polymath-core icon indicating copy to clipboard operation
polymath-core copied to clipboard

Published 20 hours ago verified publisher icon PolymathNetwork

[Snyk] Upgrade web3-provider-engine from 15.0.0 to 15.0.12

Open knanjukutty-polymath opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade web3-provider-engine from 15.0.0 to 15.0.12.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 4 years ago, on 2020-05-28.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 63/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 63/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962463		 63/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 63/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 63/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: web3-provider-engine
  • 15.0.12 - 2020-05-28
  • 15.0.11 - 2020-05-28
  • 15.0.10 - 2020-05-28
  • 15.0.9 - 2020-05-26
  • 15.0.8 - 2020-05-26
  • 15.0.7 - 2020-04-15
    • Support eth_signedTypedData v3 & v4
    • Use yarn
  • 15.0.6 - 2020-02-24
  • 15.0.5 - 2020-02-24
  • 15.0.4 - 2019-10-29
  • 15.0.3 - 2019-08-20
  • 15.0.2 - 2019-08-20
  • 15.0.1 - 2019-08-20
  • 15.0.0 - 2019-03-29
from web3-provider-engine GitHub release notes
Commit messages
Package name: web3-provider-engine
  • 15bc747 15.0.12
  • bd9ff60 subp/rpc - sanitize payload to remove skipCache
  • 1d6b778 15.0.11
  • f911f68 Fix deps (#342)
  • eccdf18 15.0.10
  • d15fbf8 subp/hooked-wallet-ethtx/bugfix - fix ethereumjs tx import
  • 45262e9 15.0.9
  • eebcb6f deps - update ethereumjs-{tx,util}
  • 651116a 15.0.8
  • ff84935 simply random-id
  • d944085 Add nvmrc, yarn install (#339)
  • 4048d34 yarn upgrade to resolve security issues (#338)
  • 235040e Update package description (#337)
  • 06b443b Delete bower.json (#336)
  • d77d4e1 v15.0.7 (#335)
  • 9bcc36a Migrate to yarn (#334)
  • 58f5a0e Add support for eth_signTypedData v3 & v4 (#333)
  • 55b882b Bump acorn from 5.7.3 to 7.1.1 (#330)
  • 02d8a56 15.0.6
  • ebfc871 Merge pull request #328 from MetaMask/error-fix
  • d90857b deps - update eth-json-rpc-errors + interface
  • a9c8b24 15.0.5
  • fae46dd Merge pull request #327 from MetaMask/retry-getting-block-bodies
  • caaf92b add _getBlockByNumberWithRetry to be less fragile against infura

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

knanjukutty-polymath avatar Feb 21 '24 16:02 knanjukutty-polymath