[Snyk] Upgrade web3 from 1.3.6 to 1.10.4

[Vishwas1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.3.6 to 1.10.4.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 50 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-02-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.10.4 - 2024-02-05
  

  Security

  • Updated dependencies (#6731)

  ---

  Maintenance Countdown:

  Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase.

  Timeline of Changes:

  90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the upgrade to Web3.js version 4.x

  No New Bug Fixes (4/1/24 onwards):

  Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend upgrading to Web3.js version 4.x

  End of Security Fixes (7/1/24):

  Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. Upgrading to Web3.js version 4.x is crucial to ensure the security of your applications.

• 1.10.4-dev.0 - 2024-01-31
  

  Security

  • Updated dependencies (#6731)
• 1.10.3 - 2023-10-18
• 1.10.3-dev.0 - 2023-10-16
• 1.10.2 - 2023-08-28
• 1.10.1 - 2023-08-14
• 1.10.1-rc.0 - 2023-08-08
• 1.10.0 - 2023-05-10
• 1.10.0-rc.0 - 2023-05-02
• 1.9.0 - 2023-03-20
• 1.9.0-rc.0 - 2023-03-07
• 1.8.2 - 2023-01-30
• 1.8.2-rc.0 - 2023-01-11
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17
• 1.7.0-rc.0 - 2021-12-09
• 1.6.1 - 2021-11-15
• 1.6.1-rc.3 - 2021-11-10
• 1.6.1-rc.2 - 2021-10-27
• 1.6.1-rc.0 - 2021-10-09
• 1.6.0 - 2021-09-30
• 1.6.0-rc.0 - 2021-09-26
• 1.5.3 - 2021-09-22
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15
• 1.5.2-rc.0 - 2021-08-15
• 1.5.1 - 2021-08-05
• 1.5.1-rc.1 - 2021-08-05
• 1.5.1-rc.0 - 2021-07-31
• 1.5.0 - 2021-07-28
• 1.5.0-rc.1 - 2021-07-24
• 1.5.0-rc.0 - 2021-07-21
• 1.4.0 - 2021-06-30
• 1.4.0-rc.0 - 2021-06-25
• 1.3.6 - 2021-05-14

from web3 GitHub release notes

Commit messages

Package name: web3

• 56d35a4 lerna version bump and build
• 5b1b9d7 version bumps and lerna build
• 4ab6cc4 changelog update
• f5b72a0 npm i and npm audit fix
• 53e01d9 1x libs update (#6731)
• 5b33133 Add 1.x deprecation notice (#6723)
• 0e8695b 1x release process (#6550)
• 926c882 Release/1.10.3 (#6510)
• dbd96ae 1x deps update (#6491)
• aafce59 v1/chore(web3-eth-accounts): bump @ ethereumjs/common and @ ethereumjs/tx (#6457)
• c44abcd Release/1.10.2 (#6382)
• 9e063ef Fixed broken fetch for Node.js > 18.x and fixed double callback (#6381)
• 3e685bf Release/1.10.1 (#6329)
• 1b65ccf codeowners update (#6324)
• d4217a2 1x doc updates (#6325)
• 5f02175 Replace ethereumjs-util with @ ethereumjs/util (#6283)
• e68194b 1.x - update submit work and contract.myMethod.send docs (#6229)
• 47b9769 Fix for ABI encoding large negative ints (#6239)
• 512aba7 Bump `typescript` to `4.9.5` and `ts-node` to `10.9.1` (#6238)
• 6bde558 Release/1.10.0 (#6058)
• 13a2edc Remove the unnecessary chainId parameter (#5888) (#6057)
• 7b3ce91 1x update (#6044)
• 195cd3c Filter option doesn't work in getPastEvents (#6015)
• 48958ee Nicos99/revert call (#6009)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs