search

OpenZeppelin / defender-client

Monorepo for all defender-client npm packages
https://docs.openzeppelin.com/defender/
MIT License
56 stars 48 forks source link

[Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 #605

Open tirumerla opened 2 months ago

tirumerla commented 2 months ago

snyk-top-banner

Snyk has created this PR to fix 3 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		   848  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		   848  
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		   848  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/@babel/compat-data@7.24.4, npm/@babel/core@7.24.5, npm/@babel/generator@7.24.5, npm/@babel/helper-compilation-targets@7.23.6, npm/@babel/helper-environment-visitor@7.22.20, npm/@babel/helper-function-name@7.23.0, npm/@babel/helper-hoist-variables@7.22.5, npm/@babel/helper-module-imports@7.24.3, npm/@babel/helper-module-transforms@7.24.5, npm/@babel/helper-plugin-utils@7.24.5, npm/@babel/helper-simple-access@7.24.5, npm/@babel/helper-split-export-declaration@7.24.5, npm/@babel/helper-string-parser@7.24.1, npm/@babel/helper-validator-option@7.23.5, npm/@babel/helpers@7.24.5, npm/@babel/parser@7.24.5, npm/@babel/plugin-syntax-async-generators@7.8.4, npm/@babel/plugin-syntax-bigint@7.8.3, npm/@babel/plugin-syntax-class-properties@7.12.13, npm/@babel/plugin-syntax-import-meta@7.10.4, npm/@babel/plugin-syntax-json-strings@7.8.3, npm/@babel/plugin-syntax-jsx@7.24.1, npm/@babel/plugin-syntax-logical-assignment-operators@7.10.4, npm/@babel/plugin-syntax-nullish-coalescing-operator@7.8.3, npm/@babel/plugin-syntax-numeric-separator@7.10.4, npm/@babel/plugin-syntax-object-rest-spread@7.8.3, npm/@babel/plugin-syntax-optional-catch-binding@7.8.3, npm/@babel/plugin-syntax-optional-chaining@7.8.3, npm/@babel/plugin-syntax-top-level-await@7.14.5, npm/@babel/plugin-syntax-typescript@7.24.1, npm/@babel/template@7.24.0, npm/@babel/traverse@7.24.5, npm/@babel/types@7.24.5, npm/@bcoe/v8-coverage@0.2.3, npm/@humanwhocodes/object-schema@2.0.3, npm/@hutson/parse-repository-url@3.0.2, npm/@istanbuljs/load-nyc-config@1.1.0, npm/@istanbuljs/schema@0.1.3, npm/@jest/console@29.7.0, npm/@jest/core@29.7.0, npm/@jest/environment@29.7.0, npm/@jest/expect@29.7.0, npm/@jest/fake-timers@29.7.0, npm/@jest/globals@29.7.0, npm/@jest/reporters@29.7.0, npm/@jest/source-map@29.6.3, npm/@jest/test-result@29.7.0, npm/@jest/test-sequencer@29.7.0, npm/@jest/transform@29.7.0, npm/@jridgewell/gen-mapping@0.3.5, npm/@jridgewell/resolve-uri@3.1.2, npm/@jridgewell/set-array@1.2.1, npm/@jridgewell/sourcemap-codec@1.4.15, npm/@jridgewell/trace-mapping@0.3.25, npm/@lerna/child-process@7.4.2, npm/@lerna/create@7.4.2, npm/@npmcli/git@4.1.0, npm/@npmcli/installed-package-contents@2.1.0, npm/@npmcli/node-gyp@3.0.0, npm/@npmcli/promise-spawn@6.0.2, npm/@npmcli/run-script@6.0.2, npm/@nrwl/devkit@16.10.0, npm/@nrwl/nx-cloud@19.0.0, npm/@nx/devkit@16.10.0, npm/@octokit/auth-token@3.0.4, npm/@octokit/core@4.2.4, npm/@octokit/endpoint@7.0.6, npm/@octokit/graphql@5.0.6, npm/@octokit/openapi-types@18.1.1, npm/@octokit/plugin-enterprise-rest@6.0.1, npm/@octokit/plugin-paginate-rest@6.1.2, npm/@octokit/plugin-request-log@1.0.4, npm/@octokit/plugin-rest-endpoint-methods@7.2.3, npm/@octokit/request-error@3.0.3, npm/@octokit/request@6.2.8, npm/@octokit/rest@19.0.11, npm/@octokit/tsconfig@1.0.2, npm/@octokit/types@9.3.2, npm/@openzeppelin/defender-admin-client@1.54.2, npm/@openzeppelin/defender-autotask-client@1.54.2, npm/@openzeppelin/defender-relay-client@1.54.6, npm/@sigstore/bundle@1.1.0, npm/@sigstore/protobuf-specs@0.2.1, npm/@sigstore/sign@1.0.0, npm/@sigstore/tuf@1.0.3, npm/@sinonjs/commons@3.0.1, npm/@sinonjs/fake-timers@10.3.0, npm/@tootallnate/once@2.0.0, npm/@tufjs/canonical-json@1.0.0, npm/@tufjs/models@1.0.4, npm/@types/babel__core@7.20.5, npm/@types/babel__generator@7.6.8, npm/@types/babel__template@7.4.4, npm/@types/babel__traverse@7.20.6, npm/@types/graceful-fs@4.1.9, npm/@types/minimist@1.2.5, npm/abbrev@1.1.1, npm/acorn-jsx@5.3.2, npm/acorn@8.11.3, npm/add-stream@1.0.0, npm/agent-base@6.0.2, npm/agentkeepalive@4.5.0, npm/aggregate-error@3.1.0, npm/ajv@6.12.6, npm/ansi-escapes@4.3.2, npm/anymatch@3.1.3, npm/aproba@2.0.0, npm/are-we-there-yet@3.0.1, npm/array-differ@3.0.0, npm/array-ify@1.0.0, npm/arrify@2.0.1, npm/async@3.2.5, npm/babel-jest@29.7.0, npm/babel-plugin-istanbul@6.1.1, npm/babel-plugin-jest-hoist@29.6.3, npm/babel-preset-current-node-syntax@1.0.1, npm/babel-preset-jest@29.6.3, npm/before-after-hook@2.2.3, npm/browserslist@4.23.0, npm/bs-logger@0.2.6, npm/bser@2.1.1, npm/buffer-from@1.1.2, npm/builtins@1.0.3, npm/byte-size@8.1.1, npm/cacache@17.1.4, npm/callsites@3.1.0, npm/camelcase-keys@6.2.2, npm/camelcase@6.3.0, npm/caniuse-lite@1.0.30001621, npm/char-regex@1.0.2, npm/chardet@0.7.0, npm/chownr@2.0.0, npm/cjs-module-lexer@1.3.1, npm/clean-stack@2.2.0, npm/cli-width@3.0.0, npm/clone-deep@4.0.1, npm/clone@1.0.4, npm/cmd-shim@6.0.1, npm/co@4.6.0, npm/collect-v8-coverage@1.0.2, npm/color-support@1.1.3, npm/columnify@1.6.0, npm/compare-func@2.0.0, npm/concat-stream@2.0.0, npm/console-control-strings@1.1.0, npm/conventional-changelog-angular@7.0.0, npm/conventional-changelog-core@5.0.1, npm/conventional-changelog-preset-loader@3.0.0, npm/conventional-changelog-writer@6.0.1, npm/conventional-commits-filter@3.0.0, npm/conventional-commits-parser@4.0.0, npm/conventional-recommended-bump@7.0.1, npm/convert-source-map@2.0.0, npm/cosmiconfig@8.3.6, npm/create-jest@29.7.0, npm/cross-spawn@7.0.3, npm/dargs@7.0.0, npm/dateformat@3.0.3, npm/decamelize-keys@1.1.1, npm/decamelize@1.2.0, npm/dedent@1.5.3, npm/deep-is@0.1.4, npm/deepmerge@4.3.1, npm/defaults@1.0.4, npm/delegates@1.0.0, npm/deprecation@2.3.1, npm/detect-indent@5.0.0, npm/detect-newline@3.1.0, npm/doctrine@3.0.0, npm/dot-prop@5.3.0, npm/ejs@3.1.10, npm/electron-to-chromium@1.4.779, npm/emittery@0.13.1, npm/encoding@0.1.13, npm/env-paths@2.2.1, npm/envinfo@7.8.1, npm/err-code@2.0.3, npm/error-ex@1.3.2, npm/eslint-config-prettier@8.10.0, npm/eslint-plugin-prettier@4.2.1, npm/espree@9.6.1, npm/esquery@1.5.0, npm/esutils@2.0.3, npm/eventemitter3@4.0.7, npm/execa@5.1.1, npm/exit@0.1.2, npm/exponential-backoff@3.1.1, npm/external-editor@3.1.0, npm/fast-deep-equal@3.1.3, npm/fast-diff@1.3.0, npm/fast-json-stable-stringify@2.1.0, npm/fast-levenshtein@2.0.6, npm/fb-watchman@2.0.2, npm/file-entry-cache@6.0.1, npm/filelist@1.0.4, npm/find-up@5.0.0, npm/flat-cache@3.2.0, npm/flatted@3.3.1, npm/fs-minipass@3.0.3, npm/fsevents@2.3.3, npm/function-bind@1.1.2, npm/gauge@4.0.4, npm/gensync@1.0.0-beta.2, npm/get-package-type@0.1.0, npm/get-pkg-repo@4.2.1, npm/get-port@5.1.1, npm/get-stream@6.0.1, npm/git-raw-commits@3.0.0, npm/git-remote-origin-url@2.0.0, npm/git-semver-tags@5.0.1, npm/git-up@7.0.0, npm/git-url-parse@13.1.0, npm/gitconfiglocal@1.0.0, npm/globals@13.24.0, npm/handlebars@4.7.8, npm/hard-rejection@2.1.0, npm/has-unicode@2.0.1, npm/hasown@2.0.2, npm/hosted-git-info@6.1.1, npm/html-escaper@2.0.2, npm/http-cache-semantics@4.1.1, npm/http-proxy-agent@5.0.0, npm/https-proxy-agent@5.0.1, npm/human-signals@2.1.0, npm/humanize-ms@1.2.1, npm/iconv-lite@0.4.24, npm/ignore-walk@5.0.1, npm/import-fresh@3.3.0, npm/import-local@3.1.0, npm/imurmurhash@0.1.4, npm/indent-string@4.0.0, npm/ini@1.3.8, npm/init-package-json@5.0.0, npm/inquirer@8.2.6, npm/ip-address@9.0.5, npm/is-arrayish@0.2.1, npm/is-ci@3.0.1, npm/is-core-module@2.13.1, npm/is-generator-fn@2.1.0, npm/is-interactive@1.0.0, npm/is-lambda@1.0.1, npm/is-obj@2.0.0, npm/is-path-inside@3.0.3, npm/is-plain-obj@1.1.0, npm/is-plain-object@2.0.4, npm/is-ssh@1.4.0, npm/is-stream@2.0.1, npm/is-text-path@1.0.1, npm/is-unicode-supported@0.1.0, npm/isexe@2.0.0, npm/isobject@3.0.1, npm/istanbul-lib-coverage@3.2.2, npm/istanbul-lib-instrument@6.0.2, npm/istanbul-lib-report@3.0.1, npm/istanbul-lib-source-maps@4.0.1, npm/istanbul-reports@3.1.7, npm/jake@10.9.1, npm/jest-changed-files@29.7.0, npm/jest-circus@29.7.0, npm/jest-cli@29.7.0, npm/jest-config@29.7.0, npm/jest-docblock@29.7.0, npm/jest-each@29.7.0, npm/jest-environment-node@29.7.0, npm/jest-haste-map@29.7.0, npm/jest-leak-detector@29.7.0, npm/jest-mock@29.7.0, npm/jest-pnp-resolver@1.2.3, npm/jest-regex-util@29.6.3, npm/jest-resolve-dependencies@29.7.0, npm/jest-resolve@29.7.0, npm/jest-runner@29.7.0, npm/jest-runtime@29.7.0, npm/jest-snapshot@29.7.0, npm/jest-validate@29.7.0, npm/jest-watcher@29.7.0, npm/jest-worker@29.7.0, npm/jest@29.7.0, npm/jsbn@1.1.0, npm/jsesc@2.5.2, npm/json-buffer@3.0.1, npm/json-parse-even-better-errors@2.3.1, npm/json-schema-traverse@0.4.1, npm/json-stable-stringify-without-jsonify@1.0.1, npm/json-stringify-safe@5.0.1, npm/jsonparse@1.3.1, npm/jsonstream@1.3.5, npm/keyv@4.5.4, npm/kind-of@6.0.3, npm/kleur@3.0.3, npm/lerna@7.4.2, npm/leven@3.1.0, npm/levn@0.4.1, npm/libnpmaccess@7.0.2, npm/libnpmpublish@7.3.0, npm/load-json-file@6.2.0, npm/locate-path@6.0.0, npm/lodash.ismatch@4.4.0, npm/lodash.memoize@4.1.2, npm/lodash.merge@4.6.2, npm/log-symbols@4.1.0, npm/make-dir@4.0.0, npm/make-error@1.3.6, npm/make-fetch-happen@11.1.1, npm/makeerror@1.0.12, npm/map-obj@1.0.1, npm/meow@8.1.2, npm/merge-stream@2.0.0, npm/min-indent@1.0.1, npm/minimist-options@4.1.0, npm/minipass-collect@1.0.2, npm/minipass-fetch@3.0.5, npm/minipass-flush@1.0.5, npm/minipass-json-stream@1.0.1, npm/minipass-pipeline@1.2.4, npm/minipass-sized@1.0.3, npm/minipass@5.0.0, npm/minizlib@2.1.2, npm/mkdirp@1.0.4, npm/modify-values@1.0.1, npm/multimatch@5.0.0, npm/mute-stream@1.0.0, npm/natural-compare@1.4.0, npm/negotiator@0.6.3, npm/neo-async@2.6.2, npm/node-fetch@2.6.7, npm/node-gyp@9.4.1, npm/node-int64@0.4.0, npm/node-releases@2.0.14, npm/nopt@6.0.0, npm/normalize-package-data@5.0.0, npm/normalize-path@3.0.0, npm/npm-bundled@1.1.2, npm/npm-install-checks@6.3.0, npm/npm-normalize-package-bin@1.0.1, npm/npm-package-arg@10.1.0, npm/npm-packlist@5.1.1, npm/npm-pick-manifest@8.0.2, npm/npm-registry-fetch@14.0.5, npm/npmlog@6.0.2, npm/nx-cloud@19.0.0, npm/optionator@0.9.4, npm/ora@5.4.1, npm/p-finally@1.0.0, npm/p-limit@3.1.0, npm/p-locate@5.0.0, npm/p-map-series@2.1.0, npm/p-map@4.0.0, npm/p-pipe@3.1.0, npm/p-queue@6.6.2, npm/p-reduce@2.1.0, npm/p-timeout@3.2.0, npm/p-waterfall@2.1.1, npm/pacote@15.2.0, npm/parent-module@1.0.1, npm/parse-json@5.2.0, npm/parse-path@7.0.0, npm/parse-url@8.1.0, npm/path-exists@4.0.0, npm/path-parse@1.0.7, npm/pify@5.0.0, npm/pirates@4.0.6, npm/pkg-dir@4.2.0, npm/prelude-ls@1.2.1, npm/prettier-linter-helpers@1.0.0, npm/prettier@2.8.8, npm/proc-log@3.0.0, npm/promise-inflight@1.0.1, npm/promise-retry@2.0.1, npm/prompts@2.4.2, npm/promzard@1.0.2, npm/protocols@2.0.1, npm/punycode@2.3.1, npm/pure-rand@6.1.0, npm/quick-lru@4.0.1, npm/read-cmd-shim@4.0.0, npm/read-package-json-fast@3.0.2, npm/read-package-json@6.0.4, npm/read-pkg-up@3.0.0, npm/read-pkg@3.0.0, npm/read@3.0.1, npm/redent@3.0.0, npm/resolve-cwd@3.0.0, npm/resolve-from@4.0.0, npm/resolve.exports@2.0.2, npm/resolve@1.22.8, npm/retry@0.12.0, npm/rimraf@3.0.2, npm/run-async@2.4.1, npm/rxjs@7.8.1, npm/safer-buffer@2.1.2, npm/set-blocking@2.0.0, npm/shallow-clone@3.0.1, npm/shebang-command@2.0.0, npm/shebang-regex@3.0.0, npm/sigstore@1.9.0, npm/sisteransi@1.0.5, npm/smart-buffer@4.2.0, npm/socks-proxy-agent@7.0.0, npm/socks@2.8.3, npm/sort-keys@2.0.0, npm/source-map-support@0.5.13, npm/source-map@0.6.1, npm/spdx-correct@3.2.0, npm/spdx-exceptions@2.5.0, npm/spdx-expression-parse@3.0.1, npm/spdx-license-ids@3.0.17, npm/split2@3.2.2, npm/split@1.0.1, npm/ssri@10.0.6, npm/string-length@4.0.2, npm/strip-final-newline@2.0.0, npm/strip-indent@3.0.0, npm/strip-json-comments@3.1.1, npm/supports-preserve-symlinks-flag@1.0.0, npm/tar@6.2.1, npm/temp-dir@1.0.0, npm/test-exclude@6.0.0, npm/text-extensions@1.9.0, npm/text-table@0.2.0, npm/through2@2.0.5, npm/tmpl@1.0.5, npm/to-fast-properties@2.0.0, npm/trim-newlines@3.0.1, npm/ts-jest@29.1.3, npm/tuf-js@1.1.7, npm/type-check@0.4.0, npm/type-detect@4.0.8, npm/type-fest@0.20.2, npm/typedarray@0.0.6, npm/typescript@4.9.5, npm/uglify-js@3.17.4, npm/unique-filename@3.0.0, npm/unique-slug@4.0.0, npm/universal-user-agent@6.0.1, npm/upath@2.0.1, npm/update-browserslist-db@1.0.16, npm/uri-js@4.4.1, npm/uuid@9.0.1, npm/v8-to-istanbul@9.2.0, npm/validate-npm-package-license@3.0.4, npm/validate-npm-package-name@3.0.0, npm/walker@1.0.8, npm/wcwidth@1.0.1, npm/which@2.0.2, npm/wide-align@1.1.5, npm/word-wrap@1.2.5, npm/wordwrap@1.0.0, npm/write-file-atomic@4.0.2, npm/write-json-file@3.2.0, npm/write-pkg@4.0.0, npm/xtend@4.0.2, npm/yocto-queue@0.1.0

View full report↗︎