build(deps-dev): bump truffle from 5.2.4 to 5.4.28

[dependabot[bot]]

Bumps truffle from 5.2.4 to 5.4.28.

Release notes

Sourced from truffle's releases.

v5.4.28 – The colors, Duke, the colors!

Oh golly gee! Here's a Sunday hotfix for you to address a security concern raised by several people. ⚠️ We recommend upgrading to this version of Truffle as soon as possible. The colors package has suffered a software supply-chain attack and certain versions of this package (now unpublished) cause a Denial-of-Service (DoS) as soon as the module is loaded. As best we can tell, and as explained by this article, your private keys are safe and the extent of this issue lies with the package consuming system resources unduly. Nonetheless, upgrade as soon as possible to avoid this vulnerability, which prevents you from using Truffle.

Thanks to @​benoitrongeard @​Juan-de-Costa-Rica @​devdattakhoche @​JoepdeJong @​neurosnap @​plainfatboy and possibly others who have quickly raised the issue with us so that we could address it!

This release also contains a few other merged changes, including adding a helpful warning in some expected failure conditions when running truffle debug. Check the changelog below for the full list.

Thank you! Please let us know if you run into any further trouble.

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Enhancements

• Print warning in truffle debug for missing contract source code (#4602 by @​dongmingh)
• Update truffle init Solidity version to 0.8.11 (#4604 by @​haltman-at)

Internal improvements

• Ensure consistent naming of build scripts (#4605 by @​haltman-at)

Dependency updates

• Update dependency: colors@1.4.0 (#4609 by @​gnidan)
• Dependency update: Update lerna to 4.0.0 (#4523 by @​haltman-at)

v5.4.27 - Nutella Marquesitas

Hello everyone! We've got a few bug fixes for you all this week and some internal improvements as well 🐛!

For this week, most of the updates are bug fixes for @truffle/debugger. We fixed an error that could occur with the debugger when used with recent versions of Geth. Additionally we fixed a bug that would break the debugger when --url was not specified. If you want more details on what was changed feel free to check out our changelog. Hoping everyone had a great New Year and are as excited for 2022 as we are! 🎊🍾

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Bug fixes

... (truncated)

Commits

• cbbdad4 Publish
• 615e198 Publish
• 4d587fc Publish
• 6536867 Publish
• 23ec13e Use webpack from workspace node_modules for building Truffle
• d004215 root: upgrade and configure eslint*
• 8b02341 Fix problem with webpack and rx-lite-aggregates
• 90ef6d9 root: cleanup husky, prettier, lint-staged
• b381167 Publish
• 51b747b Publish
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Dependabot tried to add @artem-brazhnikov as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/rsksmart/rif-marketplace-storage/pulls/340/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the rsksmart/rif-marketplace-storage repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request

[dependabot[bot]]

Superseded by #342.