search

hypersign-protocol / hyperfyre-frontend

A platform to automate the IDO whitelisting process using Hypersign SSI infrastructure.
https://fyre.hypersign.id
Apache License 2.0
3 stars 2 forks source link

[Snyk] Upgrade web3 from 1.3.6 to 1.10.4 #1978

Open Vishwas1 opened 1 week ago

Vishwas1 commented 1 week ago

snyk-top-banner

Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 696 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 696 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 696 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 696 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 696 No Known Exploit
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683		 696 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 696 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 696 No Known Exploit
medium severity Open Redirect
SNYK-JS-GOT-2932019		 696 No Known Exploit
medium severity Open Redirect
SNYK-JS-GOT-2932019		 696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 696 Proof of Concept
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 696 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 696 No Known Exploit
Release notes
Package name: web3
  • 1.10.4 - 2024-02-05
  • 1.10.4-dev.0 - 2024-01-31
  • 1.10.3 - 2023-10-18
  • 1.10.3-dev.0 - 2023-10-16
  • 1.10.2 - 2023-08-28
  • 1.10.1 - 2023-08-14
  • 1.10.1-rc.0 - 2023-08-08
  • 1.10.0 - 2023-05-10
  • 1.10.0-rc.0 - 2023-05-02
  • 1.9.0 - 2023-03-20
  • 1.9.0-rc.0 - 2023-03-07
  • 1.8.2 - 2023-01-30
  • 1.8.2-rc.0 - 2023-01-11
  • 1.8.1 - 2022-11-10
  • 1.8.1-rc.0 - 2022-10-28
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
  • 1.7.5-rc.1 - 2022-07-19
  • 1.7.5-rc.0 - 2022-07-15
  • 1.7.4 - 2022-06-21
  • 1.7.4-rc.2 - 2022-06-16
  • 1.7.4-rc.1 - 2022-06-08
  • 1.7.4-rc.0 - 2022-05-17
  • 1.7.3 - 2022-04-08
  • 1.7.3-rc.0 - 2022-04-07
  • 1.7.2 - 2022-04-07
  • 1.7.2-rc.0 - 2022-03-24
  • 1.7.1 - 2022-03-03
  • 1.7.1-rc.0 - 2022-02-10
  • 1.7.0 - 2022-01-17
  • 1.7.0-rc.0 - 2021-12-09
  • 1.6.1 - 2021-11-15
  • 1.6.1-rc.3 - 2021-11-10
  • 1.6.1-rc.2 - 2021-10-27
  • 1.6.1-rc.0 - 2021-10-09
  • 1.6.0 - 2021-09-30
  • 1.6.0-rc.0 - 2021-09-26
  • 1.5.3 - 2021-09-22
  • 1.5.3-rc.0 - 2021-09-10
  • 1.5.2 - 2021-08-15
  • 1.5.2-rc.0 - 2021-08-15
  • 1.5.1 - 2021-08-05
  • 1.5.1-rc.1 - 2021-08-05
  • 1.5.1-rc.0 - 2021-07-31
  • 1.5.0 - 2021-07-28
  • 1.5.0-rc.1 - 2021-07-24
  • 1.5.0-rc.0 - 2021-07-21
  • 1.4.0 - 2021-06-30
  • 1.4.0-rc.0 - 2021-06-25
  • 1.3.6 - 2021-05-14
from web3 GitHub release notes

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: