search

staratlasmeta / factory

Star Atlas Factory for constructing Transactions targeting Solana on-chain programs
https://www.npmjs.com/package/@staratlas/factory
Apache License 2.0
37 stars 15 forks source link

[Snyk] Security upgrade @solana/web3.js from 1.91.1 to 1.91.3 #148

Closed YvesCandel closed 6 months ago

YvesCandel commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Issue | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | Improper Restriction of Operations within the Bounds of a Memory Buffer
[SNYK-JS-SOLANAWEB3JS-6647564](https://snyk.io/vuln/SNYK-JS-SOLANAWEB3JS-6647564) | No | No Known Exploit
Commit messages
Package name: @solana/web3.js The new version differs by 75 commits.
  • 77d9352 fix: bounds check
  • 5b21c65 refactor(experimental): nit: rename define to describe (#2384)
  • ce1be3f refactor(experimental): rename getScalarEnumCodec to getEnumCodec (#2383)
  • 7e86583 refactor(experimental): rename getDataEnumCodec to getDiscriminatedUnionCodec (#2382)
  • 49a764c refactor(experimental): support number and symbol discriminator values for getDataEnumCodec (#2381)
  • bf029dd refactor(experimental): support custom discriminator property for getDataEnumCodec (#2380)
  • 3c33220 Move comments about signature busting to the callsites that bust the signatures (#2386)
  • 4fbec68 Upgrade to Jest 30 (#1914)
  • 50fe84e Revert "Show no Turbo logs except when there is an error (#2366)" (#2385)
  • b566e7a Enable `require-await` linter (#2353)
  • 8af5427 Show no Turbo logs except when there is an error (#2366)
  • 478443f Validate that the public key generated from createKeyPairFromBytes() belongs to the private key (#2329)
  • 9370133 Negative error codes now get decoded correctly by the production error decoder (#2376)
  • 6135928 Split the dependency between `compile:typedefs` and the legacy library (#2370)
  • 38000cb Find all misnamed Rollup configs and fix them (#2371)
  • 6eded26 Bust the prettier cache any time any file changes (#2369)
  • c03a8d5 Strip `outputs` from the Turborepo config, because omitting it is the same as passing an empty array (#2368)
  • 99a9cbe Break the `style:fix` cache any time any file changes (#2367)
  • 4402f35 Since tests depend on _implementations_, make sure to build upstreams before running tests (#2373)
  • 94f2053 Move dependencies out of `devDependencies` where they are used in the implementation (#2375)
  • 65f262c Run `style:fix` with the new, actually working config (#2365)
  • d2c0daf Make the Prettier task behave more like your editor (#2364)
  • 5908de2 Patch `jest-runner-prettier` to work with Prettier 3 (#2363)
  • 0a19b75 Upgrade to Turbo 1.13
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/bravetarget/project/7c064dcf-4e4f-41d4-ac72-d055dd3013d0?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/bravetarget/project/7c064dcf-4e4f-41d4-ac72-d055dd3013d0?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"277cf298-9eb4-4ddc-a1cd-b3a1048e1602","prPublicId":"277cf298-9eb4-4ddc-a1cd-b3a1048e1602","dependencies":[{"name":"@solana/web3.js","from":"1.91.1","to":"1.91.3"}],"packageManager":"npm","projectPublicId":"7c064dcf-4e4f-41d4-ac72-d055dd3013d0","projectUrl":"https://app.snyk.io/org/bravetarget/project/7c064dcf-4e4f-41d4-ac72-d055dd3013d0?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SOLANAWEB3JS-6647564"],"upgrade":["SNYK-JS-SOLANAWEB3JS-6647564"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title"],"priorityScoreList":[null],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
github-actions[bot] commented 4 months ago

:tada: This PR is included in version 0.7.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket: