search

bitaccess / coinlib

A unified nodejs API for sending and receiving crypto payments
MIT License
70 stars 27 forks source link

[Snyk] Upgrade web3 from 1.7.5 to 1.8.2 #365

Open dylanseago opened 1 year ago

dylanseago commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade web3 from 1.7.5 to 1.8.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-01-30. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **270/1000**
**Why?** CVSS 5.4 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HTTPCACHESEMANTICS-3248783](https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783) | **270/1000**
**Why?** CVSS 5.4 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: web3
  • 1.8.2 - 2023-01-30

    Changed

    • Updated Webpack 4 to Webpack 5, more details at (#5629)
    • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
    • Updated ethereumjs-util to 7.1.5 (#5629)
    • Updated lerna 4 to version 6 (#5680)
    • Bump utils 0.12.0 to 0.12.5 (#5691)

    Fixed

    • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
    • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
    • Builds fixed by updating all typescript versions to 4.1 (#5675)

    Removed

    • clean-webpack-plugin has been removed from dev-dependencies (#5629)

    Added

    • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
    • Add readable-stream to dev-dependancies for webpack (#5629)

    Security

    • npm audit fix for libraries update (#5726)
  • 1.8.2-rc.0 - 2023-01-11

    Changed

    • Updated Webpack 4 to Webpack 5, more details at (#5629)
    • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
    • Updated ethereumjs-util to 7.1.5 (#5629)
    • Updated lerna 4 to version 6 (#5680)
    • Bump utils 0.12.0 to 0.12.5 (#5691)

    Fixed

    • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
    • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
    • Builds fixed by updating all typescript versions to 4.1 (#5675)

    Removed

    • clean-webpack-plugin has been removed from dev-dependencies (#5629)

    Added

    • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
    • Add readable-stream to dev-dependancies for webpack (#5629)

    Security

    • npm audit fix for libraries update (#5726)
  • 1.8.1 - 2022-11-10

    Fixed

    • Fixed types for getPastEvents (#4955) (#5260)
    • Fix Log type by adding missing removed property (#4877)

    Changed

    • Updated dependencies (#5529)
  • 1.8.1-rc.0 - 2022-10-28

    Fixed

    • Fixed types for getPastEvents (#4955) (#5260)
    • Fix Log type by adding missing removed property (#4877)

    Changed

    • Updated dependencies (#5529)
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
from web3 GitHub release notes
Commit messages
Package name: web3
  • 5442ce9 Build for 1.8.2
  • f5a0251 v1.8.2
  • ad2c90f Merge branch '1.x' into release/1.8.2
  • b995b9e using latest lighthouse docker image in tests (#5741)
  • 5f7e51c Manual build commit for 1.8.2-rc.0
  • 8d877e4 v1.8.2-rc.0
  • c10b204 changelog update for 1.8.2
  • 1e8b727 npm i for 1.8.2
  • 16bcb63 update1xdependencies (#5727)
  • 6602359 Update 1.x tests infrastructure/libs (#5671)
  • 84e0f37 Bump utils (#5700)
  • 3d59de2 5629/lerna (#5680)
  • 885b760 adding webpack 5 (#5649)
  • 85daa8a updating typescript packages (#5673)
  • 12a6d6e fix firefox (#5666)
  • 316bb6c 5601 - fix next.js builds on node v16 (#5619)
  • 3bf37bf Fix: _jsonInterfaceMethodToString export in types (#5550) (#5623)
  • 3b22adf Release/1.8.1 (#5577)
  • 47220b0 1x node v18 test and fixes (#5518)
  • 1b42e65 Tiny enhancements to the Installation section at README.md files (at 1.x) (#5572)
  • 32b4c79 Add `removed` property to `Log` type (#4877) (#5576)
  • b737d27 Update 1.x Dependencies (#5529)
  • a7b5dea Update index.d.ts (#5260)
  • c924148 Release 1.8.0 (#5421)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/ron.moore/project/ce38e2b0-97f8-4cd4-82da-cbc043ee79d7?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/ron.moore/project/ce38e2b0-97f8-4cd4-82da-cbc043ee79d7/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/ron.moore/project/ce38e2b0-97f8-4cd4-82da-cbc043ee79d7/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)