hypersign-protocol / hyperfyre-frontend

A platform to automate the IDO whitelisting process using Hypersign SSI infrastructure.
https://fyre.hypersign.id
Apache License 2.0
3 stars 2 forks source link

[Snyk] Upgrade web3 from 1.3.6 to 1.10.3 #1948

Open Vishwas1 opened 9 months ago

Vishwas1 commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.3.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration). :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **48 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2023-10-18. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-SIMPLEGET-2361683](https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Arbitrary File Overwrite
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Overwrite
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Improper Verification of Cryptographic Signature
[SNYK-JS-BROWSERIFYSIGN-6037026](https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Denial of Service (DoS)
[SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: web3
  • 1.10.3 - 2023-10-18

    Security

    • web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)

    • Updated dependencies (#6491)

  • 1.10.3-dev.0 - 2023-10-16

    Security

    • web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)

    • Updated dependencies (#6491)


    ( Considering discussion about release tags , v1 will follow tags:

    • legacy ( for v1 releases )
    • legacy-dev ( for v1 test/RC releases, this will replace rc tag)
  • 1.10.2 - 2023-08-28

    Fixed

    • Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
  • 1.10.1 - 2023-08-14

    Fixed

    • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
    • ABI encoding for large negative ints (#6239)
    • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

    Changed

    • Replace ethereumjs-util with @ ethereumjs/util (#6283)
  • 1.10.1-rc.0 - 2023-08-08

    Fixed

    • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
    • ABI encoding for large negative ints (#6239)
    • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

    Changed

    • Replace ethereumjs-util with @ ethereumjs/util (#6283)
  • 1.10.0 - 2023-05-10
  • 1.10.0-rc.0 - 2023-05-02
  • 1.9.0 - 2023-03-20
  • 1.9.0-rc.0 - 2023-03-07
  • 1.8.2 - 2023-01-30
  • 1.8.2-rc.0 - 2023-01-11
  • 1.8.1 - 2022-11-10
  • 1.8.1-rc.0 - 2022-10-28
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
  • 1.7.5-rc.1 - 2022-07-19
  • 1.7.5-rc.0 - 2022-07-15
  • 1.7.4 - 2022-06-21
  • 1.7.4-rc.2 - 2022-06-16
  • 1.7.4-rc.1 - 2022-06-08
  • 1.7.4-rc.0 - 2022-05-17
  • 1.7.3 - 2022-04-08
  • 1.7.3-rc.0 - 2022-04-07
  • 1.7.2 - 2022-04-07
  • 1.7.2-rc.0 - 2022-03-24
  • 1.7.1 - 2022-03-03
  • 1.7.1-rc.0 - 2022-02-10
  • 1.7.0 - 2022-01-17
  • 1.7.0-rc.0 - 2021-12-09
  • 1.6.1 - 2021-11-15
  • 1.6.1-rc.3 - 2021-11-10
  • 1.6.1-rc.2 - 2021-10-27
  • 1.6.1-rc.0 - 2021-10-09
  • 1.6.0 - 2021-09-30
  • 1.6.0-rc.0 - 2021-09-26
  • 1.5.3 - 2021-09-22
  • 1.5.3-rc.0 - 2021-09-10
  • 1.5.2 - 2021-08-15
  • 1.5.2-rc.0 - 2021-08-15
  • 1.5.1 - 2021-08-05
  • 1.5.1-rc.1 - 2021-08-05
  • 1.5.1-rc.0 - 2021-07-31
  • 1.5.0 - 2021-07-28
  • 1.5.0-rc.1 - 2021-07-24
  • 1.5.0-rc.0 - 2021-07-21
  • 1.4.0 - 2021-06-30
  • 1.4.0-rc.0 - 2021-06-25
  • 1.3.6 - 2021-05-14
from web3 GitHub release notes
Commit messages
Package name: web3
  • 24d310c Build commit for 1.10.3
  • 92180be v1.10.3
  • e4b251c Manual build commit for v1 dev
  • f741dce v1.10.3-dev.0
  • e21df8e changelog
  • d92b07a npm audit fix
  • dbd96ae 1x deps update (#6491)
  • aafce59 v1/chore(web3-eth-accounts): bump @ ethereumjs/common and @ ethereumjs/tx (#6457)
  • c44abcd Release/1.10.2 (#6382)
  • 9e063ef Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
  • 3e685bf Release/1.10.1 (#6329)
  • 1b65ccf codeowners update (#6324)
  • d4217a2 1x doc updates (#6325)
  • 5f02175 Replace ethereumjs-util with @ ethereumjs/util (#6283)
  • e68194b 1.x - update submit work and contract.myMethod.send docs (#6229)
  • 47b9769 Fix for ABI encoding large negative ints (#6239)
  • 512aba7 Bump `typescript` to `4.9.5` and `ts-node` to `10.9.1` (#6238)
  • 6bde558 Release/1.10.0 (#6058)
  • 13a2edc Remove the unnecessary chainId parameter (#5888) (#6057)
  • 7b3ce91 1x update (#6044)
  • 195cd3c Filter option doesn't work in getPastEvents (#6015)
  • 48958ee Nicos99/revert call (#6009)
  • 6ce085b Fix error: "n.data.substring is not a function" (#6000)
  • 4e5afa1 Format `transaction.type` to hex. Add empty `accessList` is `tx.type === '0x1'` (#5979)
Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr) 👩‍💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)