Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade web3 from 1.7.3 to 4.0.1 #1535

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

filiptronicek
Copy link
Member

snyk-top-banner

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860
  696  
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867
  541  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862
  391  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
  391  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

Copy link

yarn.lock changes

Summary

Status Count
ADDED 16
UPDATED 20
DOWNGRADED 3
REMOVED 166
Click to toggle table visibility
Name Status Previous Current
@adraffy/ens-normalize ADDED - 1.10.1
@ethereumjs/common REMOVED 2.6.0 -
@ethereumjs/rlp ADDED - 5.0.2
@ethereumjs/tx REMOVED 3.4.0 -
@noble/curves ADDED - 1.4.2
@noble/hashes ADDED - 1.4.0
@scure/base ADDED - 1.1.8
@scure/bip32 ADDED - 1.4.0
@scure/bip39 ADDED - 1.3.0
@sindresorhus/is REMOVED 0.14.0 -
@szmarczak/http-timer REMOVED 1.1.2 -
@types/bn.js DOWNGRADED 5.1.0 4.11.6
@types/ws ADDED - 8.5.3
abitype ADDED - 0.7.1
accepts REMOVED 1.3.7 -
array-flatten REMOVED 1.1.1 -
asn1 REMOVED 0.2.6 -
asn1.js REMOVED 5.4.1 -
assert-plus REMOVED 1.0.0 -
async-limiter REMOVED 1.0.1 -
aws-sign2 REMOVED 0.7.0 -
aws4 REMOVED 1.11.0 -
bcrypt-pbkdf REMOVED 1.0.2 -
bignumber.js REMOVED 9.0.2 -
bluebird REMOVED 3.7.2 -
body-parser REMOVED 1.19.1 -
browserify-cipher REMOVED 1.0.1 -
browserify-des REMOVED 1.0.2 -
browserify-rsa REMOVED 4.1.0 -
browserify-sign REMOVED 4.2.1 -
buffer-to-arraybuffer REMOVED 0.0.5 -
bytes REMOVED 3.1.1 -
cacheable-request REMOVED 6.1.0 -
caseless REMOVED 0.12.0 -
cids REMOVED 0.7.5 -
clone-response REMOVED 1.0.2 -
content-disposition REMOVED 0.5.4 -
content-hash REMOVED 2.5.2 -
content-type REMOVED 1.0.4 -
cookie-signature REMOVED 1.0.6 -
cookiejar REMOVED 2.1.3 -
core-util-is UPDATED 1.0.2 1.0.3
cors REMOVED 2.8.5 -
crc-32 UPDATED 1.2.0 1.2.2
create-ecdh REMOVED 4.0.4 -
cross-fetch UPDATED 3.1.5 4.0.0
crypto-browserify REMOVED 3.12.0 -
d REMOVED 1.0.1 -
dashdash REMOVED 1.14.1 -
decode-uri-component REMOVED 0.2.0 -
defer-to-connect REMOVED 1.1.3 -
depd REMOVED 1.1.2 -
des.js REMOVED 1.0.1 -
destroy REMOVED 1.0.4 -
diffie-hellman REMOVED 5.0.3 -
dom-walk REMOVED 0.1.2 -
duplexer3 REMOVED 0.1.4 -
ecc-jsbn REMOVED 0.1.2 -
ee-first REMOVED 1.1.1 -
encodeurl REMOVED 1.0.2 -
es5-ext REMOVED 0.10.53 -
es6-iterator REMOVED 2.0.3 -
es6-symbol REMOVED 3.1.3 -
etag REMOVED 1.8.1 -
eth-ens-namehash REMOVED 2.0.8 -
eth-lib REMOVED 0.2.8 -
ethereum-bloom-filters REMOVED 1.0.10 -
ethereum-cryptography UPDATED 0.1.3 2.2.1
ethereumjs-util DOWNGRADED 7.1.3 6.2.1
ethjs-unit REMOVED 0.1.6 -
eventemitter3 UPDATED 4.0.4 5.0.1
exit-on-epipe REMOVED 1.0.1 -
express REMOVED 4.17.2 -
ext REMOVED 1.6.0 -
extend REMOVED 3.0.2 -
extsprintf REMOVED 1.3.0 -
finalhandler REMOVED 1.1.2 -
forever-agent REMOVED 0.6.1 -
forwarded REMOVED 0.2.0 -
fresh REMOVED 0.5.2 -
fs-minipass REMOVED 1.2.7 -
getpass REMOVED 0.1.7 -
global REMOVED 4.4.0 -
got REMOVED 9.6.0 -
har-schema REMOVED 2.0.0 -
har-validator REMOVED 5.1.5 -
has-symbol-support-x REMOVED 1.4.2 -
has-to-string-tag-x REMOVED 1.4.1 -
http-cache-semantics REMOVED 4.1.0 -
http-errors REMOVED 1.8.1 -
http-https REMOVED 1.0.0 -
http-signature REMOVED 1.2.0 -
idna-uts46-hx REMOVED 2.3.1 -
is-function REMOVED 1.0.2 -
is-object REMOVED 1.0.2 -
is-retry-allowed REMOVED 1.2.0 -
is-typedarray REMOVED 1.0.0 -
isomorphic-ws ADDED - 5.0.0
isstream REMOVED 0.1.2 -
isurl REMOVED 1.0.0 -
jsbn REMOVED 0.1.1 -
json-buffer REMOVED 3.0.0 -
json-stringify-safe REMOVED 5.0.1 -
jsprim REMOVED 1.4.2 -
keyv REMOVED 3.1.0 -
lowercase-keys REMOVED 2.0.0 -
media-typer REMOVED 0.3.0 -
merge-descriptors REMOVED 1.0.1 -
methods REMOVED 1.1.2 -
miller-rabin REMOVED 4.0.1 -
min-document REMOVED 2.19.0 -
minipass REMOVED 2.9.0 -
minizlib REMOVED 1.3.3 -
mkdirp REMOVED 0.5.5 -
mkdirp-promise REMOVED 5.0.1 -
mock-fs REMOVED 4.14.0 -
ms DOWNGRADED 2.1.3 2.1.2
multibase REMOVED 0.7.0 -
multicodec REMOVED 1.0.4 -
multihashes REMOVED 0.4.21 -
nano-json-stream-parser REMOVED 0.1.2 -
negotiator REMOVED 0.6.2 -
next-tick REMOVED 1.0.0 -
normalize-url REMOVED 4.5.1 -
number-to-bn REMOVED 1.7.0 -
oauth-sign REMOVED 0.9.0 -
oboe REMOVED 2.1.5 -
on-finished REMOVED 2.3.0 -
p-cancelable REMOVED 1.1.0 -
p-finally REMOVED 1.0.0 -
p-timeout REMOVED 1.2.1 -
parse-asn1 REMOVED 5.1.6 -
parse-headers REMOVED 2.0.4 -
parseurl REMOVED 1.3.3 -
path-to-regexp REMOVED 0.1.7 -
performance-now REMOVED 2.1.0 -
prepend-http REMOVED 2.0.0 -
printj REMOVED 1.1.2 -
process REMOVED 0.11.10 -
proxy-addr REMOVED 2.0.7 -
public-encrypt REMOVED 4.0.3 -
qs REMOVED 6.9.6 -
query-string REMOVED 5.1.1 -
randomfill REMOVED 1.0.4 -
raw-body REMOVED 2.4.2 -
request REMOVED 2.88.2 -
responselike REMOVED 1.0.2 -
send REMOVED 0.17.2 -
serve-static REMOVED 1.14.2 -
servify REMOVED 0.1.12 -
setprototypeof REMOVED 1.2.0 -
sshpk REMOVED 1.17.0 -
statuses REMOVED 1.5.0 -
strict-uri-encode REMOVED 1.1.0 -
swarm-js REMOVED 0.1.40 -
tar REMOVED 4.4.19 -
timed-out REMOVED 4.0.1 -
to-readable-stream REMOVED 1.0.0 -
toidentifier REMOVED 1.0.1 -
type REMOVED 2.5.0 -
type-is REMOVED 1.6.18 -
typedarray-to-buffer REMOVED 3.1.5 -
ultron REMOVED 1.1.1 -
unpipe REMOVED 1.0.0 -
url-parse-lax REMOVED 3.0.0 -
url-set-query REMOVED 1.0.0 -
url-to-options REMOVED 1.0.1 -
utf8 REMOVED 3.0.0 -
utils-merge REMOVED 1.0.1 -
vary REMOVED 1.1.2 -
verror REMOVED 1.10.0 -
web3 UPDATED 1.7.3 4.12.1
web3-bzz REMOVED 1.7.3 -
web3-core UPDATED 1.7.3 4.5.1
web3-core-helpers REMOVED 1.7.3 -
web3-core-method REMOVED 1.7.3 -
web3-core-promievent REMOVED 1.7.3 -
web3-core-requestmanager REMOVED 1.7.3 -
web3-core-subscriptions REMOVED 1.7.3 -
web3-errors ADDED - 1.3.0
web3-eth UPDATED 1.7.3 4.8.2
web3-eth-abi UPDATED 1.7.3 4.2.3
web3-eth-accounts UPDATED 1.7.3 4.2.1
web3-eth-contract UPDATED 1.7.3 4.7.0
web3-eth-ens UPDATED 1.7.3 4.4.0
web3-eth-iban UPDATED 1.7.3 4.0.7
web3-eth-personal UPDATED 1.7.3 4.0.8
web3-net UPDATED 1.7.3 4.1.0
web3-providers-http UPDATED 1.7.3 4.2.0
web3-providers-ipc UPDATED 1.7.3 4.0.7
web3-providers-ws UPDATED 1.7.3 4.0.8
web3-rpc-methods ADDED - 1.3.0
web3-rpc-providers ADDED - 1.0.0-rc.2
web3-shh REMOVED 1.7.3 -
web3-types ADDED - 1.7.0
web3-utils UPDATED 1.7.3 4.3.1
web3-validator ADDED - 2.0.6
websocket REMOVED 1.0.34 -
ws UPDATED 8.9.0 8.18.0
xhr REMOVED 2.6.0 -
xhr-request REMOVED 1.1.0 -
xhr-request-promise REMOVED 0.1.3 -
xhr2-cookies REMOVED 1.1.0 -
yaeti REMOVED 0.0.6 -
zod ADDED - 3.23.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants