This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.3.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration).
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **48 versions** ahead of your current version.
- The recommended version was released **4 months ago**, on 2023-10-18.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Information Exposure [SNYK-JS-SIMPLEGET-2361683](https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Arbitrary File Overwrite [SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Improper Verification of Cryptographic Signature [SNYK-JS-BROWSERIFYSIGN-6037026](https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Denial of Service (DoS) [SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Information Exposure [SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: web3
6ce085b Fix error: "n.data.substring is not a function" (#6000)
4e5afa1 Format `transaction.type` to hex. Add empty `accessList` is `tx.type === '0x1'` (#5979)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr)
👩💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.3.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration). :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **48 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2023-10-18. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-SIMPLEGET-2361683](https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Arbitrary File Overwrite
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Overwrite
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Improper Verification of Cryptographic Signature
[SNYK-JS-BROWSERIFYSIGN-6037026](https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Denial of Service (DoS)
[SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: web3
Security
web3-eth-accounts
: Bumped@ ethereumjs
dependencies (#6457)Updated dependencies (#6491)
Security
web3-eth-accounts
: Bumped@ ethereumjs
dependencies (#6457)Updated dependencies (#6491)
( Considering discussion about release tags , v1 will follow tags:
Fixed
Fixed
int
s (#6239)submitWork
parameters, accepts 3 parameters instead of an array (#5200)Changed
Fixed
int
s (#6239)submitWork
parameters, accepts 3 parameters instead of an array (#5200)Changed
Commit messages
Package name: web3
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr) 👩💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)