renovate[bot]
commented
8 months ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: yarn.lock
Type Error: URL.canParse is not a function
at parseSpec (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:23359:21)
at loadSpec (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:23422:11)
at async Engine.findProjectSpec (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:23606:22)
at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:23660:20)
at async BinaryCommand.validateAndExecute (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:21164:22)
at async _Cli.run (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:22139:18)
at async Object.runMain (/opt/containerbase/tools/corepack/0.26.0/18.14.2/node_modules/corepack/dist/lib/corepack.cjs:24371:12)
changeset-bot[bot]
socket-security[bot]
This PR contains the following updates:
1.10.0->4.2.1web3-utils Prototype Pollution vulnerability
CVE-2024-21505 / GHSA-87qp-7cw8-8q9c
More information
#### Details Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21505](https://nvd.nist.gov/vuln/detail/CVE-2024-21505) - [https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80](https://togithub.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80) - [https://github.com/web3/web3.js](https://togithub.com/web3/web3.js) - [https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337](https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-87qp-7cw8-8q9c) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Release Notes
ChainSafe/web3.js (web3-utils)
### [`v4.2.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#421) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.2.0...v4.2.1) ##### Fixed ##### web3-eth-abi - Bug fix of `ERR_UNSUPPORTED_DIR_IMPORT` in ABI ([#6535](https://togithub.com/ChainSafe/web3.js/issues/6535)) ##### Changed ##### web3-eth-contract - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-personal - Dependencies updated ### [`v4.2.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#420) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.1.1...v4.2.0) ##### Added ##### web3 - Various web3 sub packages has new functions details are in root changelog ##### web3-eth - Added `ALL_EVENTS` and `ALL_EVENTS_ABI` constants, `SendTransactionEventsBase` type, `decodeEventABI` method ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-eth-accounts - Added public function `privateKeyToPublicKey` - Added exporting `BaseTransaction` from the package ([#6493](https://togithub.com/ChainSafe/web3.js/issues/6493)) - Added exporting `txUtils` from the package ([#6493](https://togithub.com/ChainSafe/web3.js/issues/6493)) ##### web3-types - Interface `EventLog` was added. ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-utils - As a replacment of the node EventEmitter, a custom `EventEmitter` has been implemented and exported. ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### Fixed ##### web3-core - Fix the issue: "Uncaught TypeError: Class extends value undefined is not a constructor or null [#6371](https://togithub.com/ChainSafe/web3.js/issues/6371)". ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### web3-errors - Added new SchemaFormatError ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) ##### web3-eth - Ensure provider.supportsSubscriptions exists before watching by subscription ([#6440](https://togithub.com/ChainSafe/web3.js/issues/6440)) - Fixed param sent to `checkRevertBeforeSending` in `sendSignedTransaction` - Fixed `defaultTransactionBuilder` for value issue ([#6509](https://togithub.com/ChainSafe/web3.js/issues/6509)) ##### web3-eth-abi - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) ##### web3-eth-accounts - Fixed `recover` function, `v` will be normalized to value 0,1 ([#6344](https://togithub.com/ChainSafe/web3.js/issues/6344)) ##### web3-providers-http - Fix issue [lquixada/cross-fetch#78](https://togithub.com/lquixada/cross-fetch/issues/78), enabling to run web3.js in service worker ([#6463](https://togithub.com/ChainSafe/web3.js/issues/6463)) ##### web3-providers-ipc - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-providers-ws - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-utils - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-validator - Multi-dimensional arrays are now handled properly when parsing ABIs ([#6435](https://togithub.com/ChainSafe/web3.js/issues/6435)) - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) - Validator will now properly handle all valid numeric type sizes: intN / uintN where 8 <= N <= 256 and N % 8 == 0 ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) - Will now throw SchemaFormatError when unsupported format is passed to `convertToZod` method ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) ##### Changed ##### web3 - Dependencies updated ##### web3-core - defaultTransactionType is now type 0x2 instead of 0x0 ([#6282](https://togithub.com/ChainSafe/web3.js/issues/6282)) - Allows formatter to parse large base fee ([#6456](https://togithub.com/ChainSafe/web3.js/issues/6456)) - The package now uses `EventEmitter` from `web3-utils` that works in node envrioment as well as in the browser. ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### web3-eth - Transactions will now default to type 2 transactions instead of type 0, similar to 1.x version. ([#6282](https://togithub.com/ChainSafe/web3.js/issues/6282)) ##### web3-eth-contract - The `events` property was added to the `receipt` object ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Bump cross-fetch to version 4 ([#6463](https://togithub.com/ChainSafe/web3.js/issues/6463)). ##### web3-rpc-methods - Dependencies updated ### [`v4.1.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#411) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.1.0...v4.1.1) ##### Added ##### web3 - To fix issue [#6190](https://togithub.com/ChainSafe/web3.js/issues/6190), added the functionality to introduce different timeout value for Web3. ([#6336](https://togithub.com/ChainSafe/web3.js/issues/6336)) ##### web3-core - To fix issue [#6190](https://togithub.com/ChainSafe/web3.js/issues/6190), added the functionality to introduce different timeout value for Web3. ([#6336](https://togithub.com/ChainSafe/web3.js/issues/6336)) ##### web3-eth-contract - In case of error events there will be inner error also available for details ##### Fixed ##### web3-eth - Added return type for `formatSubscriptionResult` in class `NewHeadsSubscription` ([#6368](https://togithub.com/ChainSafe/web3.js/issues/6368)) ##### web3-core - Fixed rpc errors not being sent as an inner error when using the `send` method on request manager ([#6300](https://togithub.com/ChainSafe/web3.js/issues/6300)). ##### web3-errors - ESM import bug ([#6359](https://togithub.com/ChainSafe/web3.js/issues/6359)) ##### web3-eth-contract - Fixed bug in `contract.events.allEvents` ##### web3-validator - ESM import bug ([#6359](https://togithub.com/ChainSafe/web3.js/issues/6359)) ##### Changed ##### web3-eth-abi - Dependencies updated ##### web3-eth-accounts - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-providers-ws - Dependencies updated ##### web3-rpc-methods - Dependencies updated ##### web3-types - Dependencies updated ##### web3-utils - Dependencies updated ### [`v4.1.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#410) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/c8799b074e7abf86b4b03a163aa9183250ad7228...v4.1.0) ##### Added ##### web3 - Added minimum support of web3.extend function ##### web3-core - Added minimum support of web3.extend function ##### web3-errors - `RpcErrorMessages` that contains mapping for standard RPC Errors and their messages. ([#6230](https://togithub.com/ChainSafe/web3.js/issues/6230)) - created `TransactionGasMismatchInnerError` for clarity on the error in `TransactionGasMismatchError` ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) - created `MissingGasInnerError` for clarity on the error in `MissingGasError` ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) ##### web3-eth - A `rpc_method_wrapper` (`signTypedData`) for the rpc calls `eth_signTypedData` and `eth_signTypedData_v4` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) - A `signTypedData` method to the `Web3Eth` class ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-eth-abi - A `getEncodedEip712Data` method that takes an EIP-712 typed data object and returns the encoded data with the option to also keccak256 hash it ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-rpc-methods - A `signTypedData` method to `eth_rpc_methods` for the rpc calls `eth_signTypedData` and `eth_signTypedData_v4` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-types - `eth_signTypedData` and `eth_signTypedData_v4` to `web3_eth_execution_api` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) - `Eip712TypeDetails` and `Eip712TypedData` to `eth_types` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-validator - Added `json-schema` as a main json schema type ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### Fixed ##### web3-core - Fixed the issue: "Version 4.x does not fire connected event for subscriptions. [#6252](https://togithub.com/ChainSafe/web3.js/issues/6252)". ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) ##### web3-errors - Fixed: "'disconnect' in Eip1193 provider must emit ProviderRpcError [#6003](https://togithub.com/ChainSafe/web3.js/issues/6003)".([#6230](https://togithub.com/ChainSafe/web3.js/issues/6230)) ##### web3-eth - sendTransaction will have gas filled by default using method `estimateGas` unless transaction builder `options.fillGas` is false. ([#6249](https://togithub.com/ChainSafe/web3.js/issues/6249)) - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) ##### web3-providers-ws - Ensure a fixed version for "[@types/ws](https://togithub.com/types/ws)": "8.5.3" ([#6309](https://togithub.com/ChainSafe/web3.js/issues/6309)) ##### Changed ##### web3-core - No need to pass `CommonSubscriptionEvents &` at every child class of `Web3Subscription` ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - Implementation of `_processSubscriptionResult` and `_processSubscriptionError` has been written in the base class `Web3Subscription` and maid `public`. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - A new optional protected method `formatSubscriptionResult` could be used to customize data formatting instead of re-implementing `_processSubscriptionResult`. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - No more needed to pass ` CommonSubscriptionEvents & ` for the first generic parameter of `Web3Subscription` when inheriting from it. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) ##### web3-eth - `MissingGasError` error message changed for clarity ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) - `input` and `data` are no longer auto populated for transaction objects if they are not present. Instead, whichever property is provided by the user is formatted and sent to the RPC provider. Transaction objects returned from RPC responses are still formatted to contain both `input` and `data` properties ([#6294](https://togithub.com/ChainSafe/web3.js/issues/6294)) ##### web3-eth-accounts - Dependencies updated ##### web3-eth-contract - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-types - `input` and `data` are now optional properties on `PopulatedUnsignedBaseTransaction` (previously `input` was a required property, and `data` was not available) ([#6294](https://togithub.com/ChainSafe/web3.js/issues/6294)) ##### web3-utils - Dependencies updated ##### web3-validator - Replace `is-my-json-valid` with `zod` dependency. Related code was changed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) - Types `ValidationError` and `JsonSchema` were changed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### Removed ##### web3-eth - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) - Type `RawValidationError` was removed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### web3-validator - Type `RawValidationError` was removed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ### [`v4.0.7`](https://togithub.com/ChainSafe/web3.js/compare/2543fd184bc354f3fdb61bb021c41311f03b683f...c8799b074e7abf86b4b03a163aa9183250ad7228) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/2543fd184bc354f3fdb61bb021c41311f03b683f...c8799b074e7abf86b4b03a163aa9183250ad7228) ### [`v4.0.6`](https://togithub.com/ChainSafe/web3.js/compare/f2665c78629bc4b6a13bfb02923f8f48dd2d8a83...2543fd184bc354f3fdb61bb021c41311f03b683f) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/f2665c78629bc4b6a13bfb02923f8f48dd2d8a83...2543fd184bc354f3fdb61bb021c41311f03b683f) ### [`v4.0.5`](https://togithub.com/ChainSafe/web3.js/compare/af3bad15061c7615f7e2ce75509acf624c9d567b...f2665c78629bc4b6a13bfb02923f8f48dd2d8a83) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/af3bad15061c7615f7e2ce75509acf624c9d567b...f2665c78629bc4b6a13bfb02923f8f48dd2d8a83) ### [`v4.0.4`](https://togithub.com/ChainSafe/web3.js/compare/v4.0.3...af3bad15061c7615f7e2ce75509acf624c9d567b) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.3...af3bad15061c7615f7e2ce75509acf624c9d567b) ### [`v4.0.3`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#403) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.2...v4.0.3) ##### Fixed ##### web3 - Fixed bug [#6236](https://togithub.com/ChainSafe/web3.js/issues/6236) by adding personal type in web3.eth ([#6245](https://togithub.com/ChainSafe/web3.js/issues/6245)) ##### web3-rpc-methods - Rpc method `getPastLogs` accept blockHash as a parameter https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_getlogs ([#6181](https://togithub.com/ChainSafe/web3.js/issues/6181)) ##### web3-types - type `Filter` includes `blockHash` ([#6206](https://togithub.com/ChainSafe/web3.js/issues/6206)) ##### web3-utils - BigInts pass validation within the method `numberToHex` ([#6206](https://togithub.com/ChainSafe/web3.js/issues/6206)) ##### Changed ##### web3-core - Dependencies updated ##### web3-errors - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-abi - Dependencies updated ##### web3-eth-accounts - Dependencies updated ##### web3-eth-contract - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-providers-ws - Dependencies updated ##### web3-validator - Dependencies updated ### [`v4.0.2`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#402) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.1...v4.0.2) ##### Fixed ##### web3 - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) - Fixed [#6162](https://togithub.com/ChainSafe/web3.js/issues/6162) [@types/ws](https://togithub.com/types/ws) issue ([#6205](https://togithub.com/ChainSafe/web3.js/issues/6205)) ##### web3-core - Fixed Batch requests erroring out on one request ([#6164](https://togithub.com/ChainSafe/web3.js/issues/6164)) - Fixed the issue: Subscribing to multiple blockchain events causes every listener to be fired for every registered event ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Fixed the issue: Unsubscribe at a Web3Subscription class will still have the id of the subscription at the Web3SubscriptionManager ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Fixed the issue: A call to the provider is made for every subscription object ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-eth-abi - Support for "decoding" indexed string event arguments (returns the keccak256 hash of the string value instead of the actual string value) ([#6167](https://togithub.com/ChainSafe/web3.js/issues/6167)) ##### web3-eth-accounts - Fixed "The `r` and `s` returned by `signTransaction` to does not always consist of 64 characters [#6207](https://togithub.com/ChainSafe/web3.js/issues/6207)" ([#6216](https://togithub.com/ChainSafe/web3.js/issues/6216)) ##### web3-eth-contract - Event filtering using non-indexed and indexed string event arguments ([#6167](https://togithub.com/ChainSafe/web3.js/issues/6167)) ##### web3-eth-ens - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) ##### web3-providers-ws - Fixed [#6162](https://togithub.com/ChainSafe/web3.js/issues/6162) [@types/ws](https://togithub.com/types/ws) issue ([#6205](https://togithub.com/ChainSafe/web3.js/issues/6205)) ##### web3-types - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) ##### Added ##### web3 - Exported `Web3Context`, `Web3PluginBase`, `Web3EthPluginBase` from `'web3-core'`, and `Web3Validator` from `'web3-validator'` ([#6165](https://togithub.com/ChainSafe/web3.js/issues/6165)) ##### web3-core - Web3Subscription constructor accept a Subscription Manager (as an alternative to accepting Request Manager that is now marked marked as deprecated) ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-types - Added the `SimpleProvider` interface which has only `request(args)` method that is compatible with EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Added the `Eip1193EventName` type that contains the possible events names according to EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### Changed ##### web3-core - Web3Subscription constructor overloading that accept a Request Manager is marked as deprecated ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-errors - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-rpc-methods - Dependencies updated ##### web3-types - The `EIP1193Provider` class has now all the events (for `on` and `removeListener`) according to EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-utils - Dependencies updated ##### web3-validator - Dependencies updated ### [`v4.0.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#401-alpha0) ##### Fixed - Dependency tree cannot be resolved by Yarn due to old deprecated packages picked by yarn - fixed ([#5382](https://togithub.com/ChainSafe/web3.js/issues/5382)) ### [`v4.0.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#400-alpha0) Note: Yarn is resolving to some old deprecated package versions for 4.0.0-alpha.0 instead of latest alpha versions. A patch bump is posted so yarn users should use 4.0.1-alpha.0 for testing. ##### Added ##### web3-errors - `web3-errors` new package is created, it has Web3 Error codes and classes ##### web3-types - `web3-types` new package is created, it provides the common data structures and interfaces for web3 modules ##### web3-validator - `web3-validator` new package is created, it has JSON-Schema compatible validator functionality for Web3 ##### Removed ##### web3-bzz - This Package is deprecated ##### web3-shh - This Package is deprecated ##### web3-core-helpers - This Package is removed, `errors` are moved to `web3-errors` package and formatters are moved in `web3-core` package ##### web3-core-method - This Package is removed, and `web3-core-method` functionality is moved to `web3-eth` package ##### web3-core-promieevent - This Package is removed, and core promi events functionality is moved to `web3-core` package ##### web3-core-requestmanager - This Package is removed, batch requests and request manager functionality is moved to `web3-core` package ##### web3-core-subscription - This Package is removed, and core subscription functionality is moved to `web3-core` package ##### Changed ##### web3 - Passing callbacks to functions is no longer supported, except for event listeners. - Method `extend` is deprecated ##### web3-core - The function `outputBigNumberFormatter` in `web3-core-helper` renamed to `outputBigIntFormatter` under `web3-core` - Removed `this.defaultBlock` context from `inputDefaultBlockNumberFormatter` in `web3-core-helper` and converted to additional parameter - Removed `this.defaultBlock` context from `inputTransactionFormatter` in `web3-core-helper` and converted to additional parameter ##### web3-utils - The following functions `soliditySha3` `soliditySha3Raw` `encodePacked` now includes type validation and requires type specification, instead of guessing the value type - The functions `soliditySha3`, `soliditySha3Raw` and `encodePacked` did not support BN; But, now supports `BigInt` - The functions `flattenTypes` and `jsonInterfaceMethodToString` moved to the `web3-eth-abi` package - The function `isAddress` now includes an optional parameter `checkChecksum` type boolean - `isBoolean` now accept `1`, and `0` as valid values to test. Ref: `web3-validator` ##### web3-eth-accounts - `create` function does not take in the optional parameter `entropy` - `Wallet.create` function doesn't accept `entropy` param ##### web3-validator - `isBoolean` now accept `1`, and `0` as valid values to test. ##### web3-eth-contract - Event logs do not support types for indexed properties, but named properties are supported. - Types for overloaded ABI functions are not yet supported. - `signTransaction` will not fill any default values, and it will only sign and return result. For filling default values, use `web3-eth` package - `recover` function's last param is boolean `hashed`, it is used to indicate if data provided is already hashed or not. By default, this function will assume data is not hashed. - The `Wallet` no longer supports address/number indexing. Have to use `wallet.get` instead. - `Wallet.create` function doesn't accept `entropy` param - `contract.method.send()` will resolve to transaction receipt instead of `transactionHash`. User can use `receipt.transactionHash` instead. ##### web3-net - Package will not support web3.bzz.net and web3.shh.net ##### web3-eth-iban - IBAN constructor now has validation checks for indirect/direct iban. - `isDirect`, `isValid`, `isIndirect` are now also included as static methods. ##### web3-eth-ens - `setMultihash` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver (https://github.com/ensdomains/resolvers/blob/master/contracts/PublicResolver.sol) - `setContent` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver (https://github.com/ensdomains/resolvers/blob/master/contracts/PublicResolver.sol) - `getContent` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver. - `getMultihash` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver. ##### web3-eth-abi - `internalType` was renamed to `baseType` in all abi types ##### web3-eth - `givenProvider` default value is undefined - `defaultHardfork` default value is 'london' - `defaultAccount` default value is undefined - `defaultNetworkId` default value is undefined - When sending a transaction, if Ethereum Node does not respond within `transactionSendTimeout`, throw an Error. ##### web3-eth-subscribe - `clearSubscriptions` Instead of returning `true` , `clearSubscriptions` now returns array of subscription's ids ##### web3-eth-personal - `givenProvider` default value is undefined - `currentProvider` default value is undefined ### [`v1.10.4`](https://togithub.com/web3/web3.js/releases/tag/v1.10.4) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.3...v1.10.4) ##### Security - Updated dependencies ([#6731](https://togithub.com/ChainSafe/web3.js/issues/6731)) *** ##### Maintenance Countdown: Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase. ##### Timeline of Changes: 90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the [upgrade to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) ##### No New Bug Fixes (4/1/24 onwards): Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend [upgrading to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) ##### End of Security Fixes (7/1/24): Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. [Upgrading to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) is crucial to ensure the security of your applications. ### [`v1.10.3`](https://togithub.com/web3/web3.js/releases/tag/v1.10.3) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.2...v1.10.3) ##### Security - `web3-eth-accounts`: Bumped `@ethereumjs` dependencies ([#6457](https://togithub.com/ChainSafe/web3.js/issues/6457)) - Updated dependencies ([#6491](https://togithub.com/ChainSafe/web3.js/issues/6491)) ### [`v1.10.2`](https://togithub.com/web3/web3.js/releases/tag/v1.10.2) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.1...v1.10.2) ##### Fixed - Fixed broken fetch for Node.js > 18.x and fixed double callback ([#6381](https://togithub.com/ChainSafe/web3.js/issues/6381)) ### [`v1.10.1`](https://togithub.com/web3/web3.js/releases/tag/v1.10.1) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.0...v1.10.1) ##### Fixed - Builds fixed by updating all typescript versions to 4.9.5 ([#6238](https://togithub.com/ChainSafe/web3.js/issues/6238)) - ABI encoding for large negative `int`s ([#6239](https://togithub.com/ChainSafe/web3.js/issues/6239)) - Updated type file for `submitWork` parameters, accepts 3 parameters instead of an array ([#5200](https://togithub.com/ChainSafe/web3.js/issues/5200)) ##### Changed - Replace ethereumjs-util with [@ethereumjs/util](https://togithub.com/ethereumjs/util) ([#6283](https://togithub.com/ChainSafe/web3.js/issues/6283))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.