Release 2.25.2 (develop)

Adamj1232 commented 4 months ago

✨ Highlights

[UPDATE] - Celo icon and demo support #2131
[FIX] - 6963 provider creation #2123

📦 Changes per package

@web3-onboard/core : 2.21.4 @web3-onboard/injected-wallets : 2.10.14 @web3-onboard/dcent : 2.2.8 @web3-onboard/react : 2.8.15 @web3-onboard/solid : 2.0.2 @web3-onboard/vue : 2.7.14

socket-security[bot] commented 4 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/events@3.3.0	None	`0`	82.8 kB	goto-bus-stop
npm/evp_bytestokey@1.0.3	None	`+2`	18.9 kB	dcousens
npm/extsprintf@1.3.0	None	`0`	22.8 kB	dap
npm/fast-deep-equal@3.1.3	None	`0`	13 kB	esp
npm/fast-safe-stringify@2.1.1	None	`0`	39.7 kB	matteo.collina
npm/follow-redirects@1.15.2	network	`0`	28.3 kB	rubenverborgh
npm/get-intrinsic@1.1.3	eval	`+2`	65.1 kB	ljharb
npm/google-protobuf@3.21.2	None	`0`	820 kB	dibenede
npm/has-symbols@1.0.3	None	`0`	20.6 kB	ljharb
npm/ieee754@1.2.1	None	`0`	6.8 kB	feross
npm/is-typed-array@1.1.10	None	`+5`	93.1 kB	ljharb
npm/is-typedarray@1.0.0	None	`0`	4.41 kB	hughsk
npm/json-rpc-engine@6.1.0	None	`0`	47.4 kB	rekmarks
npm/json-rpc-random-id@1.0.1	None	`0`	2.12 kB	kumavis
npm/json-stable-stringify@1.0.2	None	`+1`	43.1 kB	ljharb
npm/json-stringify-safe@5.0.1	None	`0`	12.7 kB	isaacs
npm/keccak@3.0.2	None	`+1`	1.57 MB	fanatid
npm/level-errors@1.0.5	None	`+2`	34.4 kB	ralphtheninja
npm/lodash@4.17.21	None	`0`	1.41 MB	bnjmnt4n
npm/loose-envify@1.4.0	environment	`0`	5.81 kB	zertosh
npm/merkle-patricia-tree@2.3.2	Transitive: environment	`+30`	2.94 MB	holgerd77
npm/mime-types@2.1.35	None	`+1`	224 kB	dougwilson
npm/minimist@1.2.7	None	`0`	50.7 kB	ljharb
npm/nan@2.17.0	None	`0`	424 kB	kkoopa
npm/next@13.1.6	environment, filesystem, network, shell, unsafe	`+20`	1.19 GB	vercel-release-bot
npm/node-fetch@2.6.7	network	`0`	152 kB	endless
npm/node-gyp-build@4.5.0	environment, filesystem	`0`	12.9 kB	vweevers
npm/node-releases@2.0.14	None	`0`	34 kB	chicoxyzzy
npm/p-limit@2.3.0	None	`+1`	11.8 kB	sindresorhus
npm/parse-asn1@5.1.6	None	`+1`	62.9 kB	cwmma
npm/pbkdf2@3.1.2	None	`0`	13.8 kB	cwmma
npm/prop-types@15.8.1	environment	`+1`	118 kB	ljharb
npm/protobufjs@6.11.4	filesystem, network	`+11`	15 MB	google-wombot
npm/randombytes@2.1.0	None	`0`	6.36 kB	cwmma
npm/react-dom@18.2.0	environment	`+1`	4.6 MB	gnoff
npm/react@18.2.0	environment	`0`	316 kB	gnoff
npm/readable-stream@3.6.0	environment	`+1`	137 kB	matteo.collina
npm/ripemd160@2.0.2	None	`+1`	15.9 kB	dcousens
npm/ripple-address-codec@4.2.5	None	`0`	49.2 kB	jst5000
npm/rlp@2.2.7	None	`0`	62.9 kB	ralxz
npm/safe-buffer@5.2.1	None	`0`	32.1 kB	feross
npm/safer-buffer@2.1.2	None	`0`	42.3 kB	chalker
npm/sdp@2.12.0	None	`0`	98.8 kB	fippo
npm/secp256k1@4.0.3	None	`+1`	2.69 MB	fanatid
npm/semaphore@1.1.0	None	`0`	8.13 kB	addaleax
npm/semver@6.3.0	None	`0`	67.1 kB	isaacs
npm/sha.js@2.4.11	None	`0`	31.1 kB	dcousens
npm/string-width@4.2.3	None	`+2`	58.4 kB	sindresorhus
npm/strip-ansi@6.0.1	None	`+1`	9.64 kB	sindresorhus
npm/through2@2.0.5	None	`+2`	17.8 kB	rvagg

🚮 Removed packages: npm/@babel/core@7.23.2, npm/@babel/parser@7.23.0, npm/@babel/plugin-syntax-jsx@7.22.5, npm/@babel/types@7.23.0, npm/@jridgewell/gen-mapping@0.3.3, npm/@jridgewell/trace-mapping@0.3.19, npm/@nodelib/fs.stat@2.0.5, npm/@solid-primitives/event-listener@2.3.0, npm/@solid-primitives/rootless@1.4.2, npm/@solid-primitives/utils@6.2.1, npm/@web3-onboard/core@2.21.3, npm/bignumber.js@9.1.2, npm/braces@3.0.2, npm/glob-parent@5.1.2, npm/is-glob@4.0.3, npm/merge2@1.4.1, npm/normalize-path@3.0.0, npm/path-key@3.1.1, npm/picomatch@2.3.1, npm/solid-devtools@0.27.7, npm/solid-js@1.8.1, npm/tsup-preset-solid@2.1.0, npm/tsup@7.2.0, npm/typescript@5.2.2

View full report↗︎

socket-security[bot] commented 4 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Telemetry	npm/next@13.1.6	Note: Can be disabled by setting the environment variable NEXT_TELEMETRY_DISABLED=1 . See https://nextjs.org/telemetry for more information	`examples/with-nextjs-13/package.json`

View full report↗︎

Next steps

What is telemetry?

This package contains telemetry which tracks how it is used.

Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/next@13.1.6

blocknative / web3-onboard