Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @truffle/hdwallet-provider from 1.4.3 to 1.6.0 #13

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade @truffle/hdwallet-provider from 1.4.3 to 1.6.0 #13

wants to merge 1 commit into from

Conversation

PinkDiamond1
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @truffle/hdwallet-provider The new version differs by 250 commits.
  • b788e58 Publish
  • 7a3b70c Merge pull request #4399 from trufflesuite/fix-constants
  • 67b01bd Expand testing of constant decoding and constant mapping keys
  • e002975 Fix decoding of constant bytesN initialized as string literal
  • beb5096 Merge pull request #4372 from trufflesuite/clidbg
  • 5f1e7e0 Merge pull request #4394 from trufflesuite/housecleaning
  • 24183c0 Merge pull request #4396 from trufflesuite/fix-codec-docs
  • e7c657b Fix reference to renamed unsafeNativize
  • d35cb67 Fix reference to renamed ProjectDecoder
  • e191f10 Merge pull request #4356 from trufflesuite/network-overwrite
  • 9dd44c7 Remove travis.yml
  • f470bba Merge pull request #4386 from trufflesuite/add-eip1559
  • ed9e251 CLI debugger allows customizing variables view
  • d95786a Merge pull request #4390 from trufflesuite/no-translate
  • f4b14d6 Update metadata test to use sourcesWithDependencies
  • f8925a6 Turn off base directory transformation in Compile.sources()
  • d8d34b6 Merge pull request #4388 from trufflesuite/ravel
  • 89d0910 Fix yarncheck
  • 90ce05f Update yarn.lock
  • 496405c Merge pull request #4385 from trufflesuite/contract-debug
  • 74fee21 Whitelist maxFeePerGas and maxPriorityFeePerGas in provisioner
  • 91ac725 Add defaults for maxFeePerGas and maxPriorityFeePerGas to config
  • 2b07ec5 Merge pull request #4276 from XWJACK/hdwallet-provider-eip1559
  • ae84a31 Move debug to dependencies from devDependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
PR: unreviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@PinkDiamond1 @snyk-bot