chore(deps): bump elliptic, @ethersproject/signing-key and ethers in /contracts

[dependabot]

Bumps elliptic, @ethersproject/signing-key and ethers. These dependencies needed to be updated together.
Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Updates @ethersproject/signing-key from 5.7.0 to 5.8.0

Release notes

Sourced from @​ethersproject/signing-key's releases.

ethers/v5.8.0 (2025-02-25 19:15) [legacy version]

This is a security update for the legacy Ethers v5 branch, addressing two security fixes.

• A bug in elliptic, which does not affect ethers but triggers a critical security warning during nom audit [see: missing signature length check, missing check for leading bit, allow BER-encoded signatures, false negative verification, signing malformed input]
• A bug in ws which can be used as DoS vector when communicating with malicious WebSocket service providers, triggering a high security warning during nom audit [see: too many HTTP headers]

For those that wish to audit the specific changes in the the bundled version between v5.7 and v5.8, see this gist.

Changes

• Updated to latest elliptic library to fix audit warnings. (f8deaae)
• Added ENS to Sepolia. (0065547)
• Bump ws package version to address DoS security concern. (#4791; f345816)
• Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

---

Embedding UMD with SRI:

<script type="text/javascript"
  integrity="sha384-KpyAXoFibPIUEi79EsnN1EtEWCCrOQ8MtGsa4IrVxeZo514PYarFXujnjyu0DzgC"
  crossorigin="anonymous"
  src="https://cdnjs.cloudflare.com/ajax/libs/ethers/5.8.0/ethers.umd.min.js">
</script>

ethers/v5.7.2 (2022-10-19 04:19)

• Updated tests to use goerli instead of ropsten. (1392803, 706d3ca)
• Added new error strings Pocket returns. (9f990c5)
• Fixed Alchemy goerli URL. (#3320, #3323, #3340, #3358, #3423; 74e3d98)
• Update testnets for third-party providers. (#3320, #3323, #3340, #3358, #3423; 2a3a2e1)

---

Embedding UMD with SRI:

<script type="text/javascript"
        integrity="sha384-Htz1SE4Sl5aitpvFgr2j0sfsGUIuSXI6t8hEyrlQ93zflEF3a29bH2AvkUROUw7J"
        crossorigin="anonymous"
        src="https://cdn-cors.ethers.io/lib/ethers-5.7.2.umd.min.js">
</script>

ethers/v5.7.1 (2022-09-13 21:28)

• Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
• Add support for all data URL formats. (#3341; 4c86dc9)
• Added Sepolia network. (#3325; d083522)

---

... (truncated)

Changelog

Sourced from @​ethersproject/signing-key's changelog.

ethers/v5.8.0 (2025-02-25 19:15)

• Updated to latest elliptic library to fix audit warnings. (f8deaae)
• Added ENS to Sepolia. (0065547)
• Bump ws package version to address DoS security concern. (#4791; f345816)
• Added modern networks, updated third-party backend URLs and added QuickNode. (#3935, #4010; f7c813d)

ethers/v5.7.2 (2022-10-19 04:19)

• Updated tests to use goerli instead of ropsten. (1392803, 706d3ca)
• Added new error strings Pocket returns. (9f990c5)
• Fixed Alchemy goerli URL. (#3320, #3323, #3340, #3358, #3423; 74e3d98)
• Update testnets for third-party providers. (#3320, #3323, #3340, #3358, #3423; 2a3a2e1)

ethers/v5.7.1 (2022-09-13 21:28)

• Fixed message signing errors that clobbered critical Error properties. (#3356; b14cb0f)
• Add support for all data URL formats. (#3341; 4c86dc9)
• Added Sepolia network. (#3325; d083522)

Commits

• 5ff3dc9 admin: updated dist files with update-versions
• f8deaae Updated to latest elliptic library to fix audit warnings.
• fa5f647 admin: updated dist files
• See full diff in compare view

Updates ethers from 5.7.2 to 6.12.1

Release notes

Sourced from ethers's releases.

ethers/v6.12.1 (2024-04-30 23:23)

• Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
• Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
• Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
• Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 02:09)

• Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
• Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
• Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
• Better error messages for transaction field mismatch (#4659; 9230aa0).
• Added prevRandao to block (#3372; ec6a754).
• Added Polygon Amoy testnet (#4645; 1717abb).
• Added Chainstack provider (#2741; 014004d).
• Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
• Added EIP-4844 broadcast support (92bad88).
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.12.0-beta.1 (2024-03-27 14:47)

• Added EIP-4844 broadcast support.
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:47)

• Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).
• Allow ENS wildcards with labels up to 255 bytes wide; discussed with ENS and deemed safe (#4543; 7f14bde).
• Enforce string is passed to toUtf8Bytes (#4583; f45bb87).
• Fix transaction.index not being populated on some backends (#4591; 7f0e140).

ethers/v6.11.0 (2024-02-08 22:02)

• Allow transaction encoding for inferred type transactions (f02211d).
• Added EIP-4788, receipts root and state root fields to Block (#4570; c5f126f).
• Added EIP-4844 fields to Provider classes and formatter (#4570; 7b4f2c1).
• Assert BrowserProvider receives an EIP-1193 provider to fail early when passing undefined ethereum object (b69f43b).
• Add timeout to ContractTransactionResponse wait (#4497; 095de51).
• Allow override keyword in human-readable ABI and improve error messages (#4514, #4548; be5ec2d).
• Expand Contract sub-class to accept BaseContract super-class constructor arguments (#4538; 98496bc).
• Allow network for default provider to be null to select mainnet (#4501; b6bf7ab).
• Allow long dnsEncode names with optional length parameter (#4543; a136348).
• Fix parseLog signature when receiving read-only array for topics (#4029, #4459; 20cd8a2).
• Use Secure endpoints for BNB on Etherscan (#4525; 1f6e188).
• Added holesky network and related end-points for supporting providers (c6e6c43).
• Added EIP-4844 BLOb transactions (#4554; 9c1e82e).
• Normalize EIP-712 types before computing the payload (#4541; 56c1361).
• Updated thrid-part provider URLs for QuickNode (2b4891d).
• Fixed normalization and abstracted EIP-712 Array parsing (#4541; 8f99601).
• Updated third-party provider network URLs (#4542; 84ca14f).
• Added additional sepolia testnets (4efef76).
• Fix EIP-712 type aliases for uint and int (#4541; 43fb9c2).
• Fixed typo in Error string (#4539; 7882905).
• Better debugging output on fetch errors (bee07a0).

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.12.1 (2024-04-30 22:46)

• Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
• Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
• Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
• Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 01:09)

• Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
• Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
• Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
• Better error messages for transaction field mismatch (#4659; 9230aa0).
• Added prevRandao to block (#3372; ec6a754).
• Added Polygon Amoy testnet (#4645; 1717abb).
• Added Chainstack provider (#2741; 014004d).
• Added deep conversion to Result for toObject and toArray (#4681; 03bfe2a).
• Added EIP-4844 broadcast support (92bad88).
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:13)

• Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).
• Allow ENS wildcards with labels up to 255 bytes wide; discussed with ENS and deemed safe (#4543; 7f14bde).
• Enforce string is passed to toUtf8Bytes (#4583; f45bb87).
• Fix transaction.index not being populated on some backends (#4591; 7f0e140).

ethers/v6.11.0 (2024-02-08 20:26)

• Allow transaction encoding for inferred type transactions (f02211d).
• Added EIP-4788, receipts root and state root fields to Block (#4570; c5f126f).
• Added EIP-4844 fields to Provider classes and formatter (#4570; 7b4f2c1).
• Assert BrowserProvider receives an EIP-1193 provider to fail early when passing undefined ethereum object (b69f43b).
• Add timeout to ContractTransactionResponse wait (#4497; 095de51).
• Allow override keyword in human-readable ABI and improve error messages (#4514, #4548; be5ec2d).
• Expand Contract sub-class to accept BaseContract super-class constructor arguments (#4538; 98496bc).
• Allow network for default provider to be null to select mainnet (#4501; b6bf7ab).
• Allow long dnsEncode names with optional length parameter (#4543; a136348).
• Fix parseLog signature when receiving read-only array for topics (#4029, #4459; 20cd8a2).
• Use Secure endpoints for BNB on Etherscan (#4525; 1f6e188).
• Added holesky network and related end-points for supporting providers (c6e6c43).
• Added EIP-4844 BLOb transactions (#4554; 9c1e82e).
• Normalize EIP-712 types before computing the payload (#4541; 56c1361).
• Updated thrid-part provider URLs for QuickNode (2b4891d).
• Fixed normalization and abstracted EIP-712 Array parsing (#4541; 8f99601).
• Updated third-party provider network URLs (#4542; 84ca14f).

... (truncated)

Commits

• 4d2d90f Prevent bad Interface clone when using two different versions of v6 (#4689).
• 45b9b9c Fixed typo in error message for invalid quorum weight (#4149)
• 7b74ed7 docs: fixed typo in getting started (#4603)
• f3e07f3 docs: fixed typo in abi basics (#4611)
• b1f6737 docs: fixed typos in jsdocs (#4626)
• d280344 docs: fix typo in jsdocs (#4643)
• 2743cda docs: fixed typo in migration docs
• 6121ed4 docs: fixed typo in jsdocs (#4688).
• 5c8d17a Added matic-amoy to EtherescanProvider (#4711).
• 7b7be0d Fix JsonRpcProvider ignoring pollingInterval in options (#4644).
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.