socket-security[bot]
commented
3 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@noble/curves@1.3.0 | None | +1 |
2.15 MB | paulmillr |
| npm/web3-types@1.5.0 | None | 0 |
296 kB | jdevcs |
| npm/web3-utils@4.2.1 | Transitive: environment, eval | +14 |
3.33 MB | jdevcs |
🚮 Removed packages: npm/web3-utils@1.7.0
This PR contains the following updates:
^1.3.0->^4.0.0web3-utils Prototype Pollution vulnerability
CVE-2024-21505 / GHSA-87qp-7cw8-8q9c
More information
#### Details Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21505](https://nvd.nist.gov/vuln/detail/CVE-2024-21505) - [https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80](https://togithub.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80) - [https://github.com/web3/web3.js](https://togithub.com/web3/web3.js) - [https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337](https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-87qp-7cw8-8q9c) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Release Notes
ChainSafe/web3.js (web3-utils)
### [`v4.2.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#421) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.2.0...v4.2.1) ##### Fixed ##### web3-eth-abi - Bug fix of `ERR_UNSUPPORTED_DIR_IMPORT` in ABI ([#6535](https://togithub.com/ChainSafe/web3.js/issues/6535)) ##### Changed ##### web3-eth-contract - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-personal - Dependencies updated ### [`v4.2.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#420) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.1.1...v4.2.0) ##### Added ##### web3 - Various web3 sub packages has new functions details are in root changelog ##### web3-eth - Added `ALL_EVENTS` and `ALL_EVENTS_ABI` constants, `SendTransactionEventsBase` type, `decodeEventABI` method ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-eth-accounts - Added public function `privateKeyToPublicKey` - Added exporting `BaseTransaction` from the package ([#6493](https://togithub.com/ChainSafe/web3.js/issues/6493)) - Added exporting `txUtils` from the package ([#6493](https://togithub.com/ChainSafe/web3.js/issues/6493)) ##### web3-types - Interface `EventLog` was added. ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-utils - As a replacment of the node EventEmitter, a custom `EventEmitter` has been implemented and exported. ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### Fixed ##### web3-core - Fix the issue: "Uncaught TypeError: Class extends value undefined is not a constructor or null [#6371](https://togithub.com/ChainSafe/web3.js/issues/6371)". ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### web3-errors - Added new SchemaFormatError ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) ##### web3-eth - Ensure provider.supportsSubscriptions exists before watching by subscription ([#6440](https://togithub.com/ChainSafe/web3.js/issues/6440)) - Fixed param sent to `checkRevertBeforeSending` in `sendSignedTransaction` - Fixed `defaultTransactionBuilder` for value issue ([#6509](https://togithub.com/ChainSafe/web3.js/issues/6509)) ##### web3-eth-abi - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) ##### web3-eth-accounts - Fixed `recover` function, `v` will be normalized to value 0,1 ([#6344](https://togithub.com/ChainSafe/web3.js/issues/6344)) ##### web3-providers-http - Fix issue [lquixada/cross-fetch#78](https://togithub.com/lquixada/cross-fetch/issues/78), enabling to run web3.js in service worker ([#6463](https://togithub.com/ChainSafe/web3.js/issues/6463)) ##### web3-providers-ipc - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-providers-ws - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-utils - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) - Fixed bug in chunks processing logic ([#6496](https://togithub.com/ChainSafe/web3.js/issues/6496)) ##### web3-validator - Multi-dimensional arrays are now handled properly when parsing ABIs ([#6435](https://togithub.com/ChainSafe/web3.js/issues/6435)) - Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number [#6187](https://togithub.com/ChainSafe/web3.js/issues/6187)" ([#6506](https://togithub.com/ChainSafe/web3.js/issues/6506)) - Validator will now properly handle all valid numeric type sizes: intN / uintN where 8 <= N <= 256 and N % 8 == 0 ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) - Will now throw SchemaFormatError when unsupported format is passed to `convertToZod` method ([#6434](https://togithub.com/ChainSafe/web3.js/issues/6434)) ##### Changed ##### web3 - Dependencies updated ##### web3-core - defaultTransactionType is now type 0x2 instead of 0x0 ([#6282](https://togithub.com/ChainSafe/web3.js/issues/6282)) - Allows formatter to parse large base fee ([#6456](https://togithub.com/ChainSafe/web3.js/issues/6456)) - The package now uses `EventEmitter` from `web3-utils` that works in node envrioment as well as in the browser. ([#6398](https://togithub.com/ChainSafe/web3.js/issues/6398)) ##### web3-eth - Transactions will now default to type 2 transactions instead of type 0, similar to 1.x version. ([#6282](https://togithub.com/ChainSafe/web3.js/issues/6282)) ##### web3-eth-contract - The `events` property was added to the `receipt` object ([#6410](https://togithub.com/ChainSafe/web3.js/issues/6410)) ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Bump cross-fetch to version 4 ([#6463](https://togithub.com/ChainSafe/web3.js/issues/6463)). ##### web3-rpc-methods - Dependencies updated ### [`v4.1.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#411) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.1.0...v4.1.1) ##### Added ##### web3 - To fix issue [#6190](https://togithub.com/ChainSafe/web3.js/issues/6190), added the functionality to introduce different timeout value for Web3. ([#6336](https://togithub.com/ChainSafe/web3.js/issues/6336)) ##### web3-core - To fix issue [#6190](https://togithub.com/ChainSafe/web3.js/issues/6190), added the functionality to introduce different timeout value for Web3. ([#6336](https://togithub.com/ChainSafe/web3.js/issues/6336)) ##### web3-eth-contract - In case of error events there will be inner error also available for details ##### Fixed ##### web3-eth - Added return type for `formatSubscriptionResult` in class `NewHeadsSubscription` ([#6368](https://togithub.com/ChainSafe/web3.js/issues/6368)) ##### web3-core - Fixed rpc errors not being sent as an inner error when using the `send` method on request manager ([#6300](https://togithub.com/ChainSafe/web3.js/issues/6300)). ##### web3-errors - ESM import bug ([#6359](https://togithub.com/ChainSafe/web3.js/issues/6359)) ##### web3-eth-contract - Fixed bug in `contract.events.allEvents` ##### web3-validator - ESM import bug ([#6359](https://togithub.com/ChainSafe/web3.js/issues/6359)) ##### Changed ##### web3-eth-abi - Dependencies updated ##### web3-eth-accounts - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-providers-ws - Dependencies updated ##### web3-rpc-methods - Dependencies updated ##### web3-types - Dependencies updated ##### web3-utils - Dependencies updated ### [`v4.1.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#410) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/c8799b074e7abf86b4b03a163aa9183250ad7228...v4.1.0) ##### Added ##### web3 - Added minimum support of web3.extend function ##### web3-core - Added minimum support of web3.extend function ##### web3-errors - `RpcErrorMessages` that contains mapping for standard RPC Errors and their messages. ([#6230](https://togithub.com/ChainSafe/web3.js/issues/6230)) - created `TransactionGasMismatchInnerError` for clarity on the error in `TransactionGasMismatchError` ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) - created `MissingGasInnerError` for clarity on the error in `MissingGasError` ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) ##### web3-eth - A `rpc_method_wrapper` (`signTypedData`) for the rpc calls `eth_signTypedData` and `eth_signTypedData_v4` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) - A `signTypedData` method to the `Web3Eth` class ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-eth-abi - A `getEncodedEip712Data` method that takes an EIP-712 typed data object and returns the encoded data with the option to also keccak256 hash it ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-rpc-methods - A `signTypedData` method to `eth_rpc_methods` for the rpc calls `eth_signTypedData` and `eth_signTypedData_v4` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-types - `eth_signTypedData` and `eth_signTypedData_v4` to `web3_eth_execution_api` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) - `Eip712TypeDetails` and `Eip712TypedData` to `eth_types` ([#6286](https://togithub.com/ChainSafe/web3.js/issues/6286)) ##### web3-validator - Added `json-schema` as a main json schema type ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### Fixed ##### web3-core - Fixed the issue: "Version 4.x does not fire connected event for subscriptions. [#6252](https://togithub.com/ChainSafe/web3.js/issues/6252)". ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) ##### web3-errors - Fixed: "'disconnect' in Eip1193 provider must emit ProviderRpcError [#6003](https://togithub.com/ChainSafe/web3.js/issues/6003)".([#6230](https://togithub.com/ChainSafe/web3.js/issues/6230)) ##### web3-eth - sendTransaction will have gas filled by default using method `estimateGas` unless transaction builder `options.fillGas` is false. ([#6249](https://togithub.com/ChainSafe/web3.js/issues/6249)) - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) ##### web3-providers-ws - Ensure a fixed version for "[@types/ws](https://togithub.com/types/ws)": "8.5.3" ([#6309](https://togithub.com/ChainSafe/web3.js/issues/6309)) ##### Changed ##### web3-core - No need to pass `CommonSubscriptionEvents &` at every child class of `Web3Subscription` ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - Implementation of `_processSubscriptionResult` and `_processSubscriptionError` has been written in the base class `Web3Subscription` and maid `public`. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - A new optional protected method `formatSubscriptionResult` could be used to customize data formatting instead of re-implementing `_processSubscriptionResult`. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) - No more needed to pass ` CommonSubscriptionEvents & ` for the first generic parameter of `Web3Subscription` when inheriting from it. ([#6262](https://togithub.com/ChainSafe/web3.js/issues/6262)) ##### web3-eth - `MissingGasError` error message changed for clarity ([#6215](https://togithub.com/ChainSafe/web3.js/issues/6215)) - `input` and `data` are no longer auto populated for transaction objects if they are not present. Instead, whichever property is provided by the user is formatted and sent to the RPC provider. Transaction objects returned from RPC responses are still formatted to contain both `input` and `data` properties ([#6294](https://togithub.com/ChainSafe/web3.js/issues/6294)) ##### web3-eth-accounts - Dependencies updated ##### web3-eth-contract - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-types - `input` and `data` are now optional properties on `PopulatedUnsignedBaseTransaction` (previously `input` was a required property, and `data` was not available) ([#6294](https://togithub.com/ChainSafe/web3.js/issues/6294)) ##### web3-utils - Dependencies updated ##### web3-validator - Replace `is-my-json-valid` with `zod` dependency. Related code was changed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) - Types `ValidationError` and `JsonSchema` were changed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### Removed ##### web3-eth - Missing `blockHeaderSchema` properties causing some properties to not appear in response of `newHeads` subscription ([#6243](https://togithub.com/ChainSafe/web3.js/issues/6243)) - Type `RawValidationError` was removed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ##### web3-validator - Type `RawValidationError` was removed ([#6264](https://togithub.com/ChainSafe/web3.js/issues/6264)) ### [`v4.0.7`](https://togithub.com/ChainSafe/web3.js/compare/2543fd184bc354f3fdb61bb021c41311f03b683f...c8799b074e7abf86b4b03a163aa9183250ad7228) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/2543fd184bc354f3fdb61bb021c41311f03b683f...c8799b074e7abf86b4b03a163aa9183250ad7228) ### [`v4.0.6`](https://togithub.com/ChainSafe/web3.js/compare/f2665c78629bc4b6a13bfb02923f8f48dd2d8a83...2543fd184bc354f3fdb61bb021c41311f03b683f) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/f2665c78629bc4b6a13bfb02923f8f48dd2d8a83...2543fd184bc354f3fdb61bb021c41311f03b683f) ### [`v4.0.5`](https://togithub.com/ChainSafe/web3.js/compare/af3bad15061c7615f7e2ce75509acf624c9d567b...f2665c78629bc4b6a13bfb02923f8f48dd2d8a83) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/af3bad15061c7615f7e2ce75509acf624c9d567b...f2665c78629bc4b6a13bfb02923f8f48dd2d8a83) ### [`v4.0.4`](https://togithub.com/ChainSafe/web3.js/compare/v4.0.3...af3bad15061c7615f7e2ce75509acf624c9d567b) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.3...af3bad15061c7615f7e2ce75509acf624c9d567b) ### [`v4.0.3`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#403) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.2...v4.0.3) ##### Fixed ##### web3 - Fixed bug [#6236](https://togithub.com/ChainSafe/web3.js/issues/6236) by adding personal type in web3.eth ([#6245](https://togithub.com/ChainSafe/web3.js/issues/6245)) ##### web3-rpc-methods - Rpc method `getPastLogs` accept blockHash as a parameter https://ethereum.org/en/developers/docs/apis/json-rpc/#eth_getlogs ([#6181](https://togithub.com/ChainSafe/web3.js/issues/6181)) ##### web3-types - type `Filter` includes `blockHash` ([#6206](https://togithub.com/ChainSafe/web3.js/issues/6206)) ##### web3-utils - BigInts pass validation within the method `numberToHex` ([#6206](https://togithub.com/ChainSafe/web3.js/issues/6206)) ##### Changed ##### web3-core - Dependencies updated ##### web3-errors - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-abi - Dependencies updated ##### web3-eth-accounts - Dependencies updated ##### web3-eth-contract - Dependencies updated ##### web3-eth-ens - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-providers-ws - Dependencies updated ##### web3-validator - Dependencies updated ### [`v4.0.2`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#402) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v4.0.1...v4.0.2) ##### Fixed ##### web3 - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) - Fixed [#6162](https://togithub.com/ChainSafe/web3.js/issues/6162) [@types/ws](https://togithub.com/types/ws) issue ([#6205](https://togithub.com/ChainSafe/web3.js/issues/6205)) ##### web3-core - Fixed Batch requests erroring out on one request ([#6164](https://togithub.com/ChainSafe/web3.js/issues/6164)) - Fixed the issue: Subscribing to multiple blockchain events causes every listener to be fired for every registered event ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Fixed the issue: Unsubscribe at a Web3Subscription class will still have the id of the subscription at the Web3SubscriptionManager ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Fixed the issue: A call to the provider is made for every subscription object ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-eth-abi - Support for "decoding" indexed string event arguments (returns the keccak256 hash of the string value instead of the actual string value) ([#6167](https://togithub.com/ChainSafe/web3.js/issues/6167)) ##### web3-eth-accounts - Fixed "The `r` and `s` returned by `signTransaction` to does not always consist of 64 characters [#6207](https://togithub.com/ChainSafe/web3.js/issues/6207)" ([#6216](https://togithub.com/ChainSafe/web3.js/issues/6216)) ##### web3-eth-contract - Event filtering using non-indexed and indexed string event arguments ([#6167](https://togithub.com/ChainSafe/web3.js/issues/6167)) ##### web3-eth-ens - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) ##### web3-providers-ws - Fixed [#6162](https://togithub.com/ChainSafe/web3.js/issues/6162) [@types/ws](https://togithub.com/types/ws) issue ([#6205](https://togithub.com/ChainSafe/web3.js/issues/6205)) ##### web3-types - Fixed bug [#6185](https://togithub.com/ChainSafe/web3.js/issues/6185), now web3.js compiles on typescript v5 ([#6195](https://togithub.com/ChainSafe/web3.js/issues/6195)) ##### Added ##### web3 - Exported `Web3Context`, `Web3PluginBase`, `Web3EthPluginBase` from `'web3-core'`, and `Web3Validator` from `'web3-validator'` ([#6165](https://togithub.com/ChainSafe/web3.js/issues/6165)) ##### web3-core - Web3Subscription constructor accept a Subscription Manager (as an alternative to accepting Request Manager that is now marked marked as deprecated) ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-types - Added the `SimpleProvider` interface which has only `request(args)` method that is compatible with EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) - Added the `Eip1193EventName` type that contains the possible events names according to EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### Changed ##### web3-core - Web3Subscription constructor overloading that accept a Request Manager is marked as deprecated ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-errors - Dependencies updated ##### web3-eth - Dependencies updated ##### web3-eth-iban - Dependencies updated ##### web3-eth-personal - Dependencies updated ##### web3-net - Dependencies updated ##### web3-providers-http - Dependencies updated ##### web3-providers-ipc - Dependencies updated ##### web3-rpc-methods - Dependencies updated ##### web3-types - The `EIP1193Provider` class has now all the events (for `on` and `removeListener`) according to EIP-1193 ([#6210](https://togithub.com/ChainSafe/web3.js/issues/6210)) ##### web3-utils - Dependencies updated ##### web3-validator - Dependencies updated ### [`v4.0.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#401-alpha0) ##### Fixed - Dependency tree cannot be resolved by Yarn due to old deprecated packages picked by yarn - fixed ([#5382](https://togithub.com/ChainSafe/web3.js/issues/5382)) ### [`v4.0.0`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#400-alpha0) Note: Yarn is resolving to some old deprecated package versions for 4.0.0-alpha.0 instead of latest alpha versions. A patch bump is posted so yarn users should use 4.0.1-alpha.0 for testing. ##### Added ##### web3-errors - `web3-errors` new package is created, it has Web3 Error codes and classes ##### web3-types - `web3-types` new package is created, it provides the common data structures and interfaces for web3 modules ##### web3-validator - `web3-validator` new package is created, it has JSON-Schema compatible validator functionality for Web3 ##### Removed ##### web3-bzz - This Package is deprecated ##### web3-shh - This Package is deprecated ##### web3-core-helpers - This Package is removed, `errors` are moved to `web3-errors` package and formatters are moved in `web3-core` package ##### web3-core-method - This Package is removed, and `web3-core-method` functionality is moved to `web3-eth` package ##### web3-core-promieevent - This Package is removed, and core promi events functionality is moved to `web3-core` package ##### web3-core-requestmanager - This Package is removed, batch requests and request manager functionality is moved to `web3-core` package ##### web3-core-subscription - This Package is removed, and core subscription functionality is moved to `web3-core` package ##### Changed ##### web3 - Passing callbacks to functions is no longer supported, except for event listeners. - Method `extend` is deprecated ##### web3-core - The function `outputBigNumberFormatter` in `web3-core-helper` renamed to `outputBigIntFormatter` under `web3-core` - Removed `this.defaultBlock` context from `inputDefaultBlockNumberFormatter` in `web3-core-helper` and converted to additional parameter - Removed `this.defaultBlock` context from `inputTransactionFormatter` in `web3-core-helper` and converted to additional parameter ##### web3-utils - The following functions `soliditySha3` `soliditySha3Raw` `encodePacked` now includes type validation and requires type specification, instead of guessing the value type - The functions `soliditySha3`, `soliditySha3Raw` and `encodePacked` did not support BN; But, now supports `BigInt` - The functions `flattenTypes` and `jsonInterfaceMethodToString` moved to the `web3-eth-abi` package - The function `isAddress` now includes an optional parameter `checkChecksum` type boolean - `isBoolean` now accept `1`, and `0` as valid values to test. Ref: `web3-validator` ##### web3-eth-accounts - `create` function does not take in the optional parameter `entropy` - `Wallet.create` function doesn't accept `entropy` param ##### web3-validator - `isBoolean` now accept `1`, and `0` as valid values to test. ##### web3-eth-contract - Event logs do not support types for indexed properties, but named properties are supported. - Types for overloaded ABI functions are not yet supported. - `signTransaction` will not fill any default values, and it will only sign and return result. For filling default values, use `web3-eth` package - `recover` function's last param is boolean `hashed`, it is used to indicate if data provided is already hashed or not. By default, this function will assume data is not hashed. - The `Wallet` no longer supports address/number indexing. Have to use `wallet.get` instead. - `Wallet.create` function doesn't accept `entropy` param - `contract.method.send()` will resolve to transaction receipt instead of `transactionHash`. User can use `receipt.transactionHash` instead. ##### web3-net - Package will not support web3.bzz.net and web3.shh.net ##### web3-eth-iban - IBAN constructor now has validation checks for indirect/direct iban. - `isDirect`, `isValid`, `isIndirect` are now also included as static methods. ##### web3-eth-ens - `setMultihash` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver (https://github.com/ensdomains/resolvers/blob/master/contracts/PublicResolver.sol) - `setContent` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver (https://github.com/ensdomains/resolvers/blob/master/contracts/PublicResolver.sol) - `getContent` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver. - `getMultihash` is not supported in web3-eth-ens 4.x as it's deprecated in ENS public resolver. ##### web3-eth-abi - `internalType` was renamed to `baseType` in all abi types ##### web3-eth - `givenProvider` default value is undefined - `defaultHardfork` default value is 'london' - `defaultAccount` default value is undefined - `defaultNetworkId` default value is undefined - When sending a transaction, if Ethereum Node does not respond within `transactionSendTimeout`, throw an Error. ##### web3-eth-subscribe - `clearSubscriptions` Instead of returning `true` , `clearSubscriptions` now returns array of subscription's ids ##### web3-eth-personal - `givenProvider` default value is undefined - `currentProvider` default value is undefined ### [`v1.10.4`](https://togithub.com/web3/web3.js/releases/tag/v1.10.4) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.3...v1.10.4) ##### Security - Updated dependencies ([#6731](https://togithub.com/ChainSafe/web3.js/issues/6731)) *** ##### Maintenance Countdown: Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase. ##### Timeline of Changes: 90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the [upgrade to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) ##### No New Bug Fixes (4/1/24 onwards): Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend [upgrading to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) ##### End of Security Fixes (7/1/24): Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. [Upgrading to Web3.js version 4.x](https://docs.web3js.org/guides/web3\_upgrade_guide/x/) is crucial to ensure the security of your applications. ### [`v1.10.3`](https://togithub.com/web3/web3.js/releases/tag/v1.10.3) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.2...v1.10.3) ##### Security - `web3-eth-accounts`: Bumped `@ethereumjs` dependencies ([#6457](https://togithub.com/ChainSafe/web3.js/issues/6457)) - Updated dependencies ([#6491](https://togithub.com/ChainSafe/web3.js/issues/6491)) ### [`v1.10.2`](https://togithub.com/web3/web3.js/releases/tag/v1.10.2) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.1...v1.10.2) ##### Fixed - Fixed broken fetch for Node.js > 18.x and fixed double callback ([#6381](https://togithub.com/ChainSafe/web3.js/issues/6381)) ### [`v1.10.1`](https://togithub.com/web3/web3.js/releases/tag/v1.10.1) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.10.0...v1.10.1) ##### Fixed - Builds fixed by updating all typescript versions to 4.9.5 ([#6238](https://togithub.com/ChainSafe/web3.js/issues/6238)) - ABI encoding for large negative `int`s ([#6239](https://togithub.com/ChainSafe/web3.js/issues/6239)) - Updated type file for `submitWork` parameters, accepts 3 parameters instead of an array ([#5200](https://togithub.com/ChainSafe/web3.js/issues/5200)) ##### Changed - Replace ethereumjs-util with [@ethereumjs/util](https://togithub.com/ethereumjs/util) ([#6283](https://togithub.com/ChainSafe/web3.js/issues/6283)) ### [`v1.10.0`](https://togithub.com/web3/web3.js/releases/tag/v1.10.0) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.9.0...v1.10.0) ##### Fixed - Improved the error propagation in `web3-providers-http` package to effectively propagate useful error infomation about failed HTTP connections ([#5955](https://togithub.com/ChainSafe/web3.js/issues/5955)) - Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask ([#4454](https://togithub.com/ChainSafe/web3.js/issues/4454)) and related "n.data.substring is not a function", that is raised when there is a revert and `web.eth.handleRevert = true` ([#6000](https://togithub.com/ChainSafe/web3.js/issues/6000)) ##### Changed - `transaction.type` is now formatted to a hex string before being send to provider ([#5979](https://togithub.com/ChainSafe/web3.js/issues/5979)) - When sending a transaction, if `transaction.type === '0x1' && transaction.accessList === undefined`, then `transaction.accessList` is set to `[]` ([#5979](https://togithub.com/ChainSafe/web3.js/issues/5979)) - Removed an unnecessary `chainId` parameter from `toChecksumAddress()` function types ([#5888](https://togithub.com/ChainSafe/web3.js/issues/5888)) ##### Added - Added support for `getPastEvents` method to filter `allEvents` and specific event ([#6015](https://togithub.com/ChainSafe/web3.js/issues/6015)) ##### Security - Updated dependencies ([#6044](https://togithub.com/ChainSafe/web3.js/issues/6044)) ### [`v1.9.0`](https://togithub.com/web3/web3.js/releases/tag/v1.9.0) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.8.2...v1.9.0) ##### Fixed - Fixed skipped ws-ganache tests ([#5759](https://togithub.com/ChainSafe/web3.js/issues/5759)) - Fixed "provider started to reconnect error" in web3-provider-ws ([#5820](https://togithub.com/ChainSafe/web3.js/issues/5820)) - Fixed Error: Number can only safely store up to 53 bits ([#5845](https://togithub.com/ChainSafe/web3.js/issues/5845)) - Fixed types for packages which have default exports but not declared default export in .d.ts ([#5866](https://togithub.com/ChainSafe/web3.js/issues/5866)) - Fixed Transaction type by adding missing properties ([#5856](https://togithub.com/ChainSafe/web3.js/issues/5856)) ##### Changed - Add optional `hexFormat` param to `getTransaction` and `getBlock` that accepts the value `'hex'` ([#5845](https://togithub.com/ChainSafe/web3.js/issues/5845)) - `utils.toNumber` and `utils.hexToNumber` can now return the large unsafe numbers as `BigInt`, if `true` was passed to a new optional parameter called `bigIntOnOverflow` ([#5845](https://togithub.com/ChainSafe/web3.js/issues/5845)) - Updated [@types/bn](https://togithub.com/types/bn).js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in [#5640](https://togithub.com/ChainSafe/web3.js/issues/5640) ([#5885](https://togithub.com/ChainSafe/web3.js/issues/5885)) - Add description to error for failed connection on websocket ([#5884](https://togithub.com/ChainSafe/web3.js/issues/5884)) ##### Security - Updated dependencies ([#5885](https://togithub.com/ChainSafe/web3.js/issues/5885)) ### [`v1.8.2`](https://togithub.com/web3/web3.js/releases/tag/v1.8.2) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.8.1...v1.8.2) ##### Changed - Updated Webpack 4 to Webpack 5, more details at ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) - `crypto-browserify` module is now used only in webpack builds for polyfilling browsers ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) - Updated `ethereumjs-util` to `7.1.5` ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) - Updated `lerna` 4 to version 6 ([#5680](https://togithub.com/ChainSafe/web3.js/issues/5680)) - Bump utils 0.12.0 to 0.12.5 ([#5691](https://togithub.com/ChainSafe/web3.js/issues/5691)) ##### Fixed - Fixed types for `web3.utils._jsonInterfaceMethodToString` ([#5550](https://togithub.com/ChainSafe/web3.js/issues/5550)) - Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally ([#5601](https://togithub.com/ChainSafe/web3.js/issues/5601)) - Builds fixed by updating all typescript versions to 4.1 ([#5675](https://togithub.com/ChainSafe/web3.js/issues/5675)) ##### Removed - `clean-webpack-plugin` has been removed from dev-dependencies ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) ##### Added - `https-browserify`, `process`, `stream-browserify`, `stream-http`, `crypto-browserify` added to dev-dependencies for polyfilling ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) - Add `readable-stream` to dev-dependancies for webpack ([#5629](https://togithub.com/ChainSafe/web3.js/issues/5629)) ##### Security - `npm audit fix` for libraries update ([#5726](https://togithub.com/ChainSafe/web3.js/issues/5726)) ### [`v1.8.1`](https://togithub.com/web3/web3.js/releases/tag/v1.8.1) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.8.0...v1.8.1) ##### Fixed - Fixed types for getPastEvents ([#4955](https://togithub.com/ChainSafe/web3.js/issues/4955)) ([#5260](https://togithub.com/ChainSafe/web3.js/issues/5260)) - Fix Log type by adding missing `removed` property ([#4877](https://togithub.com/ChainSafe/web3.js/issues/4877)) ##### Changed - Updated dependencies ([#5529](https://togithub.com/ChainSafe/web3.js/issues/5529)) ### [`v1.8.0`](https://togithub.com/web3/web3.js/releases/tag/v1.8.0) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.5...v1.8.0) ##### Changed - Updated `sha3` and `sha3Raw` type definition to accept `Buffer` ([#5357](https://togithub.com/ChainSafe/web3.js/issues/5357)) - Removing legacy field in lerna.json ([#5403](https://togithub.com/ChainSafe/web3.js/issues/5403)) - Correct `eth_sendSignedTransaction` code example ([#5402](https://togithub.com/ChainSafe/web3.js/issues/5402)) ##### Fixed - Browser builds support polyfills ([#5031](https://togithub.com/ChainSafe/web3.js/issues/5031)) ([#5053](https://togithub.com/ChainSafe/web3.js/issues/5053)) ([#4659](https://togithub.com/ChainSafe/web3.js/issues/4659)) ([#4767](https://togithub.com/ChainSafe/web3.js/issues/4767)) - Update node version on actions to fix breaking mosaic test ([#5354](https://togithub.com/ChainSafe/web3.js/issues/5354)) - Start incrementing jsonrpc.id from random number ([#5327](https://togithub.com/ChainSafe/web3.js/issues/5327)) - `web3-eth-contract`'s `call` and `send` methods no longer mutate `options` argument ([#5394](https://togithub.com/ChainSafe/web3.js/issues/5394)) - Improvement using provided gas options in web3-eth-accounts for eip-1559 transactions ([#5012](https://togithub.com/ChainSafe/web3.js/issues/5012)) ##### Added - Add missing function type "receive" in `AbiType` ([#5165](https://togithub.com/ChainSafe/web3.js/issues/5165)) - Support of `safe` and `finalized` block tags added ([#5410](https://togithub.com/ChainSafe/web3.js/issues/5410)) ### [`v1.7.5`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#175) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.4...v1.7.5) ##### Changed - Replace xhr2-cookies deps to cross-fetch for web3-providers-http ([#5085](https://togithub.com/ChainSafe/web3.js/issues/5085)) ##### Added - Documentation details about `maxFeePerGas` and `maxPriorityFeePerGas` ([#5121](https://togithub.com/ChainSafe/web3.js/issues/5121)) - Added `createAccessList` types in web3.eth ([#5146](https://togithub.com/ChainSafe/web3.js/issues/5146)) ##### Fixed - Improving `AbstractProvider` interface ([#5150](https://togithub.com/ChainSafe/web3.js/issues/5150)) - Fix typos in web3-eth-accounts.rst & TESTING.md ([#5047](https://togithub.com/ChainSafe/web3.js/issues/5047)) - Fix remove wallet using an index when an account address and address lowercase are equal ([#5049](https://togithub.com/ChainSafe/web3.js/issues/5049)) - Improve README.md & Fix typos ([#4848](https://togithub.com/ChainSafe/web3.js/issues/4848)) - Add optional hex formatting parameter for getTransactionReceipt ([#5153](https://togithub.com/ChainSafe/web3.js/issues/5153)) - Fix transactionRoot -> transactionsRoot in BlockHeader ([#5083](https://togithub.com/ChainSafe/web3.js/issues/5083)) - Fix Promise in Accounts.signTransaction() throwing errors that cannot be caught ([#4724](https://togithub.com/ChainSafe/web3.js/issues/4724)) - Fixed unit tests & removed dead code for web3-providers-http ([#5228](https://togithub.com/ChainSafe/web3.js/issues/5228)) ##### Security - Updated `got` lib version and fixed other libs using npm audit fix ([#5178](https://togithub.com/ChainSafe/web3.js/issues/5178)) ([#5254](https://togithub.com/ChainSafe/web3.js/issues/5254)) ### [`v1.7.4`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#174) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.3...v1.7.4) ##### Fixed - Fix dead link in web3-eth.rst ([#4916](https://togithub.com/ChainSafe/web3.js/issues/4916)) - Fix web3-core-method throws on `f.call = this.call` when intrinsic is frozen ([#4918](https://togithub.com/ChainSafe/web3.js/issues/4918)) ([#4938](https://togithub.com/ChainSafe/web3.js/issues/4938)) - Fix static tuple encoding ([#4673](https://togithub.com/ChainSafe/web3.js/issues/4673)) ([#4884](https://togithub.com/ChainSafe/web3.js/issues/4884)) - Fix bug in handleRevert logic for eth_sendRawTransaction ([#4902](https://togithub.com/ChainSafe/web3.js/issues/4902)) - Fix resolve type of getBlock function ([#4911](https://togithub.com/ChainSafe/web3.js/issues/4911)) - Web3-utils BN fix ([#5132](https://togithub.com/ChainSafe/web3.js/issues/5132)) ##### Changed - Replace deprecated String.prototype.substr() ([#4855](https://togithub.com/ChainSafe/web3.js/issues/4855)) - Exporting AbiCoder as coder ([#4937](https://togithub.com/ChainSafe/web3.js/issues/4937)) - Github build workflow updated min build for node.js 12 and tests for 12, 14 and 16 ([#5014](https://togithub.com/ChainSafe/web3.js/issues/5014)) - Updated libraries using BN and the BN library ([#5072](https://togithub.com/ChainSafe/web3.js/issues/5072)) ##### Added - Exposing `web3.eth.Contract.setProvider()` as per public documentation ([#4822](https://togithub.com/ChainSafe/web3.js/issues/4822)) ([#5001](https://togithub.com/ChainSafe/web3.js/issues/5001)) - Improve npm script commands for development purposes ([#4848](https://togithub.com/ChainSafe/web3.js/issues/4848)) ##### Security - `npm audit fix` to address vulnerabilities and update libraries ([#5014](https://togithub.com/ChainSafe/web3.js/issues/5014)) ### [`v1.7.3`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#173) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.2...v1.7.3) ##### Fixed - Fixed build issues of 1.7.2 ### [`v1.7.2`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#172) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.1...v1.7.2) ##### Changed - Remove deprecated `close` event listener ([#4825](https://togithub.com/ChainSafe/web3.js/issues/4825)) ([#4839](https://togithub.com/ChainSafe/web3.js/issues/4839)) ##### Security - `npm audit fix` to update libraries ([#4860](https://togithub.com/ChainSafe/web3.js/issues/4860)) ##### Fixed - Fix jsonrpc payload and response types ([#4743](https://togithub.com/ChainSafe/web3.js/issues/4743)) ([#4761](https://togithub.com/ChainSafe/web3.js/issues/4761)) - Allowed more flexibility in typing the overly constrained `provider.disconnect` function ([#4833](https://togithub.com/ChainSafe/web3.js/issues/4833)) ### [`v1.7.1`](https://togithub.com/ChainSafe/web3.js/blob/HEAD/CHANGELOG.md#171) [Compare Source](https://togithub.com/ChainSafe/web3.js/compare/v1.7.0...v1.7.1) ##### Added - `transactionPollingInterval` added to web3, contract and method constructor options. defaults to 1 second. ([#4584](https://togithub.com/ChainSafe/web3.js/issues/4584)) - Add example import for package level types ([#4611](https://togithub.com/ChainSafe/web3.js/issues/4611)) ##### Fixed - Fix a typo in the documentation for `methods.myMethod.send` ([#4599](https://togithub.com/ChainSafe/web3.js/issues/4599)) - Use globalThis to locate global object if possible ([#4613](https://togithub.com/ChainSafe/web3.js/issues/4613)) - Fix typos in web3-utils.rst ([#4662](https://togithub.com/ChainSafe/web3.js/issues/4662)) - Added effectiveGasPrice to TransactionReceipt ([#4692](https://togithub.com/ChainSafe/web3.js/issues/4692)) - Correction in documentation for `web3.eth.accounts.signTransaction` ([#4576](https://togithub.com/ChainSafe/web3.js/issues/4576)) - Updated README to include Webpack 5 create-react-app support instructions ([#4173](https://togithub.com/ChainSafe/web3.js/issues/4173)) - Update the documentation for `methods.myMethod.estimateGas` ([#4702](https://togithub.com/ChainSafe/web3.js/issues/4702)) - Fix typos in REVIEW.md and TESTING.md ([#4691](https://togithub.com/ChainSafe/web3.js/issues/4691)) - Fix encoding for "0x" string values ([#4512](https://togithub.com/ChainSafe/web3.js/issues/4512)) ##### Changed - Muted E2E gnosis dex tests in CI until fix for issue [#4436](https://togithub.com/ChainSafe/web3.js/issues/4436) is applied ([#4701](https://togithub.com/ChainSafe/web3.js/issues/4701)) ##### Removed - Removed deprecated Morden testnet code ([#4339](https://togithub.com/ChainSafe/web3.js/issues/4339)) ##### Security - Ran `npm audit fix` to address vulnerabilities and update libraries ([#4719](https://togithub.com/ChainSafe/web3.js/issues/4719)) ([#4728](https://togithub.com/ChainSafe/web3.js/issues/4728))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.