chore: bump @polkadot/keyring from 13.4.3 to 14.0.3

[dependabot]

Bumps @polkadot/keyring from 13.4.3 to 14.0.3.

Release notes

Sourced from @​polkadot/keyring's releases.

v14.0.3

Changes:

• Fix(hw-ledger): reset transport on operation errors and add explicit disconnect API (#2024)

v14.0.2

Changes:

• Set headers to 2026 (#2021)

Contributed:

• fix(util-crypto): use correct x/y getters in secp256k1Expand (#2018) (Thanks to https://github.com/AndreasGassmann)

v14.0.1

Changes:

• fix(x-randomvalues): prioritize native RN modules over polyfilled crypto (#2013)
• sr25519: switch from wasm to micro-sr25519 (#1971)

v13.5.9

Changes:

• Bump polkadot dependencies (#2011)

v13.5.8

Changes:

• Bump @​polkadot dependencies (#2009)

v13.5.7

Changes:

• Revert "Set pbkdf2Encode rounds to default to 210,000" (#2007)

v13.5.6

Changes:

• Set pbkdf2Encode rounds to default to 210,000 (#1983)
• Bump @​polkadot/wasm deps (#2002)

Contributed:

• Add DENTNet to generic Polkadot app supported chains (#1942)

v13.5.5

Changes:

• Add ledger support for Mythos (#1969)

... (truncated)

Changelog

Sourced from @​polkadot/keyring's changelog.

14.0.3 Mar 23, 2026

Changes:

• Fix(hw-ledger): reset transport on operation errors and add explicit disconnect API (#2024)

14.0.2 Mar 16, 2026

Changes:

• Set headers to 2026 (#2021)

Contributed:

• fix(util-crypto): use correct x/y getters in secp256k1Expand (#2018) (Thanks to https://github.com/AndreasGassmann)

14.0.1 Dec 9, 2025

Changes:

• fix(x-randomvalues): prioritize native RN modules over polyfilled crypto (#2013)
• sr25519: switch from wasm to micro-sr25519 (#1971)

13.5.9 Nov 25, 2025

Changes:

• Bump polkadot dependencies (#2011)

13.5.8 Nov 11, 2025

Changes:

• Bump @​polkadot dependencies (#2009)

13.5.7 Oct 13, 2025

Changes:

• Revert "Set pbkdf2Encode rounds to default to 210,000" (#2007)

13.5.6 Aug 26, 2025

Changes:

... (truncated)

Commits

• 9281daa [CI Skip] release/stable 14.0.3
• c7ed69f 14.0.3 (#2025)
• 22a1246 [CI Skip] bump/beta 14.0.3-0-x
• 152d460 [CI Skip] release/stable 14.0.2
• 4ab957e 14.0.2 (#2023)
• 610c8bb [CI Skip] bump/beta 14.0.2-1-x
• a8732a9 [CI Skip] bump/beta 14.0.2-0-x
• 8d3cb0e Set headers to 2026 (#2021)
• fe0886b [CI Skip] release/stable 14.0.1
• bac357a 14.0.1 (#2014)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by paritytech-ci, a new releaser for @​polkadot/keyring since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[tangletools]

✅ No Blockers — 53990006

Readiness 79/100 · Confidence 70/100 · 3 findings (1 medium, 2 low)

deepseek: Correctness 79 · Security 79 · Testing 79 · Architecture 79

Full multi-shot audit completed 2/2 planned shots over 2 changed files. Global verifier still owns final merge decision.

🟠 MEDIUM @polkadot/keyring v14 bumped in isolation from sibling @PolkaDot packages — package.json

package.json:73 bumps @polkadot/keyring from ^13.4.3 to ^14.0.3, but @polkadot/util (line 76), @polkadot/util-crypto (line 77), @polkadot/api (line 69), and @polkadot/types (line 75) all remain on v13. Lockfile confirms keyring@14.0.3 has strict peer deps on util@14.0.3 and util-crypto@14.0.3. This forces Yarn to install two copies of util (13.4.3 and 14.0.3) and util-crypto (s

🟡 LOW Duplicate @PolkaDot dependency trees inflate install size — package.json

As a consequence of the isolated bump, the resolved dependency tree now contains both @polkadot/util@13.4.3 and @polkadot/util@14.0.3, plus matching util-crypto and x-* sub-packages. Identicon.tsx:7 explicitly calls out keyring+util+util-crypto as ~117KB combined in the vendor chunk. With two versions, this weight may be duplicated if tree-shaking cannot deduplicate across the v13/v14 boundary.

🟡 LOW No evidence tests or typecheck passed with new resolution — package.json

The PR contains only package.json (+1/-1) and yarn.lock (+206/-3). No CI output, test results, or typecheck results are included. While this is normal for a lockfile-only shot, the KeyringPair type imported from @polkadot/keyring/types in scripts/util.ts:3 is now from v14, while the Keyring class used at runtime (scripts/util.ts:1, via @polkadot/api) resolves to keyring v13. A typecheck (yarn typecheck) would confirm no interface breakage between KeyringPair v13 and v14.

---

_{tangletools · 2026-06-03T17:42:18Z · trace}

[tangletools]

✅ Approved — 3 non-blocking findings — 53990006

Full multi-shot audit completed 2/2 planned shots over 2 changed files. Global verifier still owns final merge decision.

Full immutable report for this review: trace

Latest PR review status: sticky summary

---

_{tangletools · 2026-06-03T17:42:18Z · immutable trace}