Bump ws and ethers in /pc-installer

[dependabot]

Bumps ws to 8.21.0 and updates ancestor dependency ethers. These dependencies need to be updated together.

Updates ws from 8.18.0 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

• Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

• Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

8.20.1

... (truncated)

Commits

• bca91ad [dist] 8.21.0
• 2b2abd4 [security] Limit retained message parts
• 78eabe2 [security] Add latest vulnerability to SECURITY.md
• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• 8439255 [dist] 8.20.0
• d3503c1 [minor] Export the PerMessageDeflate class and header utils
• Additional commits viewable in compare view

Updates ethers from 5.8.0 to 6.17.0

Release notes

Sourced from ethers's releases.

ethers/v6.17.0 (2026-06-18 00:49)

• Add requestRate throttle to calls (b48bfe3).
• Added provider requestRate throttle support (b74b6d3).
• Disable AlchemyProvider which does not provide the necessary API capacity for tests (1523ca8).
• Map ResolverNotFound error to null for reverse lookup (d07cfb6).
• Use bigint for coinType instead of number values (4f6ec03).
• Updated AlchemyProvider endpoints for BNB (9bec2f9).
• Added basic ENSv2 tests and fixed issues with EVM cointypes (0e9a73d).
• Adding ENSv2 integrations from adraffy (a2d0af4).
• Update Blockscout deffault API key and links (5647ae3).
• Added transactionsRoot to Block (#5077, #5078; 5bd2ce9).
• Preserve 301/302 method and support 307/308 (#3106, #5115; 999af5f).
• Fix maxFeePerGas property for EtherscanProvider transactions (#5080; ca45d23).
• Added rich inspection for Network and Plugins (f2ffb86).
• Tweaking API for Universal Resolver to be completely backward compatible (9a5c4b5).
• Updated ENS Universal Resolver to latest API (0b3b12b).
• Added CCIP to ENS Universal Resolver reverse resolution (982eef2).
• Added reverse lookup for ENS UniversalResolver (9a9a11d).
• Initial forward resolution using ENS UniversalResolver (51df7b9).

ethers/v6.16.0 (2025-12-02 19:47)

• Added utility method to split EIP-7594 BLOb proofs into its cells (88dfe96).
• Update Alchemy URL endpoint for mainnet (#5052; 719b01d).
• Fail on unsupported Etherscan networks immediately to better support the default provider (94b333b).
• Added Filecoin network and Ankr endpoints (#5038; 986e827).
• Moved to better API for EIP-7594 PeerDAS (#5062; 452b422).
• Added initial EIP-7594 PeerDAS support (#5054, #5062; 6d64889).
• Support RegExp engines with string length limitations (#4967; f0dfbe1).
• Added Transaction and Signature support for non-canonical S values (#4223, #5013; 855d727).
• Allow zero-width big-endian data for toBeHex and allow widths fo toBeArray (#5025; 540f30c).

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

ethers/v6.14.2 (2025-05-26 18:31)

• Fixed call stack overflow in makeError stringify for recursive structures (#4977, #4978; 52a0522).
• Explicitly throw error on gunzip failure to prevent uncaught exception (#4873, #4874; fe98f98).
• Skip additional receipt fetch for single confirmation requests (#4972; 243cb02).
• Update EtherscanProvider to use their v2 API (#4975; 5e09aa1).

ethers/v6.14.1 (2025-05-15 14:17)

• Fix JSON-RPC authorizationList signature entries encoded as DATA instead of QUANTITY values (#4916; 135db72).

ethers/v6.14.0 (2025-05-06 22:02)

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.17.0 (2026-06-17 23:50)

• Add requestRate throttle to calls (b48bfe3).
• Added provider requestRate throttle support (b74b6d3).
• Disable AlchemyProvider which does not provide the necessary API capacity for tests (1523ca8).
• Map ResolverNotFound error to null for reverse lookup (d07cfb6).
• Use bigint for coinType instead of number values (4f6ec03).
• Updated AlchemyProvider endpoints for BNB (9bec2f9).
• Added basic ENSv2 tests and fixed issues with EVM cointypes (0e9a73d).
• Adding ENSv2 integrations from adraffy (a2d0af4).
• Update Blockscout deffault API key and links (5647ae3).
• Added transactionsRoot to Block (#5077, #5078; 5bd2ce9).
• Preserve 301/302 method and support 307/308 (#3106, #5115; 999af5f).
• Fix maxFeePerGas property for EtherscanProvider transactions (#5080; ca45d23).
• Added rich inspection for Network and Plugins (f2ffb86).
• Tweaking API for Universal Resolver to be completely backward compatible (9a5c4b5).
• Updated ENS Universal Resolver to latest API (0b3b12b).
• Added CCIP to ENS Universal Resolver reverse resolution (982eef2).
• Added reverse lookup for ENS UniversalResolver (9a9a11d).
• Initial forward resolution using ENS UniversalResolver (51df7b9).

ethers/v6.16.0 (2025-12-02 19:47)

• Added utility method to split EIP-7594 BLOb proofs into its cells (88dfe96).
• Update Alchemy URL endpoint for mainnet (#5052; 719b01d).
• Fail on unsupported Etherscan networks immediately to better support the default provider (94b333b).
• Added Filecoin network and Ankr endpoints (#5038; 986e827).
• Moved to better API for EIP-7594 PeerDAS (#5062; 452b422).
• Added initial EIP-7594 PeerDAS support (#5054, #5062; 6d64889).
• Support RegExp engines with string length limitations (#4967; f0dfbe1).
• Added Transaction and Signature support for non-canonical S values (#4223, #5013; 855d727).
• Allow zero-width big-endian data for toBeHex and allow widths fo toBeArray (#5025; 540f30c).

ethers/v6.15.0 (2025-07-01 11:24)

• Allow non-canonical S values in Signatures moving errors to access-time (#5013; 9944ec9).

ethers/v6.14.4 (2025-06-12 23:16)

• Fixed serialization of EIP-7702 transactions with leading 0-bytes (#4916; 389dc03).

ethers/v6.14.3 (2025-05-26 18:55)

• Fixed non-normalized yParity on EIP-7702 JSON-RPC responses (#4985; a8803ca).

... (truncated)

Commits

• 3ea4c22 admin: updated dist files
• 2d35b6a docs: fix property access order for Flatworm
• b48bfe3 Add requestRate throttle to calls.
• 39f5ce1 tests: add INFURA_APIKEY for docs and workflows
• 96bd29c tests: added provider throttling to test suites
• b74b6d3 Added provider requestRate throttle support.
• 1523ca8 Disable AlchemyProvider which does not provide the necessary API capacity for...
• d07cfb6 Map ResolverNotFound error to null for reverse lookup.
• c32c542 docs: fix typo in config for INFURA API key
• 7c6b840 admin: include INFURA_APIKEY in docs generation to resolve throttling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.