search

hyperledger-solang / solang

Solidity Compiler for Solana and Polkadot
https://solang.readthedocs.io/
Apache License 2.0
1.26k stars 210 forks source link

[Snyk] Upgrade @solana/spl-token from 0.2.0 to 0.3.8 #1583

Closed hyperledger-bot closed 10 months ago

hyperledger-bot commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @solana/spl-token from 0.2.0 to 0.3.8.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **10 versions** ahead of your current version. - The recommended version was released **5 months ago**, on 2023-06-01. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **534/1000**
**Why?** Proof of Concept exploit, Recently disclosed, CVSS 7.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @solana/spl-token
  • 0.3.8 - 2023-06-01
  • 0.3.7 - 2023-01-10
  • 0.3.6 - 2022-10-28
  • 0.3.5 - 2022-09-12
  • 0.3.4 - 2022-08-25
  • 0.3.4-alpha.0 - 2022-08-24
  • 0.3.3 - 2022-08-24
  • 0.3.2 - 2022-08-23
  • 0.3.1 - 2022-08-16
  • 0.3.0 - 2022-08-09

    What's new

    Miscellaneous Tasks

    • Bump bytemuck from 1.13.1 to 1.14.0 (#5210)

    Release

    • Bump tlv-account-resolution and dependents (#5367)
  • 0.2.0 - 2022-02-17
from @solana/spl-token GitHub release notes
Commit messages
Package name: @solana/spl-token
  • 8f9c33b memo-js: Bump version for release (#4449)
  • b1def15 token-swap-js: Bump to 0.4.0 for release (#4448)
  • 7233103 token-js: Bump version to 0.3.8 for publish (#4447)
  • ad7e2bd build(deps): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /stake-pool/js (#4443)
  • 09fa89d build(deps-dev): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /memo/js (#4445)
  • a660f45 build(deps-dev): bump @ types/prettier from 2.7.2 to 2.7.3 in /memo/js (#4446)
  • 197a65e build(deps): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /name-service/js (#4444)
  • 7657df8 build(deps): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /token-swap/js (#4442)
  • 50ebdd0 build(deps-dev): bump @ types/prettier from 2.7.2 to 2.7.3 in /token-lending/js (#4441)
  • 7f74aa3 build(deps-dev): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /token-lending/js (#4440)
  • 0756f0b build(deps-dev): bump @ solana/web3.js from 1.77.2 to 1.77.3 in /token/js (#4439)
  • ba11b97 build(deps-dev): bump @ types/prettier from 2.7.2 to 2.7.3 in /token/js (#4438)
  • f1620ca fix: upcoming fees should show if we are not yet over the epoch (#4436)
  • f533f3d docs: Delay token-2022 status dates by one month as we finish (#4433)
  • 1b4dd4e docs: Be really clear that token-2022 is still under audit (#4435)
  • 027f82c docs: Add basic token-2022 wallet guide (#4325)
  • 069c4b0 build(deps-dev): bump @ rollup/plugin-node-resolve from 15.0.2 to 15.1.0 in /stake-pool/js (#4432)
  • b0581d0 build(deps-dev): bump @ rollup/plugin-node-resolve from 15.0.2 to 15.1.0 in /token-lending/js (#4431)
  • 4c9e07a build(deps): bump chrono from 0.4.25 to 0.4.26 (#4429)
  • 19d7952 build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.59.7 to 5.59.8 in /memo/js (#4427)
  • 6bbd374 build(deps-dev): bump @ typescript-eslint/parser from 5.59.7 to 5.59.8 in /name-service/js (#4425)
  • 2a9c9f6 build(deps-dev): bump @ typescript-eslint/parser from 5.59.7 to 5.59.8 in /stake-pool/js (#4424)
  • 9b4f4e1 build(deps-dev): bump @ typescript-eslint/parser from 5.59.7 to 5.59.8 in /memo/js (#4428)
  • 8451a37 build(deps-dev): bump @ typescript-eslint/parser from 5.59.7 to 5.59.8 in /token-lending/js (#4419)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/hyperledger-bot/project/ccb2ab6a-ba20-4d58-979d-b59e66a8e113?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/hyperledger-bot/project/ccb2ab6a-ba20-4d58-979d-b59e66a8e113/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/hyperledger-bot/project/ccb2ab6a-ba20-4d58-979d-b59e66a8e113/settings/integration?pkg=@solana/spl-token&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
codecov[bot] commented 11 months ago

Codecov Report

Merging #1583 (22e2cfb) into main (69e9d20) will increase coverage by 0.00%. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1583   +/-   ##
=======================================
  Coverage   87.56%   87.57%           
=======================================
  Files         133      133           
  Lines       64217    64217           
=======================================
+ Hits        56233    56236    +3     
+ Misses       7984     7981    -3

see 1 file with indirect coverage changes