Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade web3 from 1.7.3 to 1.9.0 #44

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade web3 from 1.7.3 to 1.9.0 #44

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade web3 from 1.7.3 to 1.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 15 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-03-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Open Redirect
SNYK-JS-GOT-2932019		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Open Redirect
SNYK-JS-GOT-2932019		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-NUNJUCKS-5431309		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: web3
  • 1.9.0 - 2023-03-20

    Fixed

    • Fixed skipped ws-ganache tests (#5759)
    • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
    • Fixed Error: Number can only safely store up to 53 bits (#5845)
    • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
    • Fixed Transaction type by adding missing properties (#5856)

    Changed

    • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
    • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
    • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
    • Add description to error for failed connection on websocket (#5884)

    Security

    • Updated dependencies (#5885)
  • 1.9.0-rc.0 - 2023-03-07

    Fixed

    • Fixed skipped ws-ganache tests (#5759)
    • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
    • Fixed Error: Number can only safely store up to 53 bits (#5845)
    • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
    • Fixed Transaction type by adding missing properties (#5856)

    Changed

    • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
    • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
    • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
    • Add description to error for failed connection on websocket (#5884)

    Security

    • Updated dependencies (#5885)
  • 1.8.2 - 2023-01-30

    Changed

    • Updated Webpack 4 to Webpack 5, more details at (#5629)
    • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
    • Updated ethereumjs-util to 7.1.5 (#5629)
    • Updated lerna 4 to version 6 (#5680)
    • Bump utils 0.12.0 to 0.12.5 (#5691)

    Fixed

    • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
    • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
    • Builds fixed by updating all typescript versions to 4.1 (#5675)

    Removed

    • clean-webpack-plugin has been removed from dev-dependencies (#5629)

    Added

    • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
    • Add readable-stream to dev-dependancies for webpack (#5629)

    Security

    • npm audit fix for libraries update (#5726)
  • 1.8.2-rc.0 - 2023-01-11

    Changed

    • Updated Webpack 4 to Webpack 5, more details at (#5629)
    • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
    • Updated ethereumjs-util to 7.1.5 (#5629)
    • Updated lerna 4 to version 6 (#5680)
    • Bump utils 0.12.0 to 0.12.5 (#5691)

    Fixed

    • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
    • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
    • Builds fixed by updating all typescript versions to 4.1 (#5675)

    Removed

    • clean-webpack-plugin has been removed from dev-dependencies (#5629)

    Added

    • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
    • Add readable-stream to dev-dependancies for webpack (#5629)

    Security

    • npm audit fix for libraries update (#5726)
  • 1.8.1 - 2022-11-10
  • 1.8.1-rc.0 - 2022-10-28
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
  • 1.7.5-rc.1 - 2022-07-19
  • 1.7.5-rc.0 - 2022-07-15
  • 1.7.4 - 2022-06-21
  • 1.7.4-rc.2 - 2022-06-16
  • 1.7.4-rc.1 - 2022-06-08
  • 1.7.4-rc.0 - 2022-05-17
  • 1.7.3 - 2022-04-08
from web3 GitHub release notes
Commit messages
Package name: web3
  • db5f505 Build for 1.9.0
  • 908604b v1.9.0
  • c564ebe Build commit for 1.9.0-rc.0
  • 8ae1e23 v1.9.0-rc.0
  • da51334 npm i and changelog update
  • 2b3fb3a Nikos/5835/websocket provider keeps important error message back (#5884)
  • ef23642 dependencies updates (#5885)
  • 8d369a9 Nikos/5821/transaction type fix (#5856)
  • afa2943 fix types default export (#5852) (#5866)
  • e4b25bf Add optional param `hex` to `getTransaction` and `getBlock`. (#5845)
  • 8621030 handled "provider started to reconnect error" (#5820)
  • 5009bdd Update web3-eth-accounts.rst (#5810)
  • 5807398 updating ganache failing test (#5779)
  • 630c048 Fix: minor typos (#5734)
  • bcb918b Spelling Mistake Corrected (#5784)
  • 632c5d3 1.8.2 (#5740)
  • b995b9e using latest lighthouse docker image in tests (#5741)
  • 16bcb63 update1xdependencies (#5727)
  • 6602359 Update 1.x tests infrastructure/libs (#5671)
  • 84e0f37 Bump utils (#5700)
  • 3d59de2 5629/lerna (#5680)
  • 885b760 adding webpack 5 (#5649)
  • 85daa8a updating typescript packages (#5673)
  • 12a6d6e fix firefox (#5666)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot