dec-todo icon indicating copy to clipboard operation
dec-todo copied to clipboard

Published 20 hours ago verified publisher icon vasu-1

[Snyk] Security upgrade truffle from 5.6.7 to 5.10.1

Open 0xvashishth opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: truffle The new version differs by 250 commits.
  • 854a564 Publish
  • 5483e17 Merge pull request #6050 from trufflesuite/newtable
  • f193115 Merge pull request #6049 from trufflesuite/overtaken-by-events
  • 6b22766 Merge pull request #6118 from trufflesuite/fix-test
  • 4308cde Merge pull request #6121 from trufflesuite/dependabot/npm_and_yarn/semver-7.5.2
  • a29101b Merge pull request #6120 from trufflesuite/no-test-cronos
  • 2f009e9 Bump semver from 5.7.1 to 7.5.2
  • 76d3687 Remove cronos testnet from etherscan fetcher
  • 75c62b3 Update ENS tests to 0.8.20
  • 74118cb Re-add viaIR decoding tests, now in separate directory
  • 9f9ce14 Increase Solidity version in Decoder tests to 0.8.20
  • d864008 Revert "Update internal function degradation test to remove more info"
  • ebbcaf7 Revert "Up timeouts on decoder test setup"
  • 8723fcd Revert "Set decoder tests to use 0.8.20 and viaIR"
  • 3eba98a handle case when a user uses @ truffle/test without core
  • f27dfd6 Merge pull request #6116 from trufflesuite/no-magic-prefix
  • 3a2cc03 codec-components: Add missing injected nodes usage
  • 2587fdb Merge pull request #6117 from trufflesuite/zora
  • c54971f Add zora network to Sourcify fetcher
  • 2a9cf32 Move magic variable prefix to tooltip
  • faa8ee7 Merge pull request #6114 from trufflesuite/up-hardhat-timeout-again
  • 686e569 Remove now-unnecessary scripts
  • 6dca9c2 Delete unused test fixtures
  • 1f1f915 Remove unnecessary test

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

0xvashishth avatar Jun 25 '23 16:06 0xvashishth