[Snyk] Upgrade web3 from 1.2.0 to 1.10.3

[knanjukutty-polymath]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.2.0 to 1.10.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

- The recommended version is **79 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2023-10-18. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Remote Memory Exposure
[SNYK-JS-BL-608877](https://snyk.io/vuln/SNYK-JS-BL-608877) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | No Known Exploit | Prototype Pollution
[SNYK-JS-COPYPROPS-1082870](https://snyk.io/vuln/SNYK-JS-COPYPROPS-1082870) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Arbitrary Code Injection
[SNYK-JS-UNDERSCORE-1080984](https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Arbitrary File Write via Archive Extraction (Zip Slip)
[SNYK-JS-DECOMPRESS-557358](https://snyk.io/vuln/SNYK-JS-DECOMPRESS-557358) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Arbitrary File Write via Archive Extraction (Zip Slip)
[SNYK-JS-DECOMPRESSTAR-559095](https://snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept | Validation Bypass
[SNYK-JS-KINDOF-537849](https://snyk.io/vuln/SNYK-JS-KINDOF-537849) | **199/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.10.3 - 2023-10-18
  

  Security

  • web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)

  • Updated dependencies (#6491)

• 1.10.3-dev.0 - 2023-10-16
  

  Security

  • web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)

  • Updated dependencies (#6491)

  ---

  ( Considering discussion about release tags , v1 will follow tags:

  • legacy ( for v1 releases )
  • legacy-dev ( for v1 test/RC releases, this will replace rc tag)
• 1.10.2 - 2023-08-28
  

  Fixed

  • Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
• 1.10.1 - 2023-08-14
  

  Fixed

  • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
  • ABI encoding for large negative ints (#6239)
  • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

  Changed

  • Replace ethereumjs-util with @ ethereumjs/util (#6283)
• 1.10.1-rc.0 - 2023-08-08
  

  Fixed

  • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
  • ABI encoding for large negative ints (#6239)
  • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

  Changed

  • Replace ethereumjs-util with @ ethereumjs/util (#6283)
• 1.10.0 - 2023-05-10
• 1.10.0-rc.0 - 2023-05-02
• 1.9.0 - 2023-03-20
• 1.9.0-rc.0 - 2023-03-07
• 1.8.2 - 2023-01-30
• 1.8.2-rc.0 - 2023-01-11
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17
• 1.7.0-rc.0 - 2021-12-09
• 1.6.1 - 2021-11-15
• 1.6.1-rc.3 - 2021-11-10
• 1.6.1-rc.2 - 2021-10-27
• 1.6.1-rc.0 - 2021-10-09
• 1.6.0 - 2021-09-30
• 1.6.0-rc.0 - 2021-09-26
• 1.5.3 - 2021-09-22
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15
• 1.5.2-rc.0 - 2021-08-15
• 1.5.1 - 2021-08-05
• 1.5.1-rc.1 - 2021-08-05
• 1.5.1-rc.0 - 2021-07-31
• 1.5.0 - 2021-07-28
• 1.5.0-rc.1 - 2021-07-24
• 1.5.0-rc.0 - 2021-07-21
• 1.4.0 - 2021-06-30
• 1.4.0-rc.0 - 2021-06-25
• 1.3.6 - 2021-05-14
• 1.3.6-rc.2 - 2021-05-13
• 1.3.6-rc.1 - 2021-05-09
• 1.3.5 - 2021-04-05
• 1.3.5-rc.0 - 2021-03-24
• 1.3.4 - 2021-02-03
• 1.3.4-rc.2 - 2021-01-28
• 1.3.4-rc.1 - 2021-01-26
• 1.3.3 - 2021-01-22
• 1.3.2 - 2021-01-21
• 1.3.2-rc.2 - 2021-01-21
• 1.3.1 - 2020-12-17
• 1.3.0 - 2020-09-15
• 1.3.0-rc.0 - 2020-09-02
• 1.2.11 - 2020-07-18
• 1.2.10 - 2020-07-17
• 1.2.10-rc.0 - 2020-07-09
• 1.2.9 - 2020-06-09
• 1.2.9-rc.0 - 2020-06-02
• 1.2.8 - 2020-05-20
• 1.2.8-rc.1 - 2020-05-18
• 1.2.8-rc.0 - 2020-05-08
• 1.2.7 - 2020-04-24
• 1.2.7-rc.0 - 2020-04-15
• 1.2.6 - 2020-02-02
• 1.2.5 - 2020-01-27
• 1.2.5-rc.0 - 2020-01-16
• 1.2.4 - 2019-11-15
• 1.2.3 - 2019-11-14
• 1.2.2 - 2019-10-23
• 1.2.1 - 2019-08-06
• 1.2.0 - 2019-07-23

from web3 GitHub release notes

---

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/knanjukutty-polymath/project/b865d897-f974-46a4-947a-6392bf6f29c8?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/knanjukutty-polymath/project/b865d897-f974-46a4-947a-6392bf6f29c8/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/knanjukutty-polymath/project/b865d897-f974-46a4-947a-6392bf6f29c8/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)