[Snyk] Upgrade web3 from 1.10.3 to 4.5.0 #2

Jircs1 · 2024-03-18T22:56:32Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.10.3 to 4.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 191 versions ahead of your current version.
The recommended version was released a month ago, on 2024-02-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

4.5.0 - 2024-02-12
[4.5.0]

Added

web3-utils
- Adds missing exported type AbiItem from 1.x to v4 for compatabiltiy (#6678)
web3-types
- Adds missing exported type AbiItem from 1.x to v4 for compatabiltiy (#6678)
Changed

web3
- Dependencies updated
New Contributors

Thanks for contributions in web3.js lib:
- @ vuittont60 made their first contribution in #6704
- @ jasonaw98 made their first contribution in #6783
4.4.1-dev.ed1460c.0 - 2024-02-06
4.4.1-dev.e5673ca.0 - 2024-02-05
4.4.1-dev.d8b64a8.0 - 2024-02-09
4.4.1-dev.b49094b.0 - 2024-01-23
4.4.1-dev.aac2420.0 - 2024-01-24
4.4.1-dev.a72e99a.0 - 2024-01-29
4.4.1-dev.a6b685e.0 - 2024-02-05
4.4.1-dev.9f31612.0 - 2024-02-08
4.4.1-dev.998954f.0 - 2024-02-07
4.4.1-dev.95b37d8.0 - 2024-02-01
4.4.1-dev.7d7a9ea.0 - 2024-01-29
4.4.1-dev.7b97011.0 - 2024-01-17
4.4.1-dev.727c9fc.0 - 2024-01-23
4.4.1-dev.6da7379.0 - 2024-02-09
4.4.1-dev.42ec398.0 - 2024-02-01
4.4.1-dev.0a8f9e4.0 - 2024-02-08
4.4.1-dev.0881fe1.0 - 2024-02-08
4.4.1-dev.028dc20.0 - 2024-01-23
4.4.0 - 2024-01-17
[4.4.0]

Added

web3-eth
- Catch TransactionPollingTimeoutError was added to send transaction events (#6623)
Changed

web3-eth-abi
- Use AbiError instead of Error for errors at web3-eth-abi (#6641).
web3-eth-contract
- Allow the deploy function to accept parameters, even when no ABI was provided to the Contract(#6635)
web3
- Dependencies updated
Fixed

web3-eth-abi
- Fixed an issue with detecting Uint8Array (#6486)
web3-eth-accounts
- Send Transaction config used to be ignored if the passed common did not have a copy() and the chainId was not provided (#6663)
- Fixed an issue with detecting Uint8Array (#6486)
web3-eth-contract
- Fix and error that happen when trying to get past events by calling contract.getPastEvents or contract.events.allEvents(), if there is no matching events. (#6647)
- Fixed: The Contract is not using the context wallet passed if context was passed at constructor. (#6661)
web3-utils
- Fixed an issue with detecting Uint8Array (#6486)
web3-validator
- Fixed an issue with detecting Uint8Array (#6486)
4.3.1-dev.fa4c72b.0 - 2023-12-15
4.3.1-dev.f9468a8.0 - 2024-01-04
4.3.1-dev.f7d9349.0 - 2023-12-14
4.3.1-dev.f1c6916.0 - 2023-12-05
4.3.1-dev.e442fd2.0 - 2023-12-14
4.3.1-dev.e1080d9.0 - 2023-12-13
4.3.1-dev.df594c9.0 - 2024-01-05
4.3.1-dev.cdd99e7.0 - 2023-12-05
4.3.1-dev.cc7ff1f.0 - 2024-01-08
4.3.1-dev.c858390.0 - 2023-12-12
4.3.1-dev.c097b9a.0 - 2023-12-15
4.3.1-dev.b819ee4.0 - 2023-12-05
4.3.1-dev.b35eca1.0 - 2023-12-12
4.3.1-dev.b188714.0 - 2024-01-08
4.3.1-dev.a4f2f8c.0 - 2023-12-12
4.3.1-dev.a3fe342.0 - 2024-01-15
4.3.1-dev.882631c.0 - 2024-01-15
4.3.1-dev.80c2e1d.0 - 2023-12-12
4.3.1-dev.7c33cc0.0 - 2024-01-08
4.3.1-dev.762c298.0 - 2024-01-09
4.3.1-dev.6c075db.0 - 2024-01-03
4.3.1-dev.6b2dbe3.0 - 2023-12-16
4.3.1-dev.65a9862.0 - 2024-01-07
4.3.1-dev.5afcb54.0 - 2023-12-05
4.3.1-dev.5aa8b7f.0 - 2023-12-04
4.3.1-dev.59fc438.0 - 2023-12-13
4.3.1-dev.43b11b8.0 - 2023-12-11
4.3.1-dev.3cfe56f.0 - 2024-01-09
4.3.1-dev.2a40b66.0 - 2024-01-08
4.3.1-dev.23d69ba.0 - 2024-01-05
4.3.1-dev.1eb07d1.0 - 2024-01-09
4.3.1-dev.0c67cc6.0 - 2024-01-04
4.3.1-dev.5161642.0 - 2024-01-15
4.3.0 - 2023-12-04
[4.3.0]

Changed

web3-core
- Web3config contractDataInputFill has been defaulted to data, istead of input. (#6622)
web3-eth-contracts
- By default, contracts will fill data instead of input within method calls (#6622)
Added

web3-utils
- SocketProvider now contains public function getPendingRequestQueueSize, getSentRequestsQueueSize and clearQueues (#6479)
- Added safeDisconnect as a SocketProvider method to disconnect only when request queue size and send request queue size is 0 (#6479)
- Add isContractInitOptions method (#6555)
web3
- Added methods (privateKeyToAddress, parseAndValidatePrivateKey, and privateKeyToPublicKey) to web3.eth.accounts (#6620)
Fixed

web3-rpc-methods
- Fix web3-types import #6590 (#6589)
web3-utils
- Fix unecessary array copy when pack encoding (#6553)
4.2.3-dev.f8d8774.0 - 2023-11-23
4.2.3-dev.ef6f04e.0 - 2023-11-20
4.2.3-dev.e6d8c14.0 - 2023-11-28
4.2.3-dev.d8b8e18.0 - 2023-11-20
4.2.3-dev.be86e25.0 - 2023-11-20
4.2.3-dev.bcd0706.0 - 2023-11-20
4.2.3-dev.b9da5a5.0 - 2023-11-20
4.2.3-dev.b3ccd5c.0 - 2023-11-28
4.2.3-dev.af91519.0 - 2023-11-20
4.2.3-dev.8e3e676.0 - 2023-11-10
4.2.3-dev.7461c8e.0 - 2023-12-01
4.2.3-dev.72e9bbd.0 - 2023-11-03
4.2.3-dev.6cc86b3.0 - 2023-11-20
4.2.3-dev.4778a0c.0 - 2023-11-06
4.2.3-dev.41dbf2a.0 - 2023-11-06
4.2.3-dev.3bda14d.0 - 2023-11-27
4.2.3-dev.332c18c.0 - 2023-11-06
4.2.3-dev.2c60685.0 - 2023-11-20
4.2.3-dev.2c132c5.0 - 2023-11-16
4.2.3-dev.20cc5da.0 - 2023-11-23
4.2.3-dev.11f20b2.0 - 2023-11-06
4.2.3-dev.119dfa5.0 - 2023-12-04
4.2.3-dev.0dec262.0 - 2023-11-17
4.2.3-dev.09c8ad0.0 - 2023-11-07
4.2.3-dev.2785782.0 - 2023-11-20
4.2.2 - 2023-11-03
Added

web3-core
- Added isMetaMaskProvider function to check if provider is metamask (#6534)
web3-types
- Interface MetaMaskProvider added and is part of SupportedProviders (#6534)
- gasPrice was added to Transaction1559UnsignedAPI type. (#6539)
Changed

web3
- Dependencies updated
Fixed

web3-errors
- Fixed grammar and spelling in transactionTimeoutHint (#6559)
web3-eth-contract
- Will populate data for transactions in contract for metamask provider instead of input (#6534)
4.2.2-dev.f9bcac9.0 - 2023-11-02
4.2.2-dev.f6c7fca.0 - 2023-10-31
4.2.2-dev.b05345b.0 - 2023-11-01
4.2.2-dev.8c643c2.0 - 2023-10-25
4.2.2-dev.41f39c0.0 - 2023-10-26
4.2.2-dev.116b7bb.0 - 2023-10-31
4.2.1 - 2023-10-25
Fixed

web3-eth-abi
- Bug fix of ERR_UNSUPPORTED_DIR_IMPORT in ABI (#6535)
Changed

web3-eth-contract
- Dependencies updated
web3-eth
- Dependencies updated
web3-eth-ens
- Dependencies updated
web3-eth-personal
- Dependencies updated
web3
- Dependencies updated
4.2.1-dev.f860b04.0 - 2023-10-23
4.2.1-dev.bd3b9a0.0 - 2023-10-18
4.2.1-dev.a0d6730.0 - 2023-10-23
4.2.1-dev.90b8581.0 - 2023-10-23
4.2.1-dev.7bee9bc.0 - 2023-10-18
4.2.1-dev.6791e60.0 - 2023-10-23
4.2.0 - 2023-10-18
Read more
4.1.3-dev.e760667.0 - 2023-10-13
4.1.3-dev.d036166.0 - 2023-09-22
4.1.3-dev.c490c18.0 - 2023-09-28
4.1.3-dev.bfcbea8.0 - 2023-10-02
4.1.3-dev.b8fa712.0 - 2023-09-27
4.1.3-dev.b38f00d.0 - 2023-10-12
4.1.3-dev.ae98628.0 - 2023-10-09
4.1.3-dev.9b03f9d.0 - 2023-10-04
4.1.3-dev.9a5fd87.0 - 2023-10-10
4.1.3-dev.90d78c1.0 - 2023-10-02
4.1.3-dev.80adabe.0 - 2023-09-23
4.1.3-dev.80986bb.0 - 2023-10-04
4.1.3-dev.70d1957.0 - 2023-10-17
4.1.3-dev.6e43d1b.0 - 2023-10-12
4.1.3-dev.66ddb7e.0 - 2023-09-21
4.1.3-dev.54c5ed0.0 - 2023-09-19
4.1.3-dev.4b445ae.0 - 2023-09-29
4.1.3-dev.42502b6.0 - 2023-10-16
4.1.3-dev.2b445bf.0 - 2023-09-19
4.1.3-dev.226b3ba.0 - 2023-10-17
4.1.3-dev.171b413.0 - 2023-09-21
4.1.3-dev.10d1f12.0 - 2023-10-16
4.1.3-dev.0e78235.0 - 2023-10-05
4.1.3-dev.09f4c8b.0 - 2023-10-17
4.1.3-dev.4879326.0 - 2023-10-09
4.1.3-dev.3060994.0 - 2023-09-28
4.1.2 - 2023-09-19
4.1.2-dev.e4ba45c.0 - 2023-09-15
4.1.2-dev.da3e2f5.0 - 2023-09-12
4.1.2-dev.a325689.0 - 2023-08-21
4.1.2-dev.9ad39bd.0 - 2023-08-21
4.1.2-dev.8010a6d.0 - 2023-09-18
4.1.2-dev.3ab3b39.0 - 2023-09-12
4.1.2-dev.054033f.0 - 2023-09-15
4.1.1 - 2023-08-21
4.1.1-dev.f4fd498.0 - 2023-08-15
4.1.1-dev.ec6e117.0 - 2023-08-17
4.1.1-dev.d41a49e.0 - 2023-08-17
4.1.1-dev.c41d356.0 - 2023-08-15
4.1.1-dev.a4cae6f.0 - 2023-08-15
4.1.1-dev.86f0cdb.0 - 2023-08-18
4.1.1-dev.7a38fee.0 - 2023-08-17
4.1.1-dev.622174c.0 - 2023-08-15
4.1.1-dev.1cdc86c.0 - 2023-08-18
4.1.0 - 2023-08-15
4.1.0-rc.0 - 2023-08-09
4.0.4-dev.f5b4d7d.0 - 2023-07-20
4.0.4-dev.ed2770c.0 - 2023-07-24
4.0.4-dev.ebd0c57.0 - 2023-07-11
4.0.4-dev.e143157.0 - 2023-07-14
4.0.4-dev.b93934a.0 - 2023-07-17
4.0.4-dev.b771112.0 - 2023-08-01
4.0.4-dev.ad377d1.0 - 2023-07-14
4.0.4-dev.933ef51.0 - 2023-07-20
4.0.4-dev.7d0a91d.0 - 2023-07-19
4.0.4-dev.6da17e1.0 - 2023-07-24
4.0.4-dev.51d087e.0 - 2023-08-03
4.0.4-dev.51bc03d.0 - 2023-07-12
4.0.4-dev.0ee9bb4.0 - 2023-07-25
4.0.4-dev.0e5c53c.0 - 2023-08-02
4.0.4-dev.8958413.0 - 2023-07-14
4.0.4-dev.4310419.0 - 2023-08-01
4.0.4-dev.1361787.0 - 2023-07-18
4.0.3 - 2023-07-11
4.0.3-dev.d12dc7e.0 - 2023-06-27
4.0.3-dev.a26a888.0 - 2023-06-27
4.0.3-dev.602dada.0 - 2023-07-03
4.0.2 - 2023-06-27
4.0.2-dev.f8a2533.0 - 2023-06-10
4.0.2-dev.e8d579c.0 - 2023-06-24
4.0.2-dev.af57eae.0 - 2023-06-09
4.0.2-dev.ab0f4cb.0 - 2023-06-20
4.0.2-dev.a2a232f.0 - 2023-06-21
4.0.2-dev.60b8ba9.0 - 2023-06-27
4.0.2-dev.51a59f9.0 - 2023-06-21
4.0.2-dev.3f49e18.0 - 2023-06-24
4.0.2-dev.2130d22.0 - 2023-06-15
4.0.2-dev.023f02d.0 - 2023-06-20
4.0.1 - 2023-06-07
4.0.1-rc.2 - 2023-06-05
4.0.1-rc.1 - 2023-04-20
4.0.1-rc.0 - 2023-03-10
4.0.1-alpha.5 - 2023-01-14
4.0.1-alpha.4 - 2023-01-12
4.0.1-alpha.3 - 2023-01-05
4.0.1-alpha.2 - 2022-12-09
4.0.1-alpha.1 - 2022-11-03
4.0.1-alpha.0 - 2022-08-25
4.0.0-alpha.0 - 2022-08-24
3.0.0-rc.5 - 2021-07-02
3.0.0-rc.4 - 2021-04-27
3.0.0-rc.1 - 2021-04-23
3.0.0-rc.0 - 2021-04-09
2.0.0-alpha.1 - 2019-08-06
2.0.0-alpha - 2019-07-13
1.10.4 - 2024-02-05
Security
- Updated dependencies (#6731)
Maintenance Countdown:

Commencing from January 1, 2024, a 90-day countdown has been initiated, signaling the transition of Web3.js version 1.x into an end-of-maintenance phase.

Timeline of Changes:

90-Day Countdown (1/1/24 - 3/31/24): During this period, we strongly encourage users to plan accordingly and initiate the upgrade to Web3.js version 4.x

No New Bug Fixes (4/1/24 onwards):

Starting April 1, 2024, new bug fixes for Web3.js version 1.x will no longer be provided. To benefit from continued support and access to new features, we recommend upgrading to Web3.js version 4.x

End of Security Fixes (7/1/24):

Security fixes for Web3.js version 1.x will be discontinued from July 1, 2024. Upgrading to Web3.js version 4.x is crucial to ensure the security of your applications.
1.10.4-dev.0 - 2024-01-31
Security
- Updated dependencies (#6731)
1.10.3 - 2023-10-18
Security
- web3-eth-accounts: Bumped @ ethereumjs dependencies (#6457)
- Updated dependencies (#6491)

from web3 GitHub release notes

Commit messages

Package name: web3

2e88e93 update
4f9cf5e update changelog
1d3bfa4 update script
22c773f update changelog and package.json for release
9f31612 add deploy script (Bump cldr_utils from 2.20.0 to 2.21.0 blockscout/blockscout#6792)
0a8f9e4 Added contributing guideliness & code of conduct (Run docker-compose on M1 chip blockscout/blockscout#6787)
0881fe1 fix abi const (Feature/bouncer blockscout/blockscout#6797)
998954f fix cache on github ci (Bump redux from 4.2.0 to 4.2.1 in /apps/block_scout_web/assets blockscout/blockscout#6790)
ed1460c Add abiitem (Fix deadlocks in block import stages blockscout/blockscout#6778)
a6b685e Update transactions.md (Transmission Sending takes over 24 hours blockscout/blockscout#6783)
e5673ca Add hardhat (I have installed Blockscout but Application Inders exits and the explorer doesn't update itself to the latest chain data blockscout/blockscout#6719)
42ec398 doc deploy fix (Fix bounds clearing blockscout/blockscout#6779)
95b37d8 Interactive code editor 6693 (JBC L1: <Wrong NFT address details sent> blockscout/blockscout#6769)
a72e99a optimize local wallet guides (Bump ex_cldr from 2.34.0 to 2.34.1 blockscout/blockscout#6773)
7d7a9ea Fix typos (Smart Contracts Deployed in Genesis Block are Not Recognized as Smart Contracts blockscout/blockscout#6708)
aac2420 v4 Tests - Testing time only Github action config (Bump chart.js from 4.1.2 to 4.2.0 in /apps/block_scout_web/assets blockscout/blockscout#6732)
028dc20 changed twitter:image (Andromeda: <Issue Title> blockscout/blockscout#6737)
b49094b fixed ethereum hashing standard typo (Code Tab is not showing after deploying contract blockscout/blockscout#6735)
727c9fc docs: fix typos (#6704)
7b97011 release 4.4.0 (Compile time value and Runtime value of env conflict (blockscout-v4.1.8) blockscout/blockscout#6709)
5161642 Check failing tests (estimate gas problem) (Bump sweetalert2 from 11.6.16 to 11.7.0 in /apps/block_scout_web/assets blockscout/blockscout#6702)
882631c added metadata, image and edited tagline (Rename CHANGELOG.md to .changelog.md blockscout/blockscout#6724)
a3fe342 Reduce some CI/CD tests (Add vertical padding to error pages blockscout/blockscout#6698)
1eb07d1 Update jest and ts-jest version (Chainers: <Issue Title> blockscout/blockscout#6706)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade web3 from 1.10.3 to 4.5.0. See this package in npm: https://www.npmjs.com/package/web3 See this project in Snyk: https://app.snyk.io/org/jircs1/project/acd23ae1-098a-428d-86be-be16407b1ded?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2024-03-18T22:58:00Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/solc@0.8.23	Transitive: environment, filesystem, network, shell	`+9`	9.17 MB	matheus.pit

View full report↗︎

[Snyk] Upgrade web3 from 1.10.3 to 4.5.0 #2

Are you sure you want to change the base?

[Snyk] Upgrade web3 from 1.10.3 to 4.5.0 #2

Conversation

Jircs1 commented Mar 18, 2024

Snyk has created this PR to upgrade web3 from 1.10.3 to 4.5.0.

[4.5.0]

Added

web3-utils

web3-types

Changed

web3

New Contributors

[4.4.0]

Added

web3-eth

Changed

web3-eth-abi

web3-eth-contract

web3

Fixed

web3-eth-abi

web3-eth-accounts

web3-eth-contract

web3-utils

web3-validator

[4.3.0]

Changed

web3-core

web3-eth-contracts

Added

web3-utils

web3

Fixed

web3-rpc-methods

web3-utils

Added

web3-core

web3-types

Changed

web3

Fixed

web3-errors

web3-eth-contract

Fixed

web3-eth-abi

Changed

web3-eth-contract

web3-eth

web3-eth-ens

web3-eth-personal

web3

Security

Maintenance Countdown:

Timeline of Changes:

No New Bug Fixes (4/1/24 onwards):

End of Security Fixes (7/1/24):

Security

Security

socket-security bot commented Mar 18, 2024