[Snyk] Upgrade: , ganache

[OKEAMAH]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@ganache/ethereum-options
from 0.8.0 to 0.9.2 | 3 versions ahead of your current version | 9 months ago
on 2023-12-21
ganache
from 7.4.3 to 7.9.2 | 17 versions ahead of your current version | 9 months ago
on 2023-12-21

Release notes

Package name: @ganache/ethereum-options

• 0.9.2 - 2023-12-21
• 0.9.1 - 2023-08-22
• 0.9.0 - 2023-07-05
• 0.8.0 - 2023-04-13

from @ganache/ethereum-options GitHub release notes

Package name: ganache

• 7.9.2 - 2023-12-21
  

  v7.9.2

• 7.9.1 - 2023-08-22
  

  v7.9.1

• 7.9.0 - 2023-07-05
  

   New Features   Fixes   Miscellaneous   Changelog   Known Issues   Future Plans 

  ---

  Presenting the latest version of Ganache! This release brings a couple of important bug fixes and one new feature: the ability to specify a file path for Ganache to write logs to – handy when using detach mode, where the logs are not (yet) available.

  If you have some time, we encourage you to browse our issues to find anything you'd like implemented/fixed sooner. Give them a +1 and we'll use this community feedback to help prioritize what we work on! Or better yet, open a new issue or open a PR to fix an existing issue.

  We've changed 59 files across 14 merged pull requests, tallying 2485 additions and 563 deletions, since our last release.

  ---

  

  • feat: add hardfork to cli output (#4343)
  • feat: allow logs to be written to a file by providing the --logging.file argument (#4195)

  ---

  feat: add hardfork to cli output (#4343)

  Ganache now outputs the hardfork to the console along with the rest of the startup information:

  Chain
  ==================
  Hardfork: shanghai
  Id:       1337
  

  ^{back to new features}

  feat: allow logs to be written to a file by providing the --logging.file argument (#4195)

  Introducing the ability to specify a log file for Ganache to write its logs to. No more sifting through endless terminal output to find that one critical message you need. Just provide a path to your desired log file with ganache --logging.file <path-to-log-file>, and you're all set! Now you can sit back, relax, and let Ganache do the heavy lifting while you focus on building awesome applications.

  ^{back to new features}

  ^{back to top}

  ---

  

  • fix: show a helpful message when ganache instances is executed without a subcommand (#4368)
  • fix: resolve hardfork for blocks by blocknumber and timestamp (#4455)
  • fix: add support for mergeForkIdTransition (#4463)
  • fix: ensure clique-signer for PoA networks (#4465)

  ---

  fix: show a helpful message when ganache instances is executed without a subcommand (#4368)

  When ganache instances is executed, a subcommand must be provided.
  Previously an unhelpful error was thrown, with this fix we output a simple error message, followed by the the help text for ganache instances.

  $ ganache instances
  ganache instances requires a subcommand:

  ganache instances

  Manage instances of Ganache running in detached mode.
  (Ganache can be run in detached mode by providing the --detach flag)

  Commands:
  ganache instances list List instances running in detached mode
  ganache instances stop <name> Stop the instance specified by <name>

  Options:
-?, --help Show help [boolean]


  fixes: #4360

  ^{back to fixes}

  fix: resolve hardfork for blocks by blocknumber and timestamp (#4455)

  Starting with Shanghai, hardforks are determined by timestamp, rather than block number. When resolving the hardfork to use for a given block, we now consider the blocknumber and the timestamp.
  
  fixes: #4450 (in that the correct hardfork is now resolved, which is not mergeForkIdTransition)

  See #4463

  ^{back to fixes}

  fix: add support for mergeForkIdTransition (#4463)

  Add internal support for mergeForkIdTransition "hardfork", which is presently live only on Sepolia, but assumedly will eventually happen on other networks.
  
  This doesn't add any functionality, but fixes: #4450 for transactions happening on mergeForkIdTransition hardfork.

  See #4455

  ^{back to fixes}

  fix: ensure clique-signer for PoA networks (#4465)

  Fixes #4359

  ^{back to fixes}

  ^{back to top}

  ---

  

  • docs: update contributing guide for linux (#4358)
  • chore: use localhost as hostname for docs.preview dev command (#4357)
  • test: ensure tests that are skipped in development are run in CI (#4353)
  • docs: complete macOS node-gyp troubleshooting steps in CONTRIBUTING.md (#4036)
  • perf: optimize account init logging (#4318)
  • docs: make light-mode links slightly darker to meet WCAG 2 Level AA contrast goals (#4383)
  • perf: optimize options normalization (#4317)
  • docs: preloads docs assets (#4384)

  ---

  docs: update contributing guide for linux (#4358)

  Python 2.7 is no longer a requirement to build ganache, but make is.

  ^{back to miscellaneous}

  chore: use localhost as hostname for docs.preview dev command (#4357)

  This is just to make ganache development from WSL easier.

  ^{back to miscellaneous}

  test: ensure tests that are skipped in development are run in CI (#4353)

  Previously, tests that depend on an INFURA_KEY would be skipped if it were not provided. After this change these tests will fail in CI if no INFURA_KEY is provided.
  
  Additionally, a test which was previously skipped is now run on Windows and Linux agents in Github Actions only. ( > server > listens on given interface only)

  ^{back to miscellaneous}

  docs: complete macOS node-gyp troubleshooting steps in CONTRIBUTING.md (#4036)

  Does what it says on the tin.

  ^{back to miscellaneous}

  perf: optimize account init logging (#4318)

  Minor performance improvement on startup.

  ^{back to miscellaneous}

  docs: make light-mode links slightly darker to meet WCAG 2 Level AA contrast goals (#4383)

  Changes the contrast on links on ganache.dev in light mode.

  ^{back to miscellaneous}

  perf: optimize options normalization (#4317)

  Minor performance improvement on start up.

  ^{back to miscellaneous}

  docs: preloads docs assets (#4384)

  Reduces page load time on ganache.dev by initiating downloads of assets that will get loaded from other CSS and JS files later.

  ^{back to miscellaneous}

  ^{back to top}

  ---

  

  • #4358 docs: update contributing guide for linux (@ davidmurdoch)
  • #4357 chore: use localhost as hostname for docs.preview dev command (@ davidmurdoch)
  • #4353 test: ensure tests that are skipped in development are run in CI (@ jeffsmale90)
  • #4343 feat: add hardfork to cli output (@ davidmurdoch)
  • #4368 fix: show a helpful message when ganache instances is executed without a subcommand (@ jeffsmale90)
  • #4036 docs: complete macOS node-gyp troubleshooting steps in CONTRIBUTING.md (@ OnlyOneJMJQ)
  • #4318 perf: optimize account init logging (@ davidmurdoch)
  • #4383 docs: make light-mode links slightly darker to meet WCAG 2 Level AA contrast goals (@ davidmurdoch)
  • #4317 perf: optimize options normalization (@ davidmurdoch)
  • #4195 feat: allow logs to be written to a file by providing the --logging.file argument (@ jeffsmale90)
  • #4455 fix: resolve hardfork for blocks by blocknumber and timestamp (@ jeffsmale90)
  • #4463 fix: add support for mergeForkIdTransition (@ jeffsmale90)
  • #4465 fix: ensure clique-signer for PoA networks (@ davidmurdoch)
  • #4384 docs: preloads docs assets (@ davidmurdoch)

  ^{back to top}

  ---

  

  Top Priority:

  • interactive documentation's debug_storageRangeAt doesn't work (#3203)
  • Add eth_createAccessList RPC method (#1056)

  Coming Soon™:

  • Implications failed: fork.headers -> url (#2627)
  • In Geth chain-mode, logic to accept/reject transactions based on gas price/limit should match Geth (#2176)
  • evm_mine and miner_start don't respect --mode.instamine=eager (#2029)
  • evm_setAccount* is race-conditiony (#1646)
  • @ ganache/filecoin@alpha doesn't work with ganache@alpha (#1150)
  • Launching ganache with fork is throwing revert errors when communicating with 3rd party contracts (#956)
  • Build a real pending block! (#772)
  • VM Exception when interfacing with Kyber contract (#606)
  • After calling evm_mine, eth_getLogs returns same logs for all blocks (#533)
  • personal_unlockAccount works with any password (#165)
  • --db Option Requires Same Mnemonic and Network ID (#1030)

  ^{back to top}

  ---

  

  Top Priority:

  • Accept a genesis.json file (#1042)

  Coming Soon™:

  • Switch to esbuild to make build times faster/reasonable (#1555)
  • fork specific block & specific index (#952)
  • Allow to sync forked chain to the latest block (#643)
  • Implement a streaming trace capability (#381)
  • Improve log performance when forking (#145)
  • Log contract events (#45)

  ^{back to top}

  Open new issues to influence what we gets implemented and prioritized.

  ---

  💖 The Truffle Team

• 7.8.0 - 2023-04-13
  

   New Features   Changelog   Known Issues   Future Plans 

  ---

  Introducing the newest addition to our lineup - Ganache v7.8.0! This release comes with support for the highly anticipated Shanghai hardfork.

  If you have some time, we encourage you to browse our issues to find anything you'd like implemented/fixed sooner. Give them a +1 and we'll use this community feedback to help prioritize what we work on! Or better yet, open a new issue, or open a PR to fix an existing issue.

  We've changed 84 files across 1 merged pull requests, tallying 6,243 additions and 4,642 deletions, since our last release.

  ---

  

  feat: add support for the shanghai hardfork (#4272)

  • EIP-3651: Warm COINBASE
  • EIP-3855: PUSH0 instruction
  • EIP-4895: Beacon chain push withdrawals as operations
  • EIP-6049: Deprecate SELFDESTRUCT
  • EIP-3860: Limit and meter initcode

  We've added a new option allowUnlimitedInitCodeSize to disable EIP-3860 (Limit and meter initcode) to continue to allow for uploading very large contracts. In most cases it will need to be combined with the allowUnlimitedContractSize option.

  This also fixes two bugs:

  • block size was not computed correctly (persisted databases will be updated and migrated automatically)
    • the database migration may add a one-time delay to startup when using a persistent database (--database.dbPath). This should be insignificant for the majority of cases. The migration was benchmarked with 180,000 blocks, and completed in 6.4 seconds.
  • internal "intrinsic gas" checks now correctly include accessList fees, if there are any.

  ---

  

  • #4272 feat: support shanghai hardfork (@ davidmurdoch)

  ^{back to top}

  ---

  

  Top Priority:

  • interactive documentation's debug_storageRangeAt doesn't work (#3203)
  • Add eth_createAccessList RPC method (#1056)

  Coming Soon™:

  • Implications failed: fork.headers -> url (#2627)
  • In Geth chain-mode, logic to accept/reject transactions based on gas price/limit should match Geth (#2176)
  • evm_mine and miner_start don't respect --mode.instamine=eager (#2029)
  • evm_setAccount* is race-conditiony (#1646)
  • @ ganache/filecoin@alpha doesn't work with ganache@alpha (#1150)
  • Launching ganache with fork is throwing revert errors when communicating with 3rd party contracts (#956)
  • Build a real pending block! (#772)
  • VM Exception when interfacing with Kyber contract (#606)
  • After calling evm_mine, eth_getLogs returns same logs for all blocks (#533)
  • personal_unlockAccount works with any password (#165)
  • --db Option Requires Same Mnemonic and Network ID (#1030)

  ^{back to top}

  ---

  

  Top Priority:

  • Accept a genesis.json file (#1042)

  Coming Soon™:

  • Switch to esbuild to make build times faster/reasonable (#1555)
  • fork specific block & specific index (#952)
  • Allow to sync forked chain to the latest block (#643)
  • Implement a streaming trace capability (#381)
  • Improve log performance when forking (#145)
  • Log contract events (#45)

  ^{back to top}

  Open new issues to influence what gets implemented and prioritized.

  ---

  💖 The Truffle Team

• 7.8.0-detached - 2023-06-12
• 7.7.7 - 2023-03-13
  

   Highlights   Fixes   Changelog   Known Issues   Future Plans 

  ---

  A huge thanks to @ MicaiahReid for all of his hard work making this release possible. We've had a vision to create "Interactive Documentation" for JSON-RPC since we started the Ganache rewrite back in April of 2019. This documentation had been 80% complete for well over a year, and as most of us know, it's the last 20% that is always the hardest. Micaiah revived this stalled docs initiative and took on the challenge of finishing up that last 20%; he decreased the "time to interactive" from dozens of seconds down to under 3 seconds, fixed tons of bugs, and polished up the interface (with the help of @ OnlyOneJMJQ) for a much more usable and consistent look and feel.

  We consider this a "first-pass" at interactive documentation, and we have big (top secret!) plans for this platform we hope to bring to life in the future. If you discover any issues, or have ideas on how we can improve the user experience let us know by opening a new issue.

  Scroll down to the Highlights section to learn more!

  If you have some time, we encourage you to browse our issues to find anything you'd like implemented/fixed sooner. Give them a +1 and we'll use this community feedback to help prioritize what we work on! Or better yet, open a new issue, or open a PR to fix an existing issue if you really want to get involved.

  We've changed 29 files across 1 merged pull request, tallying 18716 additions and 4094 deletions, since our last release.

  ---

  

  _{Download high-res video with audio}

  We are beyond thrilled to announce the official launch of our new interactive documentation site, ganache.dev!

  ganache.dev will be the new home of Ganache's documentation. We're starting with interactive JSON-RPC documentation, but we will be building on this platform to provide 100%-in-browser tutorials, examples, and how-to guides, in addition to this reference documentation.

  We designed ganache.dev to be useful for advanced users, but also (hopefully) easy for those new to the JSON-RPC layer of Ethereum. If you want to help improve this new "education" initiative there are a few ways you can help:

  • open an issue if you find any bugs
  • tell us your ideas by opening a new issue or start a discussion
  • improve the examples, e.g. evm_setAccountNonce
  • make it faster!
  • add @ EIP tags to RPC methods, e.g. EIP-155

  And if you really want to help, get the word out! Here's a handy link that will draft a tweet for you:

  

  

  Happy hacking!

  ^{back to top}

  ---

  

  fix: improve styling and performance for interactive docs (#4033)

  This PR:

  • fixes the slow rendering issues of the current interactive docs by lazy-loading the monaco windows as you scroll
  • fixes some bits of buggy UI/UX
  • fixes all examples from api.ts
  • fixes links to source code (they now point to code at commit hash that generated docs [note, in development you'll have to push your changes for these links to work])
  • adds color theme switcher
  • adds themes to monaco editor to allow ganache styling
  • borrows heavily from @ OnlyOneJMJQ's PR for styling (#4035)
  • improves rendering consistency for users with JS disabled
  • groups RPC methods and orders groups in a way that makes sense
  • lazy loads ganache
  • probably some other stuff

  Known Issues:

  • arguments list is one string, returns are split on colon
  • non-primitive types, like Transaction, DATA, QUANTITY, etc aren't documented
  • TypeScript types for the ganache provider is not loaded into the editors
  • The console and assert helpers in the editors are incomplete implementations (and lack types)

  ^{back to top}

  ---

  

  • #4033 fix: improve styling and performance for interactive docs (@ MicaiahReid)

  ^{back to top}

  ---

  

  Top Priority:

  • Add eth_createAccessList RPC method (#1056)

  Coming Soon™:

  • Implications failed: fork.headers -> url (#2627)
  • In Geth chain-mode, logic to accept/reject transactions based on gas price/limit should match Geth (#2176)
  • evm_mine and miner_start don't respect --mode.instamine=eager (#2029)
  • evm_setAccount* is race-conditiony (#1646)
  • @ ganache/filecoin@alpha doesn't work with ganache@alpha (#1150)
  • Launching ganache with fork is throwing revert errors when communicating with 3rd party contracts (#956)
  • Build a real pending block! (#772)
  • VM Exception when interfacing with Kyber contract (#606)
  • After calling evm_mine, eth_getLogs returns same logs for all blocks (#533)
  • personal_unlockAccount works with any password (#165)
  • --db Option Requires Same Mnemonic and Network ID (#1030)

  ^{back to top}

  ---

  

  Top Priority:

  • Accept a genesis.json file (#1042)

  Coming Soon™:

  • Switch to esbuild to make build times faster/reasonable (#1555)
  • fork specific block & specific index (#952)
  • Allow to sync forked chain to the latest block (#643)
  • Implement a streaming trace capability (#381)
  • Improve log performance when forking (#145)
  • Log contract events (#45)

  ^{back to top}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 017fa53

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@changesets/[email protected]	Transitive: environment, filesystem, shell, unsafe	+33	12.6 MB	andarist, changesets-release-bot, emmatown, ...1 more
npm/@types/[email protected]	None	0	26.1 kB	types
npm/@types/[email protected]	None	0	5.21 kB	types
npm/@types/[email protected]	None	0	82.2 kB	types
npm/@types/[email protected]	None	0	95.9 kB	types
npm/@types/[email protected]	None	0	1.72 kB	types
npm/@types/[email protected]	None	0	6.53 kB	types
npm/@types/[email protected]	None	0	78.8 kB	types
npm/@typescript-eslint/[email protected]	None	0	2.62 MB	bradzacher, jameshenry
npm/@typescript-eslint/[email protected]	None	0	18.7 kB	bradzacher, jameshenry
npm/[email protected]	None	0	27.9 kB	chaijs
npm/[email protected]	None	0	30.8 kB	onechiporenko
npm/[email protected]	None	0	506 kB	chaijs
npm/[email protected]	environment, filesystem, unsafe	+1	1.39 MB	ljharb
npm/[email protected]	None	0	11.6 kB	levibuzolic
npm/[email protected]	filesystem	0	124 kB	ryanzim
npm/[email protected]	None	0	16 kB	chaijs
npm/[email protected]	None	0	5.29 MB	cjohansen, fatso83, mantoni, ...1 more

View full report↗︎