Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates#274

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-675ef9a19c
Open

chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates#274
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-675ef9a19c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2025
edited
Loading

Bumps the npm_and_yarn group with 4 updates in the / directory: @grpc/grpc-js, @hashgraph/sdk, elliptic and @ethersproject/signing-key.
Bumps the npm_and_yarn group with 1 update in the /examples/hardhat-hts directory: axios.

Updates @grpc/grpc-js from 1.8.2 to 1.13.0

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js-xds 1.13.0

@​grpc/grpc-js 1.13.0

Changelog

  • Add support for channel option grpc-node.flow_control_window to control HTTP/2 flow control window size (#2864 contributed by @​rickihastings)
  • Show meaningful error messages more consistently when requests fail (#2868)
  • Add support for CIDR blocks in no_proxyenvironment variable (#2876 contributed by @​melkouri)
  • Fix a bug that caused server interceptor sendMetadata methods to not be called if the server interceptor did not explicitly send metadata (#2897)
  • Fix IPv6-mapped IPv4 address parsing in channelz, and represent them as IPv4 addresses (#2909)

Experimental API changes

Added:

  • SecureConnector
  • SecureConnectResult
  • SUBCHANNEL_ARGS_EXCLUDE_KEY_PREFIX
  • Server#experimentalRegisterListenerToChannelz protected method
  • ServerexperimentalUnregisterListenerFromChannelz protected method
  • Server#experimentalCreateConnectionInjectorWithChannelzRef protected method

Modified:

  • LoadBalancer: Removed the ChannelCredentials constructor argument
  • LoadBalancer: Removed the ChannelOptions constructor argument
  • LoadBalancer#updateAddressList: Replaced the attributes argument with one of type ChannelOptions.
  • ChannelControlHelper#createSubchannel: Removed the ChannelCredentials argument
  • LeafLoadBalancer: Removed the ChannelCredentials constructor argument

@​grpc/grpc-js@​1.12.6

  • Allow garbage collection of IDLE channels (#2896)

@​grpc/grpc-js 1.12.5

  • Prioritize HTTP status errors over message decoding errors (#2873)

@​grpc/grpc-js 1.12.4

  • Prioritize reporting UNAVAILABLE status when handing connection drops (#2862)

@​grpc/grpc-js 1.12.3

  • Report UNAVAILABLE if possible when handling connection drops (#2861)

@​grpc/grpc-js 1.12.2

  • Use util.promisify instead of fs/promises for Node 12 compatibility (#2838)

@​grpc/grpc-js-xds 1.12.2

... (truncated)

Commits
  • 02b7c27 Merge pull request #2918 from murgatroid99/grpc-js_backoff_trace
  • a188ae1 grpc-js: Add backoff timer trace logging
  • a8142c2 Merge pull request #2916 from murgatroid99/grpc-js-xds_ring_hash_fix
  • abcf430 grpc-js-xds: ring_hash: Fix proactive connect logic when already connecting
  • fbd13e8 Merge pull request #2914 from murgatroid99/grpc-js_1.13.0_bump
  • 9691f0e grpc-js: Update to 1.13.0
  • daa5127 Merge pull request #2913 from murgatroid99/grpc-js_generated_update
  • 4132581 grpc-js: Update generated code with generator changes
  • 55b31f6 Merge pull request #2911 from murgatroid99/proto-loader_optional_oneof
  • 7133635 Update golden and xds generated code for generator changes
  • Additional commits viewable in compare view

Updates @hashgraph/sdk from 2.55.1 to 2.61.0

Release notes

Sourced from @​hashgraph/sdk's releases.

v2.61.0

What's Changed

New Contributors

Full Changelog: hiero-ledger/hiero-sdk-js@v2.60.1...v2.61.0

v2.61.0-beta.2

What's Changed

... (truncated)

Changelog

Sourced from @​hashgraph/sdk's changelog.

v2.61.0

v2.61.0-beta.2

v2.60.1

v2.60.0-beta.3

v2.60.0-beta.2

... (truncated)

Commits
  • ffe09f1 chore(release): v2.61.0 (#2965)
  • cd73faf docs: add note in documentation when running examples (#2962)
  • 4dd08dd chore(deps): bump renovatebot/github-action from 41.0.15 to 41.0.16 (#2963)
  • 75c8ab5 fix: disable auto renew assignment on topic and token create (#2945)
  • 211da69 chore(deps): bump renovatebot/github-action from 41.0.14 to 41.0.15 (#2957)
  • d5da9ab chore(deps): bump actions/setup-node from 4.2.0 to 4.3.0 (#2958)
  • 9392d54 Add some comments about the toSolidityAddress function (#2220)
  • 4af517c feat: manual update client address book (#2928)
  • 753b552 chore(deps): bump @​babel/runtime from 7.26.0 to 7.26.10 (#2950)
  • b94ba78 chore(deps): bump @​babel/helpers (#2951)
  • Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates @ethersproject/signing-key from 5.7.0 to 5.8.0

Release notes

Sourced from @​ethersproject/signing-key's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

  • Updated to latest elliptic library to fix audit warnings. (f8deaae)
  • Added ENS to Sepolia. (0065547)
  • Bump ws package version to address DoS security concern. (#4791; f345816)
  • Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

Embedding UMD with SRI:

<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

ethers/v5.7.2 (2022-10-19 04:19)

Embedding UMD with SRI:

<script type="text/javascript"
        integrity="sha384-Htz1SE4Sl5aitpvFgr2j0sfsGUIuSXI6t8hEyrlQ93zflEF3a29bH2AvkUROUw7J"
        crossorigin="anonymous"
        src="https://cdn-cors.ethers.io/lib/ethers-5.7.2.umd.min.js">
</script>

ethers/v5.7.1 (2022-09-13 21:28)

  • Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
  • Add support for all data URL formats. (#3341; 4c86dc9)
  • Added Sepolia network. (#3325; d083522)

... (truncated)

Changelog

Sourced from @​ethersproject/signing-key's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

  • Updated to latest elliptic library to fix audit warnings. (f8deaae)
  • Added ENS to Sepolia. (0065547)
  • Bump ws package version to address DoS security concern. (#4791; f345816)
  • Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

ethers/v5.7.2 (2022-10-19 04:19)

ethers/v5.7.1 (2022-09-13 21:28)

  • Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
  • Add support for all data URL formats. (#3341; 4c86dc9)
  • Added Sepolia network. (#3325; d083522)
Commits
  • 5ff3dc9 admin: updated dist files with update-versions
  • f8deaae Updated to latest elliptic library to fix audit warnings.
  • fa5f647 admin: updated dist files
  • See full diff in compare view

Updates axios from 1.8.1 to 1.8.3

Release notes

Sourced from axios's releases.

Release v1.8.3

Release notes:

Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Release v1.8.2

Release notes:

Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.8.3 (2025-03-10)

Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot requested a review from a team as a code owner March 19, 2025 15:12
@dependabot dependabot bot added dependencies Add, update or remove dependency packages or files javascript Pull requests that update javascript code labels Mar 19, 2025
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-675ef9a19c branch from 28a1a6b to fb06f5d Compare March 21, 2025 00:41
@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 5 …
973f993 
…updates

Bumps the npm_and_yarn group with 4 updates in the / directory: [@grpc/grpc-js](https://github.com/grpc/grpc-node), [@hashgraph/sdk](https://github.com/hiero-ledger/hiero-sdk-js), [elliptic](https://github.com/indutny/elliptic) and [@ethersproject/signing-key](https://github.com/ethers-io/ethers.js/tree/HEAD/packages/signing-key).
Bumps the npm_and_yarn group with 1 update in the /examples/hardhat-hts directory: [axios](https://github.com/axios/axios).


Updates `@grpc/grpc-js` from 1.8.2 to 1.13.0
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.8.2...@grpc/grpc-js@1.13.0)

Updates `@hashgraph/sdk` from 2.55.1 to 2.61.0
- [Release notes](https://github.com/hiero-ledger/hiero-sdk-js/releases)
- [Changelog](https://github.com/hiero-ledger/hiero-sdk-js/blob/main/CHANGELOG.md)
- [Commits](hiero-ledger/hiero-sdk-js@v2.55.1...v2.61.0)

Updates `elliptic` from 6.5.4 to 6.6.1
- [Commits](indutny/elliptic@v6.5.4...v6.6.1)

Updates `@ethersproject/signing-key` from 5.7.0 to 5.8.0
- [Release notes](https://github.com/ethers-io/ethers.js/releases)
- [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md)
- [Commits](https://github.com/ethers-io/ethers.js/commits/v5.8.0/packages/signing-key)

Updates `axios` from 1.8.1 to 1.8.3
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.8.1...v1.8.3)

---
updated-dependencies:
- dependency-name: "@grpc/grpc-js"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@hashgraph/sdk"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@ethersproject/signing-key"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-675ef9a19c branch from fb06f5d to 973f993 Compare March 25, 2025 14:54
@swirlds-automation
Copy link
Copy Markdown

swirlds-automation commented Jan 26, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbarker-dev rbarker-dev rbarker-dev approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Add, update or remove dependency packages or files javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@swirlds-automation @rbarker-dev @natanasow