polymath-core
polymath-core copied to clipboard
Published
20 hours ago •
PolymathNetwork
PolymathNetwork
[Snyk] Upgrade web3 from 1.2.0 to 1.10.3
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade web3 from 1.2.0 to 1.10.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 79 versions ahead of your current version.
- The recommended version was released 4 months ago, on 2023-10-18.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Remote Memory Exposure SNYK-JS-BL-608877 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
|
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
No Known Exploit |
|
Prototype Pollution SNYK-JS-COPYPROPS-1082870 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
|
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
|
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
|
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
 |
Validation Bypass SNYK-JS-KINDOF-537849 |
199/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00147, Social Trends: No, Days since published: 1272, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 2.26, Score Version: V5 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: web3
-
1.10.3 - 2023-10-18
Security
-
1.10.3-dev.0 - 2023-10-16
Security
( Considering discussion about release tags , v1 will follow tags:
- legacy ( for v1 releases )
- legacy-dev ( for v1 test/RC releases, this will replace rc tag)
-
1.10.2 - 2023-08-28
Fixed
- Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
-
1.10.1 - 2023-08-14
Fixed
- Builds fixed by updating all typescript versions to 4.9.5 (#6238)
- ABI encoding for large negative
ints (#6239) - Updated type file for
submitWorkparameters, accepts 3 parameters instead of an array (#5200)
Changed
- Replace ethereumjs-util with @ ethereumjs/util (#6283)
-
1.10.1-rc.0 - 2023-08-08
Fixed
- Builds fixed by updating all typescript versions to 4.9.5 (#6238)
- ABI encoding for large negative
ints (#6239) - Updated type file for
submitWorkparameters, accepts 3 parameters instead of an array (#5200)
Changed
- Replace ethereumjs-util with @ ethereumjs/util (#6283)
- 1.10.0 - 2023-05-10
- 1.10.0-rc.0 - 2023-05-02
- 1.9.0 - 2023-03-20
- 1.9.0-rc.0 - 2023-03-07
- 1.8.2 - 2023-01-30
- 1.8.2-rc.0 - 2023-01-11
- 1.8.1 - 2022-11-10
- 1.8.1-rc.0 - 2022-10-28
- 1.8.0 - 2022-09-14
- 1.8.0-rc.0 - 2022-09-08
- 1.7.5 - 2022-08-01
- 1.7.5-rc.1 - 2022-07-19
- 1.7.5-rc.0 - 2022-07-15
- 1.7.4 - 2022-06-21
- 1.7.4-rc.2 - 2022-06-16
- 1.7.4-rc.1 - 2022-06-08
- 1.7.4-rc.0 - 2022-05-17
- 1.7.3 - 2022-04-08
- 1.7.3-rc.0 - 2022-04-07
- 1.7.2 - 2022-04-07
- 1.7.2-rc.0 - 2022-03-24
- 1.7.1 - 2022-03-03
- 1.7.1-rc.0 - 2022-02-10
- 1.7.0 - 2022-01-17
- 1.7.0-rc.0 - 2021-12-09
- 1.6.1 - 2021-11-15
- 1.6.1-rc.3 - 2021-11-10
- 1.6.1-rc.2 - 2021-10-27
- 1.6.1-rc.0 - 2021-10-09
- 1.6.0 - 2021-09-30
- 1.6.0-rc.0 - 2021-09-26
- 1.5.3 - 2021-09-22
- 1.5.3-rc.0 - 2021-09-10
- 1.5.2 - 2021-08-15
- 1.5.2-rc.0 - 2021-08-15
- 1.5.1 - 2021-08-05
- 1.5.1-rc.1 - 2021-08-05
- 1.5.1-rc.0 - 2021-07-31
- 1.5.0 - 2021-07-28
- 1.5.0-rc.1 - 2021-07-24
- 1.5.0-rc.0 - 2021-07-21
- 1.4.0 - 2021-06-30
- 1.4.0-rc.0 - 2021-06-25
- 1.3.6 - 2021-05-14
- 1.3.6-rc.2 - 2021-05-13
- 1.3.6-rc.1 - 2021-05-09
- 1.3.5 - 2021-04-05
- 1.3.5-rc.0 - 2021-03-24
- 1.3.4 - 2021-02-03
- 1.3.4-rc.2 - 2021-01-28
- 1.3.4-rc.1 - 2021-01-26
- 1.3.3 - 2021-01-22
- 1.3.2 - 2021-01-21
- 1.3.2-rc.2 - 2021-01-21
- 1.3.1 - 2020-12-17
- 1.3.0 - 2020-09-15
- 1.3.0-rc.0 - 2020-09-02
- 1.2.11 - 2020-07-18
- 1.2.10 - 2020-07-17
- 1.2.10-rc.0 - 2020-07-09
- 1.2.9 - 2020-06-09
- 1.2.9-rc.0 - 2020-06-02
- 1.2.8 - 2020-05-20
- 1.2.8-rc.1 - 2020-05-18
- 1.2.8-rc.0 - 2020-05-08
- 1.2.7 - 2020-04-24
- 1.2.7-rc.0 - 2020-04-15
- 1.2.6 - 2020-02-02
- 1.2.5 - 2020-01-27
- 1.2.5-rc.0 - 2020-01-16
- 1.2.4 - 2019-11-15
- 1.2.3 - 2019-11-14
- 1.2.2 - 2019-10-23
- 1.2.1 - 2019-08-06
- 1.2.0 - 2019-07-23
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
