search

OpenZeppelin / defender-client

Monorepo for all defender-client npm packages
https://docs.openzeppelin.com/defender/
MIT License
56 stars 48 forks source link

[Snyk] Security upgrade web3 from 1.10.4 to 4.0.1 #622

Open tirumerla opened 2 months ago

tirumerla commented 2 months ago

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		   738  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/code-frame@7.24.2 environment 0 24.1 kB nicolo-ribaudo
npm/@babel/highlight@7.24.5 environment 0 20.3 kB nicolo-ribaudo
npm/@jest/expect-utils@29.7.0 None 0 28.3 kB simenb
npm/@jest/types@29.6.3 None 0 32.7 kB simenb
npm/@types/istanbul-lib-coverage@2.0.6 None 0 5.45 kB types
npm/@types/stack-utils@2.0.3 None 0 6.43 kB types
npm/ci-info@3.9.0 environment 0 26.1 kB sibiraj-s
npm/jest-matcher-utils@29.7.0 None 0 28.4 kB simenb
npm/jest-message-util@29.7.0 None 0 20.6 kB simenb
npm/jest-util@29.7.0 environment 0 41.8 kB simenb
npm/micromatch@4.0.7 None 0 56.3 kB paulmillr
npm/picocolors@1.0.1 environment 0 5.15 kB alexeyraspopov
npm/picomatch@2.3.1 None 0 90 kB mrmlnc
npm/slash@3.0.0 None 0 3.51 kB sindresorhus
npm/stack-utils@2.0.6 unsafe 0 14.6 kB isaacs

View full report↗︎