socket-security[bot]
commented
7 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@babel/runtime@7.21.5 | None | +1 |
286 kB | nicolo-ribaudo |
| npm/@coral-xyz/anchor@0.27.0 | environment, filesystem, network Transitive: eval, shell | +37 |
27.5 MB | henrye |
| npm/@noble/hashes@1.3.0 | None | 0 |
737 kB | paulmillr |
| npm/@solana/web3.js@1.87.7 | environment, eval, network Transitive: filesystem, shell | +46 |
27.1 MB | steveluscher |
| npm/@types/bn.js@5.1.3 | None | +1 |
3.94 MB | types |
| npm/@types/chai@4.3.9 | None | 0 |
76.8 kB | types |
| npm/@types/mocha@9.1.1 | None | 0 |
96.1 kB | types |
| npm/chai@4.3.10 | None | +5 |
892 kB | keithamus |
| npm/cors@2.8.5 | None | +1 |
25.5 kB | dougwilson |
| npm/get-func-name@2.0.2 | None | 0 |
8.68 kB | keithamus |
🚮 Removed packages: npm/@coral-xyz/anchor@0.28.1-beta.1, npm/@esbuild-plugins/node-globals-polyfill@0.2.3, npm/@noble/hashes@1.3.1, npm/@solana/web3.js@1.87.2, npm/agentkeepalive@4.5.0, npm/node-fetch@2.6.12, npm/vite@4.5.1
This PR contains the following updates:
1.87.2->1.87.7GitHub Vulnerability Alerts
CVE-2024-30253
Using particular inputs with
@solana/web3.jswill result in memory exhaustion (OOM).If you have a server, client, mobile, or desktop product that accepts untrusted input for use with
@solana/web3.js, your application/service may crash, resulting in a loss of availability.Release Notes
solana-labs/solana-web3.js (@solana/web3.js)
### [`v1.87.6`](https://togithub.com/solana-labs/solana-web3.js/releases/tag/v1.87.6) [Compare Source](https://togithub.com/solana-labs/solana-web3.js/compare/v1.87.5...v1.87.6) ##### Bug Fixes - update [@babel/plugin-transform-runtime](https://togithub.com/babel/plugin-transform-runtime) & [@babel/preset-env](https://togithub.com/babel/preset-env) ([#1826](https://togithub.com/solana-labs/solana-web3.js/issues/1826)) ([b7ead05](https://togithub.com/solana-labs/solana-web3.js/commit/b7ead05a5590b9e71b8474a4df11ea3a497aa4eb)) ### [`v1.87.5`](https://togithub.com/solana-labs/solana-web3.js/releases/tag/v1.87.5) [Compare Source](https://togithub.com/solana-labs/solana-web3.js/compare/v1.87.4...v1.87.5) ##### Bug Fixes - **legacy:** declare transaction `meta` as nullable ([#1812](https://togithub.com/solana-labs/solana-web3.js/issues/1812)) ([ffeddf6](https://togithub.com/solana-labs/solana-web3.js/commit/ffeddf69f49566f0e8028589c00fe09c81b62603)) ### [`v1.87.4`](https://togithub.com/solana-labs/solana-web3.js/releases/tag/v1.87.4) [Compare Source](https://togithub.com/solana-labs/solana-web3.js/compare/v1.87.3...v1.87.4) ##### Bug Fixes - parameter names in GetTokenAccountsByOwnerApi ([#1809](https://togithub.com/solana-labs/solana-web3.js/issues/1809)) ([d575f09](https://togithub.com/solana-labs/solana-web3.js/commit/d575f094f47701a4429f577e655ebd3d49e6bc8c)) ### [`v1.87.3`](https://togithub.com/solana-labs/solana-web3.js/releases/tag/v1.87.3) [Compare Source](https://togithub.com/solana-labs/solana-web3.js/compare/v1.87.2...v1.87.3) ##### Bug Fixes - temporarily lock to Node 18.x for CI/CD workflow ([#1785](https://togithub.com/solana-labs/solana-web3.js/issues/1785)) ([6910664](https://togithub.com/solana-labs/solana-web3.js/commit/6910664bb9dd1e6b24c57a321b05fe49cc6815d8))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.