[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0

[snyk-bot]

Snyk has created this PR to upgrade web3-utils from 1.5.1 to 1.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 33 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-03-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	410/1000 Why? CVSS 8.2	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	410/1000 Why? CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	410/1000 Why? CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	410/1000 Why? CVSS 8.2	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	410/1000 Why? CVSS 8.2	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	410/1000 Why? CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	410/1000 Why? CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410/1000 Why? CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	410/1000 Why? CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3-utils

• 1.9.0 - 2023-03-20
  

  Fixed

  • Fixed skipped ws-ganache tests (#5759)
  • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
  • Fixed Error: Number can only safely store up to 53 bits (#5845)
  • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
  • Fixed Transaction type by adding missing properties (#5856)

  Changed

  • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
  • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
  • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
  • Add description to error for failed connection on websocket (#5884)

  Security

  • Updated dependencies (#5885)
• 1.9.0-rc.0 - 2023-03-07
  

  Fixed

  • Fixed skipped ws-ganache tests (#5759)
  • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
  • Fixed Error: Number can only safely store up to 53 bits (#5845)
  • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
  • Fixed Transaction type by adding missing properties (#5856)

  Changed

  • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
  • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
  • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
  • Add description to error for failed connection on websocket (#5884)

  Security

  • Updated dependencies (#5885)
• 1.8.2 - 2023-01-30
  

  Changed

  • Updated Webpack 4 to Webpack 5, more details at (#5629)
  • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
  • Updated ethereumjs-util to 7.1.5 (#5629)
  • Updated lerna 4 to version 6 (#5680)
  • Bump utils 0.12.0 to 0.12.5 (#5691)

  Fixed

  • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
  • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
  • Builds fixed by updating all typescript versions to 4.1 (#5675)

  Removed

  • clean-webpack-plugin has been removed from dev-dependencies (#5629)

  Added

  • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
  • Add readable-stream to dev-dependancies for webpack (#5629)

  Security

  • npm audit fix for libraries update (#5726)
• 1.8.2-rc.0 - 2023-01-11
  

  Changed

  • Updated Webpack 4 to Webpack 5, more details at (#5629)
  • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
  • Updated ethereumjs-util to 7.1.5 (#5629)
  • Updated lerna 4 to version 6 (#5680)
  • Bump utils 0.12.0 to 0.12.5 (#5691)

  Fixed

  • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
  • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
  • Builds fixed by updating all typescript versions to 4.1 (#5675)

  Removed

  • clean-webpack-plugin has been removed from dev-dependencies (#5629)

  Added

  • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
  • Add readable-stream to dev-dependancies for webpack (#5629)

  Security

  • npm audit fix for libraries update (#5726)
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17
• 1.7.0-rc.0 - 2021-12-09
• 1.6.1 - 2021-11-15
• 1.6.1-rc.3 - 2021-11-10
• 1.6.1-rc.2 - 2021-10-27
• 1.6.1-rc.0 - 2021-10-09
• 1.6.0 - 2021-09-30
• 1.6.0-rc.0 - 2021-09-26
• 1.5.3 - 2021-09-22
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15
• 1.5.2-rc.0 - 2021-08-15
• 1.5.1 - 2021-08-05

from web3-utils GitHub release notes

Commit messages

Package name: web3-utils

• db5f505 Build for 1.9.0
• 908604b v1.9.0
• c564ebe Build commit for 1.9.0-rc.0
• 8ae1e23 v1.9.0-rc.0
• da51334 npm i and changelog update
• 2b3fb3a Nikos/5835/websocket provider keeps important error message back (#5884)
• ef23642 dependencies updates (#5885)
• 8d369a9 Nikos/5821/transaction type fix (#5856)
• afa2943 fix types default export (#5852) (#5866)
• e4b25bf Add optional param `hex` to `getTransaction` and `getBlock`. (#5845)
• 8621030 handled "provider started to reconnect error" (#5820)
• 5009bdd Update web3-eth-accounts.rst (#5810)
• 5807398 updating ganache failing test (#5779)
• 630c048 Fix: minor typos (#5734)
• bcb918b Spelling Mistake Corrected (#5784)
• 632c5d3 1.8.2 (#5740)
• b995b9e using latest lighthouse docker image in tests (#5741)
• 16bcb63 update1xdependencies (#5727)
• 6602359 Update 1.x tests infrastructure/libs (#5671)
• 84e0f37 Bump utils (#5700)
• 3d59de2 5629/lerna (#5680)
• 885b760 adding webpack 5 (#5649)
• 85daa8a updating typescript packages (#5673)
• 12a6d6e fix firefox (#5666)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs