[Snyk] Security upgrade ethers from 5.7.2 to 6.0.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Denial of Service (DoS) SNYK-JS-WS-7266574	768

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ethersproject/[email protected]	None	0	80.7 kB	ricmoo
npm/@ethersproject/[email protected]	None	0	125 kB	ricmoo
npm/@ethersproject/[email protected]	None	0	17.4 kB	ricmoo
npm/@ethersproject/[email protected]	None	0	390 kB	ricmoo
npm/[email protected]	network	0	12.6 MB	ricmoo

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Deprecated	npm/[email protected]	Reason: core-js-pure@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js-pure.	package.json
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	package.json
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	package.json
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	package.json
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	package.json
Install scripts	npm/[email protected]	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	package.json
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	package.json
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	package.json
New author	npm/[email protected]	New Author: doowb Previous Author: jonschlinkert	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 3/25/2018, 9:26:14 PM	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: this library is no longer supported	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: http Location: Package overview	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: doowb Previous Author: jonschlinkert	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 4/30/2018, 1:12:05 PM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 4/30/2018, 10:28:42 AM	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: Please upgrade to v0.1.7	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: Please upgrade to v0.1.5	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 10/17/2017, 11:01:55 AM	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Environment variable access	npm/[email protected]	Env Vars: Location: Package overview	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: aduh95 Previous Author: quartzjer	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 7/29/2018, 5:44:40 PM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 4/25/2017, 11:40:58 PM	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: http Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: https Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: net Location: Package overview	orphan: npm/[email protected]
Network access	npm/[email protected]	Module: http-cache-semantics Location: Package overview	orphan: npm/[email protected]
Trivial Package	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: eval Location: Package overview	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 12/21/2018, 2:22:15 PM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 3/13/2018, 6:36:10 PM	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: sindresorhus Previous Author: floatdrop	orphan: npm/[email protected]
Trivial Package	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 6/10/2019, 11:26:48 AM	orphan: npm/[email protected]
CVE	npm/[email protected]	CVE: GHSA-x9w5-v3q2-3rhw browserify-sign upper bound check issue in dsaVerify leads to a signature forgery attack (HIGH) Affected versions: >= 2.6.0, <= 4.2.1 Patched version: 4.2.2	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 4/11/2018, 12:03:30 PM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 7/10/2018, 3:06:46 PM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 11/4/2018, 9:00:13 PM	orphan: npm/[email protected]
Trivial Package	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Mild CVE	npm/[email protected]	CVE: GHSA-4gmj-3p3h-gm8h es5-ext vulnerable to Regular Expression Denial of Service in function#copy and function#toStringTokens (LOW) Affected versions: >= 0.10.0, < 0.10.63 Patched version: 0.10.63	orphan: npm/[email protected]
Protestware/Troll package	npm/[email protected]	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
Uses eval	npm/[email protected]	Eval Type: Function Location: Package overview	orphan: npm/[email protected]
CVE	npm/[email protected]	CVE: GHSA-rc47-6667-2j5j http-cache-semantics vulnerable to Regular Expression Denial of Service (HIGH) Affected versions: < 4.1.1 Patched version: 4.1.1	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: dcousens Previous Author: jprichardson	package.json
Trivial Package	npm/[email protected]	Location: Package overview	package.json
Deprecated	npm/[email protected]	Reason: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/ReDos Vulnerability Regression Visibility Notice debug-js/debug#797)	package.json
Mild CVE	npm/[email protected]	CVE: GHSA-gxpj-cx7g-858c Regular Expression Denial of Service in debug (LOW) Affected versions: >= 3.2.0, < 3.2.7 Patched version: 3.2.7	package.json
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	orphan: npm/[email protected]
New author	npm/[email protected]	New Author: dougwilson Previous Author: jongleberry	orphan: npm/[email protected]
CVE	npm/[email protected]	CVE: GHSA-r683-j2x4-v87g node-fetch forwards secure headers to untrusted sites (HIGH) Affected versions: < 2.6.7 Patched version: 2.6.7	orphan: npm/[email protected]
Mild CVE	npm/[email protected]	CVE: GHSA-w7rc-rwvf-8q5r The size option isn't honored after following a redirect in node-fetch (LOW) Affected versions: < 2.6.1 Patched version: 2.6.1	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: This module has been superseded by the multiformats module	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: This module has been superseded by the multiformats module	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 11/27/2017, 5:29:18 PM	orphan: npm/[email protected]
Deprecated	npm/[email protected]	Reason: New package name format for new versions: @ethereumjs/tx. Please update.	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 12/20/2016, 2:31:29 AM	orphan: npm/[email protected]
Unmaintained	npm/[email protected]	Last Publish: 6/10/2018, 6:36:38 PM	package.json
Non-existent author	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Dynamic require	npm/[email protected]	Location: Package overview	orphan: npm/[email protected]
Critical CVE	npm/[email protected]	CVE: GHSA-896r-f27r-55mw json-schema is vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 0.4.0