[Snyk] Upgrade web3 from 1.3.6 to 1.10.3 #1948

Vishwas1 · 2024-02-15T04:07:29Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.3.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 48 versions ahead of your current version.
The recommended version was released 4 months ago, on 2023-10-18.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Information Exposure SNYK-JS-SIMPLEGET-2361683	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

1.10.3 - 2023-10-18
Security
- web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)
- Updated dependencies (#6491)
1.10.3-dev.0 - 2023-10-16
Security
- web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)
- Updated dependencies (#6491)
( Considering discussion about release tags , v1 will follow tags:
- legacy ( for v1 releases )
- legacy-dev ( for v1 test/RC releases, this will replace rc tag)
1.10.2 - 2023-08-28
Fixed
- Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
1.10.1 - 2023-08-14
Fixed
- Builds fixed by updating all typescript versions to 4.9.5 (#6238)
- ABI encoding for large negative ints (#6239)
- Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)
Changed
- Replace ethereumjs-util with @ ethereumjs/util (#6283)
1.10.1-rc.0 - 2023-08-08
Fixed
- Builds fixed by updating all typescript versions to 4.9.5 (#6238)
- ABI encoding for large negative ints (#6239)
- Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)
Changed
- Replace ethereumjs-util with @ ethereumjs/util (#6283)
1.10.0 - 2023-05-10
1.10.0-rc.0 - 2023-05-02
1.9.0 - 2023-03-20
1.9.0-rc.0 - 2023-03-07
1.8.2 - 2023-01-30
1.8.2-rc.0 - 2023-01-11
1.8.1 - 2022-11-10
1.8.1-rc.0 - 2022-10-28
1.8.0 - 2022-09-14
1.8.0-rc.0 - 2022-09-08
1.7.5 - 2022-08-01
1.7.5-rc.1 - 2022-07-19
1.7.5-rc.0 - 2022-07-15
1.7.4 - 2022-06-21
1.7.4-rc.2 - 2022-06-16
1.7.4-rc.1 - 2022-06-08
1.7.4-rc.0 - 2022-05-17
1.7.3 - 2022-04-08
1.7.3-rc.0 - 2022-04-07
1.7.2 - 2022-04-07
1.7.2-rc.0 - 2022-03-24
1.7.1 - 2022-03-03
1.7.1-rc.0 - 2022-02-10
1.7.0 - 2022-01-17
1.7.0-rc.0 - 2021-12-09
1.6.1 - 2021-11-15
1.6.1-rc.3 - 2021-11-10
1.6.1-rc.2 - 2021-10-27
1.6.1-rc.0 - 2021-10-09
1.6.0 - 2021-09-30
1.6.0-rc.0 - 2021-09-26
1.5.3 - 2021-09-22
1.5.3-rc.0 - 2021-09-10
1.5.2 - 2021-08-15
1.5.2-rc.0 - 2021-08-15
1.5.1 - 2021-08-05
1.5.1-rc.1 - 2021-08-05
1.5.1-rc.0 - 2021-07-31
1.5.0 - 2021-07-28
1.5.0-rc.1 - 2021-07-24
1.5.0-rc.0 - 2021-07-21
1.4.0 - 2021-06-30
1.4.0-rc.0 - 2021-06-25
1.3.6 - 2021-05-14

from web3 GitHub release notes

Commit messages

Package name: web3

24d310c Build commit for 1.10.3
92180be v1.10.3
e4b251c Manual build commit for v1 dev
f741dce v1.10.3-dev.0
e21df8e changelog
d92b07a npm audit fix
dbd96ae 1x deps update (#6491)
aafce59 v1/chore(web3-eth-accounts): bump @ ethereumjs/common and @ ethereumjs/tx (#6457)
c44abcd Release/1.10.2 (#6382)
9e063ef Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
3e685bf Release/1.10.1 (#6329)
1b65ccf codeowners update (#6324)
d4217a2 1x doc updates (#6325)
5f02175 Replace ethereumjs-util with @ ethereumjs/util (#6283)
e68194b 1.x - update submit work and contract.myMethod.send docs (#6229)
47b9769 Fix for ABI encoding large negative ints (#6239)
512aba7 Bump `typescript` to `4.9.5` and `ts-node` to `10.9.1` (#6238)
6bde558 Release/1.10.0 (#6058)
13a2edc Remove the unnecessary chainId parameter (#5888) (#6057)
7b3ce91 1x update (#6044)
195cd3c Filter option doesn't work in getPastEvents (#6015)
48958ee Nicos99/revert call (#6009)
6ce085b Fix error: "n.data.substring is not a function" (#6000)
4e5afa1 Format `transaction.type` to hex. Add empty `accessList` is `tx.type === '0x1'` (#5979)