Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade web3 from 1.10.1 to 4.0.3 #20

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade web3 from 1.10.1 to 4.0.3 #20

wants to merge 1 commit into from

Conversation

Woodpile37
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade web3 from 1.10.1 to 4.0.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 32 versions ahead of your current version.
  • The recommended version was released a month ago, on 2023-07-11.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 432/1000
Why? Proof of Concept exploit, CVSS 6.5		 Proof of Concept
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 432/1000
Why? Proof of Concept exploit, CVSS 6.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 432/1000
Why? Proof of Concept exploit, CVSS 6.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: web3
  • 4.0.3 - 2023-07-11

    Fixed

    web3

    • Fixed bug #6236 by adding personal type in web3.eth (#6245)

    web3-rpc-methods

    web3-types

    • type Filter includes blockHash (#6206)

    web3-utils

    • BigInts pass validation within the method numberToHex (#6206)

    Changed

    web3-core

    • Dependencies updated

    web3-errors

    • Dependencies updated

    web3-eth

    • Dependencies updated

    web3-eth-abi

    • Dependencies updated

    web3-eth-accounts

    • Dependencies updated

    web3-eth-contract

    • Dependencies updated

    web3-eth-ens

    • Dependencies updated

    web3-eth-iban

    • Dependencies updated

    web3-eth-personal

    • Dependencies updated

    web3-net

    • Dependencies updated

    web3-providers-http

    • Dependencies updated

    web3-providers-ipc

    • Dependencies updated

    web3-providers-ws

    • Dependencies updated

    web3-validator

    • Dependencies updated
  • 4.0.3-dev.d12dc7e.0 - 2023-06-27
  • 4.0.3-dev.a26a888.0 - 2023-06-27
  • 4.0.3-dev.602dada.0 - 2023-07-03
  • 4.0.2 - 2023-06-27

    Fixed

    web3

    • Fixed bug #6185, now web3.js compiles on typescript v5 (#6195)
    • Fixed #6162 @ types/ws issue (#6205)

    web3-core

    • Fixed Batch requests erroring out on one request (#6164)
    • Fixed the issue: Subscribing to multiple blockchain events causes every listener to be fired for every registered event (#6210)
    • Fixed the issue: Unsubscribe at a Web3Subscription class will still have the id of the subscription at the Web3SubscriptionManager (#6210)
    • Fixed the issue: A call to the provider is made for every subscription object (#6210)

    web3-eth-abi

    • Support for "decoding" indexed string event arguments (returns the keccak256 hash of the string value instead of the actual string value) (#6167)

    web3-eth-accounts

    • Fixed "The r and s returned by signTransaction to does not always consist of 64 characters #6207" (#6216)

    web3-eth-contract

    • Event filtering using non-indexed and indexed string event arguments (#6167)

    web3-eth-ens

    • Fixed bug #6185, now web3.js compiles on typescript v5 (#6195)

    web3-providers-ws

    web3-types

    • Fixed bug #6185, now web3.js compiles on typescript v5 (#6195)

    Added

    web3

    • Exported Web3Context, Web3PluginBase, Web3EthPluginBase from 'web3-core', and Web3Validator from 'web3-validator' (#6165)

    web3-core

    • Web3Subscription constructor accept a Subscription Manager (as an alternative to accepting Request Manager that is now marked marked as deprecated) (#6210)

    web3-types

    • Added the SimpleProvider interface which has only request(args) method that is compatible with EIP-1193 (#6210)
    • Added the Eip1193EventName type that contains the possible events names according to EIP-1193 (#6210)

    Changed

    web3-core

    • Web3Subscription constructor overloading that accept a Request Manager is marked as deprecated (#6210)

    web3-errors

    • Dependencies updated

    web3-eth

    • Dependencies updated

    web3-eth-iban

    • Dependencies updated

    web3-eth-personal

    • Dependencies updated

    web3-net

    • Dependencies updated

    web3-providers-http

    • Dependencies updated

    web3-providers-ipc

    • Dependencies updated

    web3-rpc-methods

    • Dependencies updated

    web3-types

    • The EIP1193Provider class has now all the events (for on and removeListener) according to EIP-1193 (#6210)

    web3-utils

    • Dependencies updated

    web3-validator

    • Dependencies updated
  • 4.0.2-dev.f8a2533.0 - 2023-06-10
  • 4.0.2-dev.e8d579c.0 - 2023-06-24
  • 4.0.2-dev.af57eae.0 - 2023-06-09
  • 4.0.2-dev.ab0f4cb.0 - 2023-06-20
  • 4.0.2-dev.a2a232f.0 - 2023-06-21
  • 4.0.2-dev.60b8ba9.0 - 2023-06-27
  • 4.0.2-dev.51a59f9.0 - 2023-06-21
  • 4.0.2-dev.3f49e18.0 - 2023-06-24
  • 4.0.2-dev.2130d22.0 - 2023-06-15
  • 4.0.2-dev.023f02d.0 - 2023-06-20
  • 4.0.1 - 2023-06-07

    Web3.js 4.0.1 is written in TypeScript and has many exciting features such as:

    • Easy extensibility ( with web3 Plugins feature. example: Chainlink Plugin )
    • In compliance with ETH EL Specification
    • Dynamic Contract Typing
    • Native typescript
    • ESM CJS native builds
    • 85%+ test coverage
    • Custom data formatting feature
    • Reduced package size
    • New packages ( web3-types, web3-errors, web3-validator, web3-rpc-methods )
    • Validation functionality using schema

    Documentation:

    Detailed List of changes are mentioned under:

    If there are any bugs, improvements, optimizations or any new feature proposal feel free to create github issue, or post a pull request for contributions.

  • 4.0.1-rc.2 - 2023-06-05
    Read more
  • 4.0.1-rc.1 - 2023-04-20
  • 4.0.1-rc.0 - 2023-03-10
  • 4.0.1-alpha.5 - 2023-01-14
  • 4.0.1-alpha.4 - 2023-01-12
  • 4.0.1-alpha.3 - 2023-01-05
  • 4.0.1-alpha.2 - 2022-12-09
  • 4.0.1-alpha.1 - 2022-11-03
  • 4.0.1-alpha.0 - 2022-08-25
  • 4.0.0-alpha.0 - 2022-08-24
  • 3.0.0-rc.5 - 2021-07-02
  • 3.0.0-rc.4 - 2021-04-27
  • 3.0.0-rc.1 - 2021-04-23
  • 3.0.0-rc.0 - 2021-04-09
  • 2.0.0-alpha.1 - 2019-08-06
  • 2.0.0-alpha - 2019-07-13
  • 1.10.1 - 2023-08-14

    Fixed

    • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
    • ABI encoding for large negative ints (#6239)
    • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

    Changed

    • Replace ethereumjs-util with @ ethereumjs/util (#6283)
from web3 GitHub release notes
Commit messages
Package name: web3
  • bce9a8b changelog updates
  • f943f59 version bumps 4.0.3
  • 602dada Eth personal in web3.eth (#6245)
  • d12dc7e allow getpastlogs to accept bn and numbers (#6219)
  • a26a888 Release/4.0.2 (#6226)
  • 60b8ba9 Add tests for using `int`s in contracts, and test case for `web3-eth-abi`'s `encodeFunctionCall` (#6221)
  • 3f49e18 Ensure `r` and `s` returned by `signTransaction` to have 64 character (#6216)
  • e8d579c Refactor subscription's logic (#6210)
  • 51a59f9 Few touches on the Plugin Guid (#6182)
  • a2a232f Add `.on('error')` test for reverted contract methods (#6194)
  • 023f02d fix: add 'receive' to FragmentTypes (#6204)
  • ab0f4cb added ws types in dep (#6205)
  • 2130d22 TS v5 support (#6195)
  • f8a2533 6164 batch request fix (#6166)
  • af57eae Revert "add `from-package` to `learna publish` for canary (#6172)" (#6179)
  • 8f323e7 add `from-package` to `learna publish` for canary (#6172)
  • 312761f Fix broken link to migration for 1.X (#6174)
  • 3e7f004 Event filtering using non/indexed string arguments (#6167)
  • e2a64f8 Update the Plugin documentation (#6165)
  • 5d37d01 Init simple overload contract test (#6140)
  • 6192d6f fix canary [Snyk] Security upgrade @nestjs/cli from 8.2.4 to 9.3.0 #2 (#6159)
  • 7089236 Release/4.0.1 (#6158)
  • 4358140 Release/4.0.1 rc.2 (#6152)
  • cdc2835 fix canary auth (#6151)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@changeset-bot
Copy link

changeset-bot bot commented Aug 20, 2023

⚠️ No Changeset found

Latest commit: d17f5f4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Woodpile37 @snyk-bot