[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0 #27

snyk-bot · 2023-05-09T07:41:07Z

Snyk has created this PR to upgrade web3-utils from 1.5.1 to 1.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 33 versions ahead of your current version.
The recommended version was released 2 months ago, on 2023-03-20.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Overwrite SNYK-JS-TAR-1536531	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	410/1000 Why? CVSS 8.2	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	410/1000 Why? CVSS 8.2	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	410/1000 Why? CVSS 8.2	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	410/1000 Why? CVSS 8.2	Proof of Concept
Information Exposure SNYK-JS-SIMPLEGET-2361683	410/1000 Why? CVSS 8.2	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	410/1000 Why? CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	410/1000 Why? CVSS 8.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	410/1000 Why? CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410/1000 Why? CVSS 8.2	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	410/1000 Why? CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3-utils

1.9.0 - 2023-03-20
Fixed
- Fixed skipped ws-ganache tests (#5759)
- Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
- Fixed Error: Number can only safely store up to 53 bits (#5845)
- Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
- Fixed Transaction type by adding missing properties (#5856)
Changed
- Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
- utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
- Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
- Add description to error for failed connection on websocket (#5884)
Security
- Updated dependencies (#5885)
1.9.0-rc.0 - 2023-03-07
Fixed
- Fixed skipped ws-ganache tests (#5759)
- Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
- Fixed Error: Number can only safely store up to 53 bits (#5845)
- Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
- Fixed Transaction type by adding missing properties (#5856)
Changed
- Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
- utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
- Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
- Add description to error for failed connection on websocket (#5884)
Security
- Updated dependencies (#5885)
1.8.2 - 2023-01-30
Changed
- Updated Webpack 4 to Webpack 5, more details at (#5629)
- crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
- Updated ethereumjs-util to 7.1.5 (#5629)
- Updated lerna 4 to version 6 (#5680)
- Bump utils 0.12.0 to 0.12.5 (#5691)
Fixed
- Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
- Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
- Builds fixed by updating all typescript versions to 4.1 (#5675)
Removed
- clean-webpack-plugin has been removed from dev-dependencies (#5629)
Added
- https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
- Add readable-stream to dev-dependancies for webpack (#5629)
Security
- npm audit fix for libraries update (#5726)
1.8.2-rc.0 - 2023-01-11
Changed
- Updated Webpack 4 to Webpack 5, more details at (#5629)
- crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
- Updated ethereumjs-util to 7.1.5 (#5629)
- Updated lerna 4 to version 6 (#5680)
- Bump utils 0.12.0 to 0.12.5 (#5691)
Fixed
- Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
- Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
- Builds fixed by updating all typescript versions to 4.1 (#5675)
Removed
- clean-webpack-plugin has been removed from dev-dependencies (#5629)
Added
- https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
- Add readable-stream to dev-dependancies for webpack (#5629)
Security
- npm audit fix for libraries update (#5726)
1.8.1 - 2022-11-10
1.8.1-rc.0 - 2022-10-28
1.8.0 - 2022-09-14
1.8.0-rc.0 - 2022-09-08
1.7.5 - 2022-08-01
1.7.5-rc.1 - 2022-07-19
1.7.5-rc.0 - 2022-07-15
1.7.4 - 2022-06-21
1.7.4-rc.2 - 2022-06-16
1.7.4-rc.1 - 2022-06-08
1.7.4-rc.0 - 2022-05-17
1.7.3 - 2022-04-08
1.7.3-rc.0 - 2022-04-07
1.7.2 - 2022-04-07
1.7.2-rc.0 - 2022-03-24
1.7.1 - 2022-03-03
1.7.1-rc.0 - 2022-02-10
1.7.0 - 2022-01-17
1.7.0-rc.0 - 2021-12-09
1.6.1 - 2021-11-15
1.6.1-rc.3 - 2021-11-10
1.6.1-rc.2 - 2021-10-27
1.6.1-rc.0 - 2021-10-09
1.6.0 - 2021-09-30
1.6.0-rc.0 - 2021-09-26
1.5.3 - 2021-09-22
1.5.3-rc.0 - 2021-09-10
1.5.2 - 2021-08-15
1.5.2-rc.0 - 2021-08-15
1.5.1 - 2021-08-05

from web3-utils GitHub release notes

Commit messages

Package name: web3-utils

db5f505 Build for 1.9.0
908604b v1.9.0
c564ebe Build commit for 1.9.0-rc.0
8ae1e23 v1.9.0-rc.0
da51334 npm i and changelog update
2b3fb3a Nikos/5835/websocket provider keeps important error message back (#5884)
ef23642 dependencies updates (#5885)
8d369a9 Nikos/5821/transaction type fix (#5856)
afa2943 fix types default export (#5852) (#5866)
e4b25bf Add optional param `hex` to `getTransaction` and `getBlock`. (#5845)
8621030 handled "provider started to reconnect error" (#5820)
5009bdd Update web3-eth-accounts.rst (#5810)
5807398 updating ganache failing test (#5779)
630c048 Fix: minor typos (#5734)
bcb918b Spelling Mistake Corrected (#5784)
632c5d3 1.8.2 (#5740)
b995b9e using latest lighthouse docker image in tests (#5741)
16bcb63 update1xdependencies (#5727)
6602359 Update 1.x tests infrastructure/libs (#5671)
84e0f37 Bump utils (#5700)
3d59de2 5629/lerna (#5680)
885b760 adding webpack 5 (#5649)
85daa8a updating typescript packages (#5673)
12a6d6e fix firefox (#5666)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade web3-utils from 1.5.1 to 1.9.0. See this package in npm: https://www.npmjs.com/package/web3-utils See this project in Snyk: https://app.snyk.io/org/debuggineffect/project/c2de53b7-3344-421d-814e-ea0825bfa660?utm_source=github&utm_medium=referral&page=upgrade-pr

BitcoinOutput mentioned this pull request May 2, 2024

[Snyk] Upgrade ethereum-bloom-filters from 1.0.10 to 1.1.0 #258

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0 #27

[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0 #27

Uh oh!

snyk-bot commented May 9, 2023

Fixed

Changed

Security

Fixed

Changed

Security

Changed

Fixed

Removed

Added

Security

Changed

Fixed

Removed

Added

Security

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0 #27

Are you sure you want to change the base?

[Snyk] Upgrade web3-utils from 1.5.1 to 1.9.0 #27

Uh oh!

Conversation

snyk-bot commented May 9, 2023

Snyk has created this PR to upgrade web3-utils from 1.5.1 to 1.9.0.

Fixed

Changed

Security

Fixed

Changed

Security

Changed

Fixed

Removed

Added

Security

Changed

Fixed

Removed

Added

Security

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants