From 84b93685596333e712f832dc26f3efbc0695dbcc Mon Sep 17 00:00:00 2001
From: Fredrik <84518844+fredriksvantes@users.noreply.github.com>
Date: Tue, 1 Jun 2021 23:01:23 +0200
Subject: [PATCH] Update Ethers.js from 5.0.30 to 5.3.0

ethers.js before 5.3.0 is using ws 7.2.3. This version of ws is vulnerable to Regular Expression Denial of Service (ReDoS). A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. ethers.js 5.3.0 has been updated to use a version of ws that is not vulnerable to this.

https://github.com/ethers-io/ethers.js/pull/1634
https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 8f5dec8d..21b06c6e 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "@types/file-saver": "^2.0.1",
     "ansi_up": "^5.0.0",
     "echarts": "^4.9.0",
-    "ethers": "^5.0.30",
+    "ethers": "^5.3.0",
     "file-saver": "^2.0.5",
     "jszip": "^3.6.0",
     "leaflet": "^1.7.1",