This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.4.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration).
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **50 versions** ahead of your current version.
- The recommended version was released **a month ago**, on 2024-02-05.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Information Exposure [SNYK-JS-SIMPLEGET-2361683](https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Arbitrary File Overwrite [SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Improper Verification of Cryptographic Signature [SNYK-JS-BROWSERIFYSIGN-6037026](https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Denial of Service (DoS) [SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Arbitrary File Write [SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Information Exposure [SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **761/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: web3
Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase.
Timeline of Changes:
90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the upgrade to Web3.js version 4.x
No New Bug Fixes (4/1/24 onwards):
Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend upgrading to Web3.js version 4.x
End of Security Fixes (7/1/24):
Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. Upgrading to Web3.js version 4.x is crucial to ensure the security of your applications.
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr)
👩💻 [Set who automatically gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?pkg=web3&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.4.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr/settings/integration). :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **50 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2024-02-05. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-SIMPLEGET-2361683](https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-BROWSERIFYSIGN-6037026](https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit
[SNYK-JS-COOKIEJAR-3149984](https://snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Proof of Concept
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **761/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: web3
-
1.10.4 - 2024-02-05
- Updated dependencies (#6731)
-
1.10.4-dev.0 - 2024-01-31
- Updated dependencies (#6731)
-
1.10.3 - 2023-10-18
-
-
-
1.10.3-dev.0 - 2023-10-16
-
-
- legacy ( for v1 releases )
- legacy-dev ( for v1 test/RC releases, this will replace rc tag)
-
1.10.2 - 2023-08-28
-
1.10.1 - 2023-08-14
-
1.10.1-rc.0 - 2023-08-08
-
1.10.0 - 2023-05-10
-
1.10.0-rc.0 - 2023-05-02
-
1.9.0 - 2023-03-20
-
1.9.0-rc.0 - 2023-03-07
-
1.8.2 - 2023-01-30
-
1.8.2-rc.0 - 2023-01-11
-
1.8.1 - 2022-11-10
-
1.8.1-rc.0 - 2022-10-28
-
1.8.0 - 2022-09-14
-
1.8.0-rc.0 - 2022-09-08
-
1.7.5 - 2022-08-01
-
1.7.5-rc.1 - 2022-07-19
-
1.7.5-rc.0 - 2022-07-15
-
1.7.4 - 2022-06-21
-
1.7.4-rc.2 - 2022-06-16
-
1.7.4-rc.1 - 2022-06-08
-
1.7.4-rc.0 - 2022-05-17
-
1.7.3 - 2022-04-08
-
1.7.3-rc.0 - 2022-04-07
-
1.7.2 - 2022-04-07
-
1.7.2-rc.0 - 2022-03-24
-
1.7.1 - 2022-03-03
-
1.7.1-rc.0 - 2022-02-10
-
1.7.0 - 2022-01-17
-
1.7.0-rc.0 - 2021-12-09
-
1.6.1 - 2021-11-15
-
1.6.1-rc.3 - 2021-11-10
-
1.6.1-rc.2 - 2021-10-27
-
1.6.1-rc.0 - 2021-10-09
-
1.6.0 - 2021-09-30
-
1.6.0-rc.0 - 2021-09-26
-
1.5.3 - 2021-09-22
-
1.5.3-rc.0 - 2021-09-10
-
1.5.2 - 2021-08-15
-
1.5.2-rc.0 - 2021-08-15
-
1.5.1 - 2021-08-05
-
1.5.1-rc.1 - 2021-08-05
-
1.5.1-rc.0 - 2021-07-31
-
1.5.0 - 2021-07-28
-
1.5.0-rc.1 - 2021-07-24
-
1.5.0-rc.0 - 2021-07-21
-
1.4.0 - 2021-06-30
-
1.4.0-rc.0 - 2021-06-25
-
1.3.6 - 2021-05-14
from web3 GitHub release notesSecurity
Maintenance Countdown:
Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase.
Timeline of Changes:
90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the upgrade to Web3.js version 4.x
No New Bug Fixes (4/1/24 onwards):
Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend upgrading to Web3.js version 4.x
End of Security Fixes (7/1/24):
Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. Upgrading to Web3.js version 4.x is crucial to ensure the security of your applications.
Security
Security
web3-eth-accounts: Bumped@ ethereumjsdependencies (#6457)Updated dependencies (#6491)
Security
web3-eth-accounts: Bumped@ ethereumjsdependencies (#6457)Updated dependencies (#6491)
( Considering discussion about release tags , v1 will follow tags:
Commit messages
Package name: web3
- 56d35a4 lerna version bump and build
- 5b1b9d7 version bumps and lerna build
- 4ab6cc4 changelog update
- f5b72a0 npm i and npm audit fix
- 53e01d9 1x libs update (#6731)
- 5b33133 Add 1.x deprecation notice (#6723)
- 0e8695b 1x release process (#6550)
- 926c882 Release/1.10.3 (#6510)
- dbd96ae 1x deps update (#6491)
- aafce59 v1/chore(web3-eth-accounts): bump @ ethereumjs/common and @ ethereumjs/tx (#6457)
- c44abcd Release/1.10.2 (#6382)
- 9e063ef Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
- 3e685bf Release/1.10.1 (#6329)
- 1b65ccf codeowners update (#6324)
- d4217a2 1x doc updates (#6325)
- 5f02175 Replace ethereumjs-util with @ ethereumjs/util (#6283)
- e68194b 1.x - update submit work and contract.myMethod.send docs (#6229)
- 47b9769 Fix for ABI encoding large negative ints (#6239)
- 512aba7 Bump `typescript` to `4.9.5` and `ts-node` to `10.9.1` (#6238)
- 6bde558 Release/1.10.0 (#6058)
- 13a2edc Remove the unnecessary chainId parameter (#5888) (#6057)
- 7b3ce91 1x update (#6044)
- 195cd3c Filter option doesn't work in getPastEvents (#6015)
- 48958ee Nicos99/revert call (#6009)
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: