Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade web3 from 4.0.2 to 4.12.1 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade web3 from 4.0.2 to 4.12.1 #3

wants to merge 1 commit into from

Conversation

Mmagkooo
Copy link
Owner

@Mmagkooo Mmagkooo commented Oct 4, 2024

snyk-top-banner

Snyk has created this PR to upgrade web3 from 4.0.2 to 4.12.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 278 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		 776 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		 776 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		 776 Proof of Concept
high severity Prototype Pollution
SNYK-JS-WEB3UTILS-6229337		 776 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 776 Proof of Concept
Release notes
Package name: web3
  • 4.12.1 - 2024-08-23

    Hot fix

    [4.12.1]

    Fixed

    web3-eth-accounts

    • Revert TransactionFactory.registerTransactionType if there is a version mistatch between web3-eth and web3-eth-accounts and fix nextjs problem. (#7216)

    What's Changed

  • 4.12.1-dev.e746566.0 - 2024-08-22
  • 4.12.1-dev.0b75589.0 - 2024-08-23
  • 4.12.0 - 2024-08-22

    [4.12.0]

    Fixed

    web3-core

    • setConfig() fix for setMaxListenerWarningThreshold fix (#5079)

    web3-eth-accounts

    • Fix TransactionFactory.registerTransactionType not working, if there is a version mistatch between web3-eth and web3-eth-accounts by saving extraTxTypes at globals. (#7197)

    Added

    web3-eth-accounts

    • Added public function signMessageWithPrivateKey (#7174)

    web3-eth-contract

    • Added populateTransaction to the contract.deploy(...) properties. (#7197)

    web3-providers-http

    • Added statusCode of response in ResponseError, statusCode is optional property in ResponseError.

    web3-rpc-providers

    • Updated rate limit error of QuickNode provider for HTTP transport
    • Added optional HttpProviderOptions | SocketOptions in Web3ExternalProvider and QuickNodeProvider for provider configs

    web3-errors

    • Added optional statusCode property of response in ResponseError.

    Changed

    web3-eth-contract

    • The returnred properties of contract.deploy(...) are structured with a newly created class named DeployerMethodClass. (#7197)
    • Add a missed accepted type for the abi parameter, at dataInputEncodeMethodHelper and getSendTxParams. (#7197)

    What's Changed

    New Contributors

  • 4.11.2-dev.f87ffbe.0 - 2024-08-01
  • 4.11.2-dev.dee14ec.0 - 2024-07-30
  • 4.11.2-dev.d9d0391.0 - 2024-08-20
  • 4.11.2-dev.cbbbd84.0 - 2024-07-24
  • 4.11.2-dev.8b435c1.0 - 2024-08-06
  • 4.11.2-dev.61e9e06.0 - 2024-08-02
  • 4.11.2-dev.60fc197.0 - 2024-08-21
  • 4.11.2-dev.5080e80.0 - 2024-08-02
  • 4.11.2-dev.4f8e8cc.0 - 2024-08-21
  • 4.11.2-dev.2ef694c.0 - 2024-08-21
  • 4.11.2-dev.0db2b18.0 - 2024-08-08
  • 4.11.2-dev.2706805.0 - 2024-08-02
  • 4.11.1 - 2024-07-24

    [4.11.1]

    Fixed

    web3-errors

    • Fixed the undefined data in Eip838ExecutionError constructor (#6905)

    web3-eth

    • Adds transaction property to be an empty list rather than undefined when no transactions are included in the block (#7151)
    • Change method getTransactionReceipt to not be casted as TransactionReceipt to give proper return type (#7159)

    web3

    • Remove redundant constructor of contractBuilder (#7150)

    What's Changed

    New Contributors

    Full Changelog: v4.11.0...v4.11.1

  • 4.11.1-dev.e5efe49.0 - 2024-07-22
  • 4.11.1-dev.cbcfc18.0 - 2024-07-22
  • 4.11.1-dev.9afaa61.0 - 2024-07-16
  • 4.11.1-dev.6b80cf0.0 - 2024-07-12
  • 4.11.1-dev.5f6deeb.0 - 2024-07-22
  • 4.11.1-dev.5ad7e5b.0 - 2024-07-17
  • 4.11.1-dev.463d070.0 - 2024-07-11
  • 4.11.0 - 2024-07-11

    [4.11.0]

    Fixed

    web3-eth-abi

    • fix encodedata in EIP-712 (#7095)

    web3-utils

    • _sendPendingRequests will catch unhandled errors from _sendToSocket (#6968)

    web3-eth

    • Fixed geth issue when running a new instance, transactions will index when there are no blocks created (#7098)

    Changed

    web3-eth-accounts

    • baseTransaction method updated (#7095)

    web3-providers-ws

    • Update dependancies (#7109)

    web3-rpc-providers

    • Change request return type Promise<ResultType> to Promise<JsonRpcResponseWithResult<ResultType>> (#7102)

    Added

    web3-eth-contract

    • populateTransaction was added to contract methods (#7124)
    • Contract has setTransactionMiddleware and getTransactionMiddleware for automatically passing to sentTransaction for deploy and send functions (#7138)

    web3-rpc-providers

    • When error is returned with code 429, throw rate limit error (#7102)

    web3

    • web3.eth.Contract will get transaction middleware and use it, if web3.eth has transaction middleware. (#7138)
  • 4.10.1-dev.89711ab.0 - 2024-07-10
  • 4.10.1-dev.1436228.0 - 2024-07-09
  • 4.10.0 - 2024-06-17

    [4.10.0]

    Added

    web3

    • Now when existing packages are added in web3, will be avalible for plugins via context. (#7088)

    web3-core

    • Now when existing packages are added in web3, will be avalible for plugins via context. (#7088)

    web3-eth

    • sendTransaction in rpc_method_wrappers accepts optional param of TransactionMiddleware (#7088)
    • WebEth has setTransactionMiddleware and getTransactionMiddleware for automatically passing to sentTransaction (#7088)

    web3-eth-ens

    • getText now supports first param Address
    • getName has optional second param checkInterfaceSupport

    web3-types

    • Added result as optional never and error as optional never in type JsonRpcNotification` (#7091)
    • Added JsonRpcNotfication as a union type in JsonRpcResponse (#7091)

    web3-rpc-providers

    • Alpha release

    Fixed

    web3-eth-ens

    • getName reverse resolution

    What's Changed

    Full Changelog: v4.9.0...v4.10.0

  • 4.9.1-dev.fd2982d.0 - 2024-05-23
  • 4.9.1-dev.f687df6.0 - 2024-05-29
  • 4.9.1-dev.b63af9f.0 - 2024-05-30
  • 4.9.1-dev.962b99f.0 - 2024-05-24
  • 4.9.1-dev.9086b98.0 - 2024-05-30
  • 4.9.1-dev.7537f03.0 - 2024-05-23
  • 4.9.1-dev.692987a.0 - 2024-05-24
  • 4.9.1-dev.683be62.0 - 2024-05-28
  • 4.9.1-dev.22c07ad.0 - 2024-05-27
  • 4.9.1-dev.7084665.0 - 2024-05-29
  • 4.9.0 - 2024-05-23

    What's Changed

    New Contributors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Mmagkooo @snyk-bot