chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
@openzeppelin/contracts	4.9.3	4.9.6
braces	3.0.2	3.0.3
elliptic	6.5.4	removed
ethers	5.7.2	6.13.2
es5-ext	0.10.62	0.10.64
follow-redirects	1.15.3	1.15.6

Updates @openzeppelin/contracts from 4.9.3 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• bd325d5 Release v4.9.5 (#4790)
• ad6a5b6 Add changeset
• 88ac712 Replace double functionDelegateCall
• a83918d Bump node CI version to 16.x
• 0d5f54e Release v4.9.4 (#4784)
• ccfffe1 Make Multicall context-aware
• 9329cfa Remove Wizard page from 4.x
• e1b3d8c Remove Wizard from 4.x navigation
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Removes elliptic

Updates ethers from 5.7.2 to 6.13.2

Release notes

Sourced from ethers's releases.

ethers/v6.13.2 (2024-07-25 18:20)

• Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:37)

• Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:38)

• Added Options for BrowserProvider (#4707; 33bb0bf).
• Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
• Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

• Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
• Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
• Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 23:23)

• Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
• Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
• Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
• Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 02:09)

• Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
• Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
• Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
• Better error messages for transaction field mismatch (#4659; 9230aa0).
• Added prevRandao to block (#3372; ec6a754).
• Added Polygon Amoy testnet (#4645; 1717abb).
• Added Chainstack provider (#2741; 014004d).
• Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
• Added EIP-4844 broadcast support (92bad88).
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.12.0-beta.1 (2024-03-27 14:47)

• Added EIP-4844 broadcast support.
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:47)

• Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).
• Allow ENS wildcards with labels up to 255 bytes wide; discussed with ENS and deemed safe (#4543; 7f14bde).
• Enforce string is passed to toUtf8Bytes (#4583; f45bb87).
• Fix transaction.index not being populated on some backends (#4591; 7f0e140).

ethers/v6.11.0 (2024-02-08 22:02)

• Allow transaction encoding for inferred type transactions (f02211d).
• Added EIP-4788, receipts root and state root fields to Block (#4570; c5f126f).
• Added EIP-4844 fields to Provider classes and formatter (#4570; 7b4f2c1).
• Assert BrowserProvider receives an EIP-1193 provider to fail early when passing undefined ethereum object (b69f43b).
• Add timeout to ContractTransactionResponse wait (#4497; 095de51).

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.13.2 (2024-07-25 17:54)

• Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:09)

• Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:01)

• Added Options for BrowserProvider (#4707; 33bb0bf).
• Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
• Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

• Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
• Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
• Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 22:46)

• Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
• Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
• Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
• Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 01:09)

• Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
• Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
• Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
• Better error messages for transaction field mismatch (#4659; 9230aa0).
• Added prevRandao to block (#3372; ec6a754).
• Added Polygon Amoy testnet (#4645; 1717abb).
• Added Chainstack provider (#2741; 014004d).
• Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
• Added EIP-4844 broadcast support (92bad88).
• Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:13)

• Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).

... (truncated)

Commits

• 1a51af8 Prevent mutating transactions when signing (#4789).
• fc66b8a admin: updated dist files
• c0b364b admin: minor change to force build to pickup nil change for ws upgrade
• a4b1d1f Update ws package to address possible DoS vulnerability.
• 16b8e18 docs: fixed paragraph leaking into code in migration docs
• 9276187 admin: updated dist files
• 90c196a Fix missing return for Result proxy (#4681).
• 5b8781d admin: updated dist files
• e97ca3b Merge branch 'wip-6.13'
• c2d5346 tests: added gasless testcase for RicMoo-controlled domain
• Additional commits viewable in compare view

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.3 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ws from 7.4.6 to 8.5.0

Release notes

Sourced from ws's releases.

8.5.0

Features

• Added the ability to use a custom WebSocket class on the server (#2007).

Bug fixes

• When following redirects, the Authorization and Cookie headers are no longer sent if the redirect host is different from the original host (#2013).

8.4.2

Bug fixes

• Fixed a data framing issue introduced in version 8.4.1 (#2004).

8.4.1

Notable changes

• To improve performance, strings sent via websocket.ping(), websocket.pong(), and websocket.send() are no longer converted to Buffers if the data does not need to be masked (#2000).

8.4.0

Features

• Added ability to generate custom masking keys (#1990).

8.3.0

Features

• Added ability to pause and resume a WebSocket (0a8c7a9c).

Bug fixes

• Fixed a bug that could prevent the connection from being closed cleanly when using the stream API (ed2b8039).
• When following redirects, an error is now emitted and not thrown if the redirect URL is invalid (#1980).

8.2.3

Bug fixes

• When context takeover is enabled, messages are now compressed even if their size is below the value of the perMessageDeflate.threshold option (41ae5631).

8.2.2

Bug fixes

• Some closing operations are now run only if needed (ec9377ca).

... (truncated)

Commits

• c9d5436 [dist] 8.5.0
• 6946f5f [security] Drop sensitive headers when following redirects (#2013)
• 75fdfa9 [test] Fix nits
• e1ddacc [feature] Introduce the WebSocket option (#2007)
• 8a7016d [test] Simplify test
• 33fd101 [dist] 8.4.2
• 0c0754b [fix] Use the byte length of the data (#2004)
• 6ebfeb8 [dist] 8.4.1
• 5b7fbb0 [perf] Reduce buffer allocations (#2000)
• 8de448f [test] Fix failing tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.