[Snyk] Upgrade web3 from 1.2.4 to 1.7.5 #35

wschwab · 2022-09-06T05:22:28Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.2.4 to 1.7.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 60 versions ahead of your current version.
The recommended version was released a month ago, on 2022-08-01.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Information Exposure SNYK-JS-SIMPLEGET-2361683	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Remote Memory Exposure SNYK-JS-BL-608877	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

1.7.5 - 2022-08-01
1.7.5

Changed
- Replace xhr2-cookies deps to cross-fetch for web3-providers-http (#5085)
Added
- Documentation details about maxFeePerGas and maxPriorityFeePerGas (#5121)
- Added createAccessList types in web3.eth (#5146)
Fixed
- Improving AbstractProvider interface (#5150)
- Fix typos in web3-eth-accounts.rst & TESTING.md (#5047)
- Fix remove wallet using an index when an account address and address lowercase are equal (#5049)
- Improve README.md & Fix typos (#4848)
- Add optional hex formatting parameter for getTransactionrReceipt (#5153)
- Fix transactionRoot -> transactionsRoot in BlockHeader (#5083)
- Fix Promise in Accounts.signTransaction() throwing errors that cannot be caught (#4724)
- Fixed unit tests & removed dead code for web3-providers-http (#5228)
Security
- Updated got lib version and fixed other libs using npm audit fix (#5178) (#5254)
1.7.5-rc.1 - 2022-07-19
Fixed
- Fixed unit tests & removed dead code for web3-providers-http (#5228) It fixed (#5235) and (#5236) Issues.
1.7.5-rc.0 - 2022-07-15
1.7.5-rc.0

Changed
- Replace xhr2-cookies deps to cross-fetch for web3-providers-http (#5085)
Added
- Documentation details about maxFeePerGas and maxPriorityFeePerGas (#5121)
- Added createAccessList types in web3.eth (#5146)
Fixed
- Improving AbstractProvider interface (#5150)
- Fix typos in web3-eth-accounts.rst & TESTING.md (#5047)
- Fix remove wallet using an index when an account address and address lowercase are equal (#5049)
- Improve README.md & Fix typos (#4848)
- Add optional hex formatting parameter for getTransactionrReceipt (#5153)
- Fix transactionRoot -> transactionsRoot in BlockHeader (#5083)
- Fix Promise in Accounts.signTransaction() throwing errors that cannot be caught (#4724)
Security
- Updated got lib version and fixed other libs using npm audit fix (#5178) (#5254)
New Contributors
- @ cyborgRen made their first contribution in #5145
- @ sangwon0001 made their first contribution in #5142
- @ superMDguy made their first contribution in #5116
- @ Neurone made their first contribution in #5121
- @ MujeebullahKalwar made their first contribution in #5115
1.7.4 - 2022-06-21
Fixed
- Fix dead link in web3-eth.rst (#4916)
- Fix web3-core-method throws on f.call = this.call when intrinsic is frozen (#4918) (#4938)
- Fix static tuple encoding (#4673) (#4884)
- Fix bug in handleRevert logic for eth_sendRawTransaction (#4902)
- Fix resolve type of getBlock function (#4911)
- Web3-utils BN fix (#5132)
Changed
- Replace deprecated String.prototype.substr() (#4855)
- Exporting AbiCoder as coder (#4937)
- Github build workflow updated min build for node.js 12 and tests for 12, 14 and 16 (#5014)
- Updated libraries using BN and the BN library (#5072)
Added
- Exposing web3.eth.Contract.setProvider() as per public documentation (#4822) (#5001)
- Improve npm script commands for development purposes (#4848)
Security
- npm audit fix to address vulnerabilities and update libraries (#5014)
1.7.4-rc.2 - 2022-06-16
- Web3-utils BN fix (#5132)
1.7.4-rc.1 - 2022-06-08
Changed
- Updated libraries using BN and the BN library (#5072)
1.7.4-rc.0 - 2022-05-17
Read more
1.7.3 - 2022-04-08
Fixed
- Fixing build issue of 1.7.2
1.7.3-rc.0 - 2022-04-07
Fixed
- Fixing build issue of 1.7.2
1.7.2 - 2022-04-07
Read more
1.7.2-rc.0 - 2022-03-24
1.7.1 - 2022-03-03
1.7.1-rc.0 - 2022-02-10
1.7.0 - 2022-01-17
1.7.0-rc.0 - 2021-12-09
1.6.1 - 2021-11-15
1.6.1-rc.3 - 2021-11-10
1.6.1-rc.2 - 2021-10-27
1.6.1-rc.0 - 2021-10-09
1.6.0 - 2021-09-30
1.6.0-rc.0 - 2021-09-26
1.5.3 - 2021-09-22
1.5.3-rc.0 - 2021-09-10
1.5.2 - 2021-08-15
1.5.2-rc.0 - 2021-08-15
1.5.1 - 2021-08-05
1.5.1-rc.1 - 2021-08-05
1.5.1-rc.0 - 2021-07-31
1.5.0 - 2021-07-28
1.5.0-rc.1 - 2021-07-24
1.5.0-rc.0 - 2021-07-21
1.4.0 - 2021-06-30
1.4.0-rc.0 - 2021-06-25
1.3.6 - 2021-05-14
1.3.6-rc.2 - 2021-05-13
1.3.6-rc.1 - 2021-05-09
1.3.5 - 2021-04-05
1.3.5-rc.0 - 2021-03-24
1.3.4 - 2021-02-03
1.3.4-rc.2 - 2021-01-28
1.3.4-rc.1 - 2021-01-26
1.3.3 - 2021-01-22
1.3.2 - 2021-01-21
1.3.2-rc.2 - 2021-01-21
1.3.1 - 2020-12-17
1.3.0 - 2020-09-15
1.3.0-rc.0 - 2020-09-02
1.2.11 - 2020-07-18
1.2.10 - 2020-07-17
1.2.10-rc.0 - 2020-07-09
1.2.9 - 2020-06-09
1.2.9-rc.0 - 2020-06-02
1.2.8 - 2020-05-20
1.2.8-rc.1 - 2020-05-18
1.2.8-rc.0 - 2020-05-08
1.2.7 - 2020-04-24
1.2.7-rc.0 - 2020-04-15
1.2.6 - 2020-02-02
1.2.5 - 2020-01-27
1.2.5-rc.0 - 2020-01-16
1.2.4 - 2019-11-15

from web3 GitHub release notes

Commit messages

Package name: web3

02895cb Build for 1.7.5
34f6b68 v1.7.5
195f01d Manual build commit for 1.7.5-rc.1
b640e26 v1.7.5-rc.1
96a7935 npm i
9476964 Merge branch '1.x' into release/1.7.5
84ac9b7 Fixed unit tests & removed dead code for web3-providers-http (#5228) (#5264)
2dcf142 Manual build commit for 1.7.5-rc.0
ba30e1d v1.7.5-rc.0
c93940b npm i and CHANGELOG update for 1.7.5 release
fc7bfcd 1.x Libs Update including parse-url (#5254)
ca827a7 fix Promise in Accounts.signTransaction() throwing errors that cannot be caught #4724 (#5080) (#5252)
35d8f7f Update AbstractProvider with correct typing (#5206)
57b6dc4 Add createAccessList type (#5146) (#5204)
46b5a5b fix remove wallet using an index when an account address and address lowercase are equal #5049 (#5050) (#5202)
2a1308f Fix transactionRoot -> transactionsRoot in BlockHeader (#5083) (#5197)
9e0d9d1 hexToNumber: return BigInt if result is bigger than max integer (#5157)
555aa0d web3-providers-http: Migrate from xhr2-cookies to cross-fetch (#5179)
c034b8d Update `got` dependency for `web3-bzz` package (#5178)
aae9d4a Updates on `README.md` Format (#5115)
8f05f19 Fixed documentation for web3.eth.accounts.signTransaction (#5121)
5b10473 Fix typo (#5116)
18da528 fix typos in web3-eth-accounts.rst & TESTING.md #5047 (#5048)
e9ab4a5 Typo foudn (#5142)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade web3 from 1.2.4 to 1.7.5. See this package in npm: https://www.npmjs.com/package/web3 See this project in Snyk: https://app.snyk.io/org/smart-contracts/project/f9303c98-50e2-429b-888e-7aa1d6faf2b7?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade web3 from 1.2.4 to 1.7.5 #35

[Snyk] Upgrade web3 from 1.2.4 to 1.7.5 #35

wschwab commented Sep 6, 2022

1.7.5

Changed

Added

Fixed

Security

Fixed

1.7.5-rc.0

Changed

Added

Fixed

Security

New Contributors

Fixed

Changed

Added

Security

Changed

Fixed

Fixed

[Snyk] Upgrade web3 from 1.2.4 to 1.7.5 #35

Are you sure you want to change the base?

[Snyk] Upgrade web3 from 1.2.4 to 1.7.5 #35

Conversation

wschwab commented Sep 6, 2022

Snyk has created this PR to upgrade web3 from 1.2.4 to 1.7.5.

1.7.5

Changed

Added

Fixed

Security

Fixed

1.7.5-rc.0

Changed

Added

Fixed

Security

New Contributors

Fixed

Changed

Added

Security

Changed

Fixed

Fixed