dec-todo
dec-todo copied to clipboard
vasu-1
[Snyk] Upgrade truffle from 5.6.7 to 5.11.5
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade truffle from 5.6.7 to 5.11.5.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 32 versions ahead of your current version.
- The recommended version was released 3 months ago, on 2023-09-13.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: truffle
-
5.11.5 - 2023-09-13
Hello all! Tiny release this week, just internal improvements and dependency updates. Thanks once again to @ legobeat for getting all of these! That's it for now!
How to upgrade
We recommend upgrading to the latest version of Truffle by running:
npm uninstall -g truffle npm install -g truffleChangelog
Internal improvements
- Enforce deduped lockfile when linting dependencies (#6193 by @ legobeat)
Dependency updates
- Deduplicate all dependencies and devDependencies (#6194 by @ legobeat)
- Dedupe and lockbump ethers, ethereumjs, web3 (#6192 by @ legobeat)
- Dedupe runtime libraries (#6191 by @ legobeat)
- Dedupe devDependencies and library packages (#6188 by @ legobeat)
- 5.11.4 - 2023-09-07
- 5.11.3 - 2023-08-29
- 5.11.2 - 2023-08-04
- 5.11.1 - 2023-07-25
- 5.11.0 - 2023-07-14
- 5.10.2 - 2023-06-30
- 5.10.1 - 2023-06-23
- 5.10.0 - 2023-06-16
- 5.9.4 - 2023-06-06
- 5.9.3 - 2023-06-02
- 5.9.2 - 2023-05-25
- 5.9.1 - 2023-05-19
- 5.9.0 - 2023-05-11
- 5.9.0-visual-debugger.0 - 2023-05-12
- 5.8.4 - 2023-04-28
- 5.8.3 - 2023-04-20
- 5.8.2 - 2023-04-10
- 5.8.1 - 2023-03-17
- 5.8.0 - 2023-03-10
- 5.7.9 - 2023-03-02
- 5.7.8 - 2023-02-24
- 5.7.7 - 2023-02-17
- 5.7.6 - 2023-02-11
- 5.7.5 - 2023-02-02
- 5.7.4 - 2023-01-27
- 5.7.3 - 2023-01-13
- 5.7.2 - 2023-01-06
- 5.7.1 - 2022-12-21
- 5.7.0 - 2022-12-15
- 5.6.9 - 2022-12-08
- 5.6.8 - 2022-11-30
- 5.6.7 - 2022-11-23
Commit messages
Package name: truffle
- a26df1f Publish
- 4df99df Merge pull request #6193 from legobeat/ci-yarn-deduplicate
- 39ffb36 apply lint:fix:dependencies
- d37ed52 ci: enforce deduped lockfile when linting dependencies
- b999099 chore: add yarn lockfile deduplication package scripts using yarn-deduplicate
- 6b2a081 Merge pull request #6194 from legobeat/yarn-dedupe-full-fewer
- 0f3d963 yarn refresh lockfile
- 17536c4 yarn deduplicate fewer
- 6accdbf devDeps: yarn deduplicate readable-stream
- f322892 devDeps: yarn deduplicate object.assign
- 4fac8f1 devDeps: yarn deduplicate http-cache-semantics
- 7b2d2ff devDeps: yarn deduplicate acorn,ajv
- 6a0c3bd deps: yarn deduplicate bn.js@^5
- a82c4ad devDeps: yarn deduplicate @ types/
- f28ce63 deps: yarn dedupe strip-ansi,ansi-regex
- 9b23a59 devDeps: webpack@^5.73.0->^5.88.2
- 09ebe21 deps: yarn dedupe,lockbump apollo-server packages
- a267cab yarn dedupe graphql,tslib
- 16e723d devDeps(db,db-kit): madge@^5.0.1->6.1.0
- 3344b45 Merge pull request #6192 from legobeat/deps-bump-eth-libs
- 4372ee3 update yarn.lock after rebase
- 0625db5 Merge pull request #6191 from legobeat/deps-dedupe-libs
- 0500ff7 deps: bump/dedupe web3, ethereumjs-util packages
- 4d64055 yarn dedupe ethers
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
