the next minor version bump. :)

I audit every dependency, line-by-line and when updating dependency versions re-audit the changes between the versions, which unfortunately means I cannot use caret versions.

I am less picky for devDependencies, but also quite cautious when it comes to bumping the TypeScript package, since they fairly regularly make changes that cause the .d.ts files to be non-backwards compatible, so when bumping that I like to give advance warning on Twitter and such.

I'll set the tags on this issue to make sure they are captured in the next minor bump.

ricmoo avatar Jul 31 '25 05:07 ricmoo