socket-security[bot]
commented
1 year ago New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| @ethersproject/providers@5.5.0 | 5.7.2...5.5.0 | None | +0/-0 |
ricmoo |
🚮 Removed packages: @ethersproject/abi@5.7.0, @ethersproject/contracts@5.7.0, @ethersproject/solidity@5.7.0, @ethersproject/wallet@5.7.0
ElvisKrop
wighawag
Hello @wighawag! First of all I would like to say thank you for such awesome open source!
I'm a developer from Protofire and right now we are helping zkSync to adjust Safe contracts repo for zkEVM.
During the development, we realised that v0.11.25 and previous versions doesn't work properly for zkEVM deployments and testing. Moreover, v0.11.26 and further releases include incompatible versions of @ethersproject/* with safe-contracts repo current dependencies.
:pray: Please, could you publish an intermediate version of hardhat-deploy with @ethersproject/* deps 5.5.0. It would help us a lot! Thanks in advance!