zkAuth icon indicating copy to clipboard operation
zkAuth copied to clipboard
Published 1 month ago verified publisher icon 3lLobo

[Snyk] Security upgrade web3-utils from 1.9.0 to 4.2.1

Open 3lLobo opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • backend/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-WEB3UTILS-6229337		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: web3-utils The new version differs by 250 commits.
  • a7bbd7a changelog updates
  • 9e5ac81 lerna version bumps
  • cf60f71 Fix unstable tests [DRAFT] (#6857)
  • edf3164 add eventemitter3 (#6823)
  • 040d3a3 fix some typos (#6863)
  • ca31f6a EIP6963 web3 provider update event (#6855)
  • 8ed041c Research (#6841)
  • bd6cc71 Fix bundle stats (#6846)
  • 0e59f28 [docs] add stripHexPrefix method to migration guide (#6843)
  • ab1b250 fix (#6842)
  • b25b883 Update CONTRIBUTING.md (#6838)
  • 35cb1b8 ens setAddress support (#6834)
  • 86447cd 6201 multi provider (#6825)
  • b4c92e1 docs: create resources page (#6824)
  • cf4b93f Web3.js Adapter for Wagmi: Documenation (#6813)
  • afece40 add link to JSON interface spec docs (#6832)
  • 95807a6 fixed broken link in README to point to correct address (#6818)
  • a2d9cb4 Completed hardhat/web3v4 tutorial (#6806)
  • c5cecaf Enable users to provide feedback page (#6815)
  • ec65468 feat: Implement eth.calculateFeeData (#6795)
  • f696e47 fix link (#6810)
  • e774646 feat: Add getMaxPriorityFeePerGas method (#6748)
  • 9023511 Updated README.md (#6804)
  • a0d4d2e Resolve test snapshot issue between node 18 vs 20 & 21 (#6794)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

3lLobo avatar Mar 24 '24 17:03 3lLobo