Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency web3-utils to v4 [SECURITY] - autoclosed #194

Closed
wants to merge 1 commit into from
Closed

Update dependency web3-utils to v4 [SECURITY] - autoclosed #194

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 26, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
web3-utils ^1.3.0 -> ^4.0.0 age adoption passing confidence

web3-utils Prototype Pollution vulnerability

CVE-2024-21505 / GHSA-87qp-7cw8-8q9c

More information

Details

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge.
An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

ChainSafe/web3.js (web3-utils)

v4.2.1

Compare Source

Fixed
web3-eth-abi
  • Bug fix of ERR_UNSUPPORTED_DIR_IMPORT in ABI (#​6535)
Changed
web3-eth-contract
  • Dependencies updated
web3-eth
  • Dependencies updated
web3-eth-ens
  • Dependencies updated
web3-eth-personal
  • Dependencies updated

v4.2.0

Compare Source

Added
web3
  • Various web3 sub packages has new functions details are in root changelog
web3-eth
  • Added ALL_EVENTS and ALL_EVENTS_ABI constants, SendTransactionEventsBase type, decodeEventABI method (#​6410)
web3-eth-accounts
  • Added public function privateKeyToPublicKey
  • Added exporting BaseTransaction from the package (#​6493)
  • Added exporting txUtils from the package (#​6493)
web3-types
  • Interface EventLog was added. (#​6410)
web3-utils
  • As a replacment of the node EventEmitter, a custom EventEmitter has been implemented and exported. (#​6398)
Fixed
web3-core
  • Fix the issue: "Uncaught TypeError: Class extends value undefined is not a constructor or null #​6371". (#​6398)
web3-errors
  • Added new SchemaFormatError (#​6434)
web3-eth
  • Ensure provider.supportsSubscriptions exists before watching by subscription (#​6440)
  • Fixed param sent to checkRevertBeforeSending in sendSignedTransaction
  • Fixed defaultTransactionBuilder for value issue (#​6509)
web3-eth-abi
  • Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number #​6187" (#​6506)
web3-eth-accounts
  • Fixed recover function, v will be normalized to value 0,1 (#​6344)
web3-providers-http
web3-providers-ipc
  • Fixed bug in chunks processing logic (#​6496)
web3-providers-ws
  • Fixed bug in chunks processing logic (#​6496)
web3-utils
  • Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number #​6187" (#​6506)
  • Fixed bug in chunks processing logic (#​6496)
web3-validator
  • Multi-dimensional arrays are now handled properly when parsing ABIs (#​6435)
  • Fix issue with default config with babel (and React): "TypeError: Cannot convert a BigInt value to a number #​6187" (#​6506)
  • Validator will now properly handle all valid numeric type sizes: intN / uintN where 8 <= N <= 256 and N % 8 == 0 (#​6434)
  • Will now throw SchemaFormatError when unsupported format is passed to convertToZod method (#​6434)
Changed
web3
  • Dependencies updated
web3-core
  • defaultTransactionType is now type 0x2 instead of 0x0 (#​6282)
  • Allows formatter to parse large base fee (#​6456)
  • The package now uses EventEmitter from web3-utils that works in node envrioment as well as in the browser. (#​6398)
web3-eth
  • Transactions will now default to type 2 transactions instead of type 0, similar to 1.x version. (#​6282)
web3-eth-contract
  • The events property was added to the receipt object (#​6410)
web3-eth-ens
  • Dependencies updated
web3-eth-iban
  • Dependencies updated
web3-eth-personal
  • Dependencies updated
web3-net
  • Dependencies updated
web3-providers-http
  • Bump cross-fetch to version 4 (#​6463).
web3-rpc-methods
  • Dependencies updated

v4.1.1

Compare Source

Added
web3
  • To fix issue #​6190, added the functionality to introduce different timeout value for Web3. (#​6336)
web3-core
  • To fix issue #​6190, added the functionality to introduce different timeout value for Web3. (#​6336)
web3-eth-contract
  • In case of error events there will be inner error also available for details
Fixed
web3-eth
  • Added return type for formatSubscriptionResult in class NewHeadsSubscription (#​6368)
web3-core
  • Fixed rpc errors not being sent as an inner error when using the send method on request manager (#​6300).
web3-errors
web3-eth-contract
  • Fixed bug in contract.events.allEvents
web3-validator
Changed
web3-eth-abi
  • Dependencies updated
web3-eth-accounts
  • Dependencies updated
web3-eth-ens
  • Dependencies updated
web3-eth-iban
  • Dependencies updated
web3-eth-personal
  • Dependencies updated
web3-net
  • Dependencies updated
web3-providers-http
  • Dependencies updated
web3-providers-ipc
  • Dependencies updated
web3-providers-ws
  • Dependencies updated
web3-rpc-methods
  • Dependencies updated
web3-types
  • Dependencies updated
web3-utils
  • Dependencies updated

v4.1.0

Compare Source

Added
web3
  • Added minimum support of web3.extend function
web3-core
  • Added minimum support of web3.extend function
web3-errors
  • RpcErrorMessages that contains mapping for standard RPC Errors and their messages. (#​6230)
  • created TransactionGasMismatchInnerError for clarity on the error in TransactionGasMismatchError (#​6215)
  • created MissingGasInnerError for clarity on the error in MissingGasError (#​6215)
web3-eth
  • A rpc_method_wrapper (signTypedData) for the rpc calls eth_signTypedData and eth_signTypedData_v4 (#​6286)
  • A signTypedData method to the Web3Eth class (#​6286)
web3-eth-abi
  • A getEncodedEip712Data method that takes an EIP-712 typed data object and returns the encoded data with the option to also keccak256 hash it (#​6286)
web3-rpc-methods
  • A signTypedData method to eth_rpc_methods for the rpc calls eth_signTypedData and eth_signTypedData_v4 (#​6286)
web3-types
  • eth_signTypedData and eth_signTypedData_v4 to web3_eth_execution_api (#​6286)
  • Eip712TypeDetails and Eip712TypedData to eth_types (#​6286)
web3-validator
  • Added json-schema as a main json schema type (#​6264)
Fixed
web3-core
  • Fixed the issue: "Version 4.x does not fire connected event for subscriptions. #​6252". (#​6262)
web3-errors
  • Fixed: "'disconnect' in Eip1193 provider must emit ProviderRpcError #​6003".(#​6230)
web3-eth
  • sendTransaction will have gas filled by default using method estimateGas unless transaction builder options.fillGas is false. (#​6249)
  • Missing blockHeaderSchema properties causing some properties to not appear in response of newHeads subscription (#​6243)
  • Missing blockHeaderSchema properties causing some properties to not appear in response of newHeads subscription (#​6243)
web3-providers-ws
Changed
web3-core
  • No need to pass CommonSubscriptionEvents & at every child class of Web3Subscription (#​6262)
  • Implementation of _processSubscriptionResult and _processSubscriptionError has been written in the base class Web3Subscription and maid public. (#​6262)
  • A new optional protected method formatSubscriptionResult could be used to customize data formatting instead of re-implementing _processSubscriptionResult. (#​6262)
  • No more needed to pass CommonSubscriptionEvents & for the first generic parameter of Web3Subscription when inheriting from it. (#​6262)
web3-eth
  • MissingGasError error message changed for clarity (#​6215)
  • input and data are no longer auto populated for transaction objects if they are not present. Instead, whichever property is provided by the user is formatted and sent to the RPC provider. Transaction objects returned from RPC responses are still formatted to contain both input and data properties (#​6294)
web3-eth-accounts
  • Dependencies updated
web3-eth-contract
  • Dependencies updated
web3-eth-ens
  • Dependencies updated
web3-eth-iban
  • Dependencies updated
web3-eth-personal
  • Dependencies updated
web3-net
  • Dependencies updated
web3-providers-http
  • Dependencies updated
web3-providers-ipc
  • Dependencies updated
web3-types
  • input and data are now optional properties on PopulatedUnsignedBaseTransaction (previously input was a required property, and data was not available) (#​6294)
web3-utils
  • Dependencies updated
web3-validator
  • Replace is-my-json-valid with zod dependency. Related code was changed (#​6264)
  • Types ValidationError and JsonSchema were changed (#​6264)
Removed
web3-eth
  • Missing blockHeaderSchema properties causing some properties to not appear in response of newHeads subscription (#​6243)
  • Type RawValidationError was removed (#​6264)
web3-validator
  • Type RawValidationError was removed (#​6264)

v4.0.7

Compare Source

v4.0.6

Compare Source

v4.0.5

Compare Source

v4.0.4

Compare Source

v4.0.3

Compare Source

Fixed
web3
web3-rpc-methods
web3-types
  • type Filter includes blockHash (#​6206)
web3-utils
  • BigInts pass validation within the method numberToHex (#​6206)
Changed
web3-core
  • Dependencies updated
web3-errors
  • Dependencies updated
web3-eth
  • Dependencies updated
web3-eth-abi
  • Dependencies updated
web3-eth-accounts
  • Dependencies updated
web3-eth-contract
  • Dependencies updated
web3-eth-ens
  • Dependencies updated
web3-eth-iban
  • Dependencies updated
web3-eth-personal
  • Dependencies updated
web3-net
  • Dependencies updated
web3-providers-http
  • Dependencies updated
web3-providers-ipc
  • Dependencies updated
web3-providers-ws
  • Dependencies updated
web3-validator
  • Dependencies updated

v4.0.2

Compare Source

Fixed
web3
web3-core
  • Fixed Batch requests erroring out on one request (#​6164)
  • Fixed the issue: Subscribing to multiple blockchain events causes every listener to be fired for every registered event (#​6210)
  • Fixed the issue: Unsubscribe at a Web3Subscription class will still have the id of the subscription at the Web3SubscriptionManager (#​6210)
  • Fixed the issue: A call to the provider is made for every subscription object (#​6210)
web3-eth-abi
  • Support for "decoding" indexed string event arguments (returns the keccak256 hash of the string value instead of the actual string value) (#​6167)
web3-eth-accounts
  • Fixed "The r and s returned by signTransaction to does not always consist of 64 characters #​6207" (#​6216)
web3-eth-contract
  • Event filtering using non-indexed and indexed string event arguments (#​6167)
web3-eth-ens
web3-providers-ws
web3-types
Added
web3
  • Exported Web3Context, Web3PluginBase, Web3EthPluginBase from 'web3-core', and Web3Validator from 'web3-validator' (#​6165)
web3-core
  • Web3Subscription constructor accept a Subscription Manager (as an alternative to accepting Request Manager that is now marked marked as deprecated) (#​6210)
web3-types
  • Added the SimpleProvider interface which has only request(args) method that is compatible with EIP-1193 (#​6210)
  • Added the Eip1193EventName type that contains the possible events names according to EIP-1193 (#​6210)
Changed
web3-core
  • Web3Subscription constructor overloading that accept a Request Manager is marked as deprecated (#​6210)
web3-errors
  • Dependencies updated
web3-eth
  • Dependencies updated
web3-eth-iban
  • Dependencies updated
web3-eth-personal
  • Dependencies updated
web3-net
  • Dependencies updated
web3-providers-http
  • Dependencies updated
web3-providers-ipc
  • Dependencies updated
web3-rpc-methods
  • Dependencies updated
web3-types
  • The EIP1193Provider class has now all the events (for on and removeListener) according to EIP-1193 (#​6210)
web3-utils
  • Dependencies updated
web3-validator
  • Dependencies updated

v4.0.1

Fixed
  • Dependency tree cannot be resolved by Yarn due to old deprecated packages picked by yarn - fixed (#​5382)

v4.0.0

Note: Yarn is resolving to some old deprecated package versions for 4.0.0-alpha.0 instead of latest alpha versions. A patch bump is posted so yarn users
should use 4.0.1-alpha.0 for testing.

Added
web3-errors
  • web3-errors new package is created, it has Web3 Error codes and classes
web3-types
  • web3-types new package is created, it provides the common data structures and interfaces for web3 modules
web3-validator
  • web3-validator new package is created, it has JSON-Schema compatible validator functionality for Web3
Removed
web3-bzz
  • This Package is deprecated
web3-shh
  • This Package is deprecated
web3-core-helpers
  • This Package is removed, errors are moved to web3-errors package and formatters are moved in web3-core package
web3-core-method
  • This Package is removed, and web3-core-method functionality is moved to web3-eth package
web3-core-promieevent
  • This Package is removed, and core promi events functionality is moved to web3-core package
web3-core-requestmanager
  • This Package is removed, batch requests and request manager functionality is moved to web3-core package
web3-core-subscription
  • This Package is removed, and core subscription functionality is moved to web3-core package
Changed
web3
  • Passing callbacks to functions is no longer supported, except for event listeners.
  • Method extend is deprecated
web3-core
  • The function outputBigNumberFormatter in web3-core-helper renamed to outputBigIntFormatter under web3-core
  • Removed this.defaultBlock context from inputDefaultBlockNumberFormatter in web3-core-helper and converted to additional parameter
  • Removed this.defaultBlock context from inputTransactionFormatter in web3-core-helper and converted to additional parameter
web3-utils
  • The following functions soliditySha3 soliditySha3Raw encodePacked now includes type validation and requires type specification, instead of guessing the value type
  • The functions soliditySha3, soliditySha3Raw and encodePacked did not support BN; But, now supports BigInt
  • The functions flattenTypes and jsonInterfaceMethodToString moved to the web3-eth-abi package
  • The function isAddress now includes an optional parameter checkChecksum type boolean
  • isBoolean now accept 1, and 0 as valid values to test. Ref: web3-validator
web3-eth-accounts
  • create function does not take in the optional parameter entropy
  • Wallet.create function doesn't accept entropy param
web3-validator
  • isBoolean now accept 1, and 0 as valid values to test.
web3-eth-contract
  • Event logs do not support types for indexed properties, but named properties are supported.
  • Types for overloaded ABI functions are not yet supported.
  • signTransaction will not fill any default values, and it will only sign and return result. For filling default values, use web3-eth package
  • recover function's last param is boolean hashed, it is used to indicate if data provided is already hashed or not. By default, this function will assume data is not hashed.
  • The Wallet no longer supports address/number indexing. Have to use wallet.get instead.
  • Wallet.create function doesn't accept entropy param
  • contract.method.send() will resolve to transaction receipt instead of transactionHash. User can use receipt.transactionHash instead.
web3-net
  • Package will not support web3.bzz.net and web3.shh.net
web3-eth-iban
  • IBAN constructor now has validation checks for indirect/direct iban.
  • isDirect, isValid, isIndirect are now also included as static methods.
web3-eth-ens
web3-eth-abi
  • internalType was renamed to baseType in all abi types
web3-eth
  • givenProvider default value is undefined
  • defaultHardfork default value is 'london'
  • defaultAccount default value is undefined
  • defaultNetworkId default value is undefined
  • When sending a transaction, if Ethereum Node does not respond within transactionSendTimeout, throw an Error.
web3-eth-subscribe
  • clearSubscriptions Instead of returning true , clearSubscriptions now returns array of subscription's ids
web3-eth-personal
  • givenProvider default value is undefined
  • currentProvider default value is undefined

v1.10.4

Compare Source

Security
Maintenance Countdown:

Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase.

Timeline of Changes:

90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the upgrade to Web3.js version 4.x

No New Bug Fixes (4/1/24 onwards):

Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend upgrading to Web3.js version 4.x

End of Security Fixes (7/1/24):

Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. Upgrading to Web3.js version 4.x is crucial to ensure the security of your applications.

v1.10.3

Compare Source

Security

  • web3-eth-accounts: Bumped @ethereumjs dependencies (#​6457)

  • Updated dependencies (#​6491)

v1.10.2

Compare Source

Fixed
  • Fixed broken fetch for Node.js > 18.x and fixed double callback (#​6381)

v1.10.1

Compare Source

Fixed
  • Builds fixed by updating all typescript versions to 4.9.5 (#​6238)
  • ABI encoding for large negative ints (#​6239)
  • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#​5200)
Changed

v1.10.0

Compare Source

Fixed
  • Improved the error propagation in web3-providers-http package to effectively propagate useful error infomation about failed HTTP connections (#​5955)
  • Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask (#​4454) and related "n.data.substring is not a function", that is raised when there is a revert and web.eth.handleRevert = true (#​6000)
Changed
  • transaction.type is now formatted to a hex string before being send to provider (#​5979)
  • When sending a transaction, if transaction.type === '0x1' && transaction.accessList === undefined, then transaction.accessList is set to [] (#​5979)
  • Removed an unnecessary chainId parameter from toChecksumAddress() function types (#​5888)
Added
  • Added support for getPastEvents method to filter allEvents and specific event (#​6015)
Security

v1.9.0

Compare Source

Fixed
  • Fixed skipped ws-ganache tests (#​5759)
  • Fixed "provider started to reconnect error" in web3-provider-ws (#​5820)
  • Fixed Error: Number can only safely store up to 53 bits (#​5845)
  • Fixed types for packages which have default exports but not declared default export in .d.ts (#​5866)
  • Fixed Transaction type by adding missing properties (#​5856)
Changed
  • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#​5845)
  • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#​5845)
  • Updated @​types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #​5640 (#​5885)
  • Add description to error for failed connection on websocket (#​5884)
Security

v1.8.2

Compare Source

Changed
  • Updated Webpack 4 to Webpack 5, more details at (#​5629)
  • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#​5629)
  • Updated ethereumjs-util to 7.1.5 (#​5629)
  • Updated lerna 4 to version 6 (#​5680)
  • Bump utils 0.12.0 to 0.12.5 (#​5691)
Fixed
  • Fixed types for web3.utils._jsonInterfaceMethodToString (#​5550)
  • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#​5601)
  • Builds fixed by updating all typescript versions to 4.1 (#​5675)
Removed
  • clean-webpack-plugin has been removed from dev-dependencies (#​5629)
Added
  • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#​5629)
  • Add readable-stream to dev-dependancies for webpack (#​5629)
Security
  • npm audit fix for libraries update (#​5726)

v1.8.1

Compare Source

Fixed
Changed

v1.8.0

Compare Source

Changed
  • Updated sha3 and sha3Raw type definition to accept Buffer (#​5357)
  • Removing legacy field in lerna.json (#​5403)
  • Correct eth_sendSignedTransaction code example (#​5402)
Fixed
  • Browser builds support polyfills (#​5031) (#​5053) (#​4659) (#​4767)
  • Update node version on actions to fix breaking mosaic test (#​5354)
  • Start incrementing jsonrpc.id from random number (#​5327)
  • web3-eth-contract's call and send methods no longer mutate options argument (#​5394)
  • Improvement using provided gas options in web3-eth-accounts for eip-1559 transactions (#​5012)
Added
  • Add missing function type "receive" in AbiType (#​5165)
  • Support of safe and finalized block tags added (#​5410)

v1.7.5

Compare Source

Changed
  • Replace xhr2-cookies deps to cross-fetch for web3-providers-http (#​5085)
Added
  • Documentation details about maxFeePerGas and maxPriorityFeePerGas (#​5121)
  • Added createAccessList types in web3.eth (#​5146)
Fixed
  • Improving AbstractProvider interface (#​5150)
  • Fix typos in web3-eth-accounts.rst & TESTING.md (#​5047)
  • Fix remove wallet using an index when an account address and address lowercase are equal (#​5049)
  • Improve README.md & Fix typos (#​4848)
  • Add optional hex formatting parameter for getTransactionReceipt (#​5153)
  • Fix transactionRoot -> transactionsRoot in BlockHeader (#​5083)
  • Fix Promise in Accounts.signTransaction() throwing errors that cannot be caught (#​4724)
  • Fixed unit tests & removed dead code for web3-providers-http (#​5228)
Security
  • Updated got lib version and fixed other libs using npm audit fix (#​5178) (#​5254)

v1.7.4

Compare Source

Fixed
  • Fix dead link in web3-eth.rst (#​4916)
  • Fix web3-core-method throws on f.call = this.call when intrinsic is frozen (#​4918) (#​4938)
  • Fix static tuple encoding (#​4673) (#​4884)
  • Fix bug in handleRevert logic for eth_sendRawTransaction (#​4902)
  • Fix resolve type of getBlock function (#​4911)
  • Web3-utils BN fix (#​5132)
Changed
  • Replace deprecated String.prototype.substr() (#​4855)
  • Exporting AbiCoder as coder (#​4937)
  • Github build workflow updated min build for node.js 12 and tests for 12, 14 and 16 (#​5014)
  • Updated libraries using BN and the BN library (#​5072)
Added
  • Exposing web3.eth.Contract.setProvider() as per public documentation (#​4822) (#​5001)
  • Improve npm script commands for development purposes (#​4848)
Security
  • npm audit fix to address vulnerabilities and update libraries (#​5014)

v1.7.3

Compare Source

Fixed
  • Fixed build issues of 1.7.2

v1.7.2

Compare Source

Changed
Security
  • npm audit fix to update libraries (#​4860)
Fixed
  • Fix jsonrpc payload and response types (#​4743) (#​4761)
  • Allowed more flexibility in typing the overly constrained provider.disconnect function (#​4833)

v1.7.1

Compare Source

Added
  • transactionPollingInterval added to web3, contract and method constructor options. defaults to 1 second. (#​4584)
  • Add example import for package level types (#​4611)
Fixed
  • Fix a typo in the documentation for methods.myMethod.send (#​4599)
  • Use globalThis to locate global object if possible (#​4613)
  • Fix typos in web3-utils.rst (#​4662)
  • Added effectiveGasPrice to TransactionReceipt (#​4692)
  • Correction in documentation for web3.eth.accounts.signTransaction (#​4576)
  • Updated README to include Webpack 5 create-react-app support instructions (#​4173)
  • Update the documentation for methods.myMethod.estimateGas (#​4702)
  • Fix typos in REVIEW.md and TESTING.md (#​4691)
  • Fix encoding for "0x" string values (#​4512)
Changed
  • Muted E2E gnosis dex tests in CI until fix for issue #​4436 is applied (#​4701)
Removed
  • Removed deprecated Morden testnet code (#​4339)
Security
  • Ran npm audit fix to address vulnerabilities and update libraries (#​4719) (#​4728)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Update dependency web3-utils to v4 [SECURITY]
4f06c5d 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@noble/[email protected] None +1 2.15 MB paulmillr
npm/[email protected] None 0 296 kB jdevcs
npm/[email protected] Transitive: environment, eval +14 3.33 MB jdevcs

🚮 Removed packages: npm/[email protected]

View full report↗︎

@renovate renovate bot changed the title Update dependency web3-utils to v4 [SECURITY] Update dependency web3-utils to v4 [SECURITY] - autoclosed Mar 28, 2024
@renovate renovate bot closed this Mar 28, 2024
@renovate renovate bot deleted the renovate/npm-web3-utils-vulnerability branch March 28, 2024 07:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type:security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants