[Snyk] Security upgrade web3 from 2.0.0-alpha.1 to 4.0.1

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • front/package.json
  • front/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	131/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 1.86, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: web3

The new version differs by 250 commits.

• 5b5bf87 changelog updates
• 45d55c3 version update
• 4358140 Release/4.0.1 rc.2 (#6152)
• cdc2835 fix canary auth (#6151)
• 55a4de1 add util polyfill (#6150)
• 45edf3d Canary releases (#6143)
• 01ce365 Proposal for rearranging docs (#6141)
• 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
• d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
• 88ac791 Correct and enhance documentation for subscribing to events (#6129)
• daaaff7 Autotype for contract methods (#6137)
• ab80131 support ESM builds (#6131)
• 6202d1e min build whitelisting (#6132)
• 7a924db migration guide update (#6130)
• 4f423fc Fix validation of nested tuples (#6125)
• 408332d fix!: remove non read-only ens methods (#6084)
• 8c5ea34 Providers Tutorial (#6095)
• f2abd6a Eth turorial (#6120)
• 210455a transaction integration tests (#6071)
• fe959a1 Contract options fix (#6118)
• bf1311f update docs so web is imported by default (#6112)
• 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
• 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
• edc7a84 `defaultTransactionTypeParser` Refactor (#6102)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1bd66d9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ethereumjs/rlp@4.0.1	None	0	51.6 kB	holgerd77
npm/@noble/curves@1.4.2	None	0	1.5 MB	paulmillr
npm/@noble/hashes@1.4.0	None	0	773 kB	paulmillr
npm/@scure/base@1.1.9	None	0	133 kB	paulmillr
npm/@scure/bip32@1.4.0	None	0	58.7 kB	paulmillr
npm/@scure/bip39@1.3.0	None	0	374 kB	paulmillr
npm/abitype@0.7.1	None	0	475 kB	awkweb
npm/available-typed-arrays@1.0.7	None	0	20.4 kB	ljharb
npm/call-bind@1.0.7	None	0	22.1 kB	ljharb
npm/crc-32@1.2.2	None	0	31 kB	sheetjs
npm/cross-fetch@4.0.0	network	0	88.1 kB	lquixada
npm/define-data-property@1.1.4	None	0	30.9 kB	ljharb
npm/es-define-property@1.0.0	None	0	11.8 kB	ljharb
npm/es-errors@1.3.0	None	0	12.3 kB	ljharb
npm/ethereum-cryptography@2.2.1	None	0	83.7 kB	paulmillr
npm/eventemitter3@5.0.1	None	0	73.4 kB	lpinca
npm/function-bind@1.1.2	None	0	31.4 kB	ljharb
npm/generate-function@2.3.1	eval	0	9.04 kB	mafintosh
npm/generate-object-property@1.2.0	None	0	2.75 kB	mafintosh
npm/get-intrinsic@1.2.4	eval	0	41.6 kB	ljharb
npm/gopd@1.0.1	None	0	7.7 kB	ljharb
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/has-tostringtag@1.0.2	None	0	17.6 kB	ljharb
npm/hasown@2.0.2	None	0	8.77 kB	ljharb
npm/is-arguments@1.1.1	None	0	28.8 kB	ljharb
npm/is-callable@1.2.7	None	0	28.9 kB	ljharb
npm/is-generator-function@1.0.10	eval	0	31.9 kB	ljharb
npm/is-my-ip-valid@1.0.1	None	0	21.1 kB	linusu
npm/is-my-json-valid@2.20.6	None	0	40.2 kB	linusu
npm/is-property@1.0.2	None	0	13.6 kB	mikolalysenko
npm/is-typed-array@1.1.13	None	0	23.3 kB	ljharb
npm/isomorphic-ws@5.0.0	None	0	4.04 kB	heineiuo
npm/jsonpointer@5.0.1	None	0	6.75 kB	marcbachmann
npm/node-fetch@2.7.0	network	0	162 kB	node-fetch-bot
npm/possible-typed-array-names@1.0.0	None	0	10.9 kB	ljharb
npm/set-function-length@1.2.2	None	0	14.7 kB	ljharb
npm/setimmediate@1.0.5	None	0	8.56 kB	domenic
npm/tr46@0.0.3	None	0	268 kB	sebmaster
npm/util@0.12.5	environment	0	33.7 kB	goto-bus-stop
npm/varint@5.0.0	None	0	9.03 kB	chrisdickinson
npm/vary@1.1.2	None	0	8.75 kB	dougwilson
npm/verror@1.10.0	None	0	35.8 kB	dap
npm/void-elements@2.0.1	None	0	4.32 kB	hemanth
npm/watchpack@2.4.0	environment, filesystem	0	56.9 kB	sokra
npm/wbuf@1.7.3	None	0	20.9 kB	indutny
npm/wcwidth@1.0.1	None	0	14.2 kB	timoxley
npm/web3-core@4.6.0	None	0	483 kB	gregthegreek, jdevcs, luu-alex, ...1 more
npm/web3-errors@1.3.0	None	0	416 kB	gregthegreek, jdevcs, luu-alex, ...2 more
npm/web3-eth-abi@4.2.4	None	0	402 kB	luu-alex
npm/web3-eth-accounts@4.2.1	None	0	1.36 MB	luu-alex
npm/web3-eth-contract@4.7.0	None	0	436 kB	gregthegreek, jdevcs, luu-alex, ...1 more
npm/web3-eth-ens@4.4.0	None	0	312 kB	luu-alex
npm/web3-eth-iban@4.0.7	None	0	78.4 kB	jdevcs
npm/web3-eth-personal@4.1.0	None	0	89.6 kB	luu-alex
npm/web3-eth@4.9.0	None	0	1.34 MB	luu-alex
npm/web3-net@4.1.0	None	0	40.5 kB	luu-alex
npm/web3-providers-http@4.2.0	None	0	27.5 kB	gregthegreek, jdevcs, luu-alex, ...1 more
npm/web3-providers-ipc@4.0.7	filesystem, network	0	33 kB	jdevcs
npm/web3-providers-ws@4.0.8	None	0	35.4 kB	luu-alex
npm/web3-rpc-methods@1.3.0	None	0	135 kB	luu-alex
npm/web3-types@1.8.0	None	0	301 kB	luu-alex
npm/web3-utils@4.3.1	None	0	537 kB	luu-alex
npm/web3-validator@1.0.2	None	0	891 kB	jdevcs
npm/web3@4.0.1	None	0	3.35 MB	jdevcs
npm/webdriver-js-extender@2.1.0	None	0	113 kB	angularcore
npm/webidl-conversions@3.0.1	None	0	12.4 kB	sebmaster
npm/webpack-bundle-analyzer@4.7.0	environment, filesystem, network	0	1.28 MB	valscion
npm/webpack-dev-middleware@6.0.1	filesystem	0	77.1 kB	evilebottnawi
npm/webpack-dev-server@4.11.1	environment, network	0	602 kB	evilebottnawi
npm/webpack-merge@5.8.0	None	0	57.2 kB	bebraw
npm/webpack-sources@3.2.3	None	0	91.3 kB	sokra
npm/webpack-subresource-integrity@5.1.0	filesystem	0	83.9 kB	jscheid
npm/webpack@5.76.1	environment, filesystem, network, unsafe	0	4.41 MB	evilebottnawi
npm/websocket-driver@0.7.4	network	0	67.4 kB	jcoglan
npm/websocket-extensions@0.1.4	None	0	55 kB	jcoglan
npm/whatwg-url@5.0.0	None	0	49.9 kB	domenic
npm/which-module@2.0.0	None	0	4.58 kB	nexdrew
npm/which-typed-array@1.1.15	None	0	40.7 kB	ljharb
npm/which@1.3.1	environment	0	9.42 kB	isaacs
npm/wide-align@1.1.5	None	0	4.47 kB	iarna
npm/wildcard@2.0.0	None	0	21.7 kB	damonoehlman
npm/wordwrap@0.0.3	None	0	37 kB	substack
npm/wrap-ansi@2.1.0	None	0	7.79 kB	sindresorhus
npm/wrappy@1.0.2	None	0	2.96 kB	zkat
npm/ws@7.5.9	network	0	122 kB	lpinca
npm/xml2js@0.4.23	None	0	43.5 kB	leonidas

🚮 Removed packages: npm/@babel/runtime@7.6.0, npm/@types/bn.js@4.11.5, npm/aes-js@3.0.0, npm/bip66@1.1.5, npm/bn.js@4.11.8, npm/brorand@1.1.0, npm/browserify-aes@1.2.0, npm/browserify-cipher@1.0.1, npm/browserify-des@1.0.2, npm/buffer-to-arraybuffer@0.0.5, npm/buffer-xor@1.0.3, npm/call-bind@1.0.2, npm/cipher-base@1.0.4, npm/cookiejar@2.1.4, npm/create-hash@1.2.0, npm/create-hmac@1.1.7, npm/d@1.0.1, npm/decompress-response@3.3.0, npm/define-properties@1.1.3, npm/des.js@1.0.0, npm/dom-walk@0.1.1, npm/drbg.js@1.0.1, npm/elliptic@6.5.1, npm/es-abstract@1.14.2, npm/es-to-primitive@1.2.0, npm/es5-ext@0.10.51, npm/es6-iterator@2.0.3, npm/es6-symbol@3.1.2, npm/eth-ens-namehash@2.0.8, npm/eth-lib@0.2.8, npm/ethereum-common@0.0.18, npm/ethereumjs-tx@1.3.7, npm/ethereumjs-util@5.2.0, npm/ethers@4.0.37, npm/ethjs-unit@0.1.6, npm/ethjs-util@0.1.6, npm/eventemitter3@3.1.0, npm/evp_bytestokey@1.0.3, npm/function-bind@1.1.1, npm/get-intrinsic@1.2.0, npm/global@4.3.2, npm/has-symbols@1.0.0, npm/hash-base@3.0.4, npm/hash.js@1.1.7, npm/hmac-drbg@1.0.1, npm/idna-uts46-hx@2.3.1, npm/is-callable@1.1.4, npm/is-date-object@1.0.1, npm/is-function@1.0.1, npm/is-hex-prefixed@1.0.0, npm/is-regex@1.0.4, npm/is-symbol@1.0.2, npm/js-sha3@0.5.7, npm/keccak@1.4.0, npm/md5.js@1.3.5, npm/mimic-response@1.0.1, npm/min-document@2.19.0, npm/minimalistic-crypto-utils@1.0.1, npm/next-tick@1.0.0, npm/number-to-bn@1.7.0, npm/object-inspect@1.6.0, npm/object-keys@1.1.1, npm/parse-headers@2.0.2, npm/pbkdf2@3.0.17, npm/process@0.5.2, npm/query-string@5.1.1, npm/querystringify@2.1.1, npm/regenerator-runtime@0.13.3, npm/ripemd160@2.0.2, npm/rlp@2.2.3, npm/scrypt-js@2.0.4, npm/scryptsy@2.1.0, npm/secp256k1@3.7.1, npm/setimmediate@1.0.4, npm/sha.js@2.4.11, npm/simple-concat@1.0.0, npm/simple-get@2.8.2, npm/strict-uri-encode@1.1.0, npm/string.prototype.trim@1.2.0, npm/string.prototype.trimleft@2.1.0, npm/string.prototype.trimright@2.1.0, npm/strip-hex-prefix@1.0.0, npm/timed-out@4.0.1, npm/type@1.0.3, npm/typedarray-to-buffer@3.1.5, npm/url-parse@1.4.4, npm/url-set-query@1.0.0, npm/utf8@2.1.1, npm/uuid@2.0.1

View full report↗︎