[Snyk] Upgrade web3 from 1.0.0-beta.35 to 1.2.4 #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade web3 from 1.0.0-beta.35 to 1.2.4. See this package in NPM: https://www.npmjs.com/package/web3 See this project in Snyk: https://app.snyk.io/org/mokhtar/project/2219ec70-efa2-4f22-97f1-42a10cfdf70b?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade web3 from 1.0.0-beta.35 to 1.2.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.The recommended version fixes:
SNYK-JS-FSTREAM-174725
Release notes
Package name: web3
-
1.2.4 - 2019-11-15
- Fix npm installation error for scrypt-shim and websocket (#3210)
-
1.2.3 - 2019-11-14
- Fix perfect gas usage causes tx to error (#3175)
- Fix regenerator runtime error in web3.min.js (#3155)
- Fix TS types for eth.subscribe syncing, newBlockHeaders, pendingTransactions (#3159)
- Improve web3-eth-abi decodeParameters error message (#3134)
-
1.2.2 - 2019-10-23
- chain
- hardfork
- common
- defaultChain
- defaultHardfork
- defaultCommon
- transactionPollingTimeout
- transactionConfirmationBlocks
- transactionBlockTimeout
- isBloom
- isUserEthereumAddressInBloom
- isContractAddressInBloom
- isTopic
- isTopicInBloom
- isInBloom
- localStorage support detection added (#3031)
- getNetworkType method extended with Görli testnet (#3095)
- supportsSubscriptions method added to providers (#3116)
- Add
- Minified file added to web3 package (#3131)
- The transaction confirmation workflow can now be configured (#3130)
- Additional parameters for accounts.signTransaction added (docs) (#3141)
- Emit
- TypeScript type definitions added for all modules (#3132)
- Bloom filters added to web3.utils (#3137)
- Fix allow
- Fix randomHex returning inconsistent string lengths (#1490)
- Fix make isBN minification safe (#1777)
- Fix incorrect references to BigNumber in utils.fromWei and utils.toWei error messages (#2468)
- Fix error incorrectly thrown when receipt.status is
- Fix incorrectly populating chainId param with
- regeneratorRuntime error fixed (#3058)
- Fix accessing event.name where event is undefined (#3014)
- fixed Web3Utils toHex() for Buffer input (#3021)
- Fix bubbling up tx signing errors (#2063, #3105)
- HttpProvider: CORS issue with Firefox and Safari (#2978)
- Ensure the immutability of the
- Gas check fixed (#2381)
- Signing issues #1998, #2033, and #1074 fixed (#3125)
- Fix hexToNumber and hexToNumberString prefix validation (#3086)
- The receipt will now returned on a EVM error (this got removed on beta.18) (#3129)
- Fixes transaction confirmations with the HttpProvider (#3140)
-
1.2.1 - 2019-08-06
- Node >= v8.0.0 support (#2938)
-
1.2.0 - 2019-07-23
-
1.0.0-beta2 - 2017-07-20
-
1.0.0-beta1 - 2017-07-20
-
1.0.0-beta.55 - 2019-05-09
- #2792
- #1490
- #1777
- #1905
- #2667
- #2781
- #2385
-
1.0.0-beta.54 - 2019-05-02
- #2763
-
1.0.0-beta.53 - 2019-04-30
- #2689
- #2687
- #2670
- #2661
- #2468
- #2707
- #2733
- #2731
- #2744
-
1.0.0-beta.52 - 2019-04-04
-
1.0.0-beta.51 - 2019-03-28
-
1.0.0-beta.50 - 2019-03-20
-
1.0.0-beta.49 - 2019-03-19
-
1.0.0-beta.48 - 2019-03-05
-
1.0.0-beta.47 - 2019-03-01
-
1.0.0-beta.46 - 2019-02-09
-
1.0.0-beta.44 - 2019-02-08
-
1.0.0-beta.43 - 2019-02-06
-
1.0.0-beta.42 - 2019-02-06
-
1.0.0-beta.41 - 2019-01-28
-
1.0.0-beta.40 - 2019-01-28
-
1.0.0-beta.39 - 2019-01-27
-
1.0.0-beta.38 - 2019-01-25
-
1.0.0-beta.37 - 2018-12-08
-
1.0.0-beta.36 - 2018-09-04
-
1.0.0-beta.35 - 2018-07-25
from web3 GitHub release notesThis release is a hotfix for the scrypt-shim and websocket dependency.
Fixed
We have improved with this release the TypeScript type definitions, we applied a fix for the OOG (out-of-gas) error issue, and we added a missing polyfill to the web3.min.js file.
Fixed
TypeScript
We have back-ported all the types from 2.x to 1.x and do now provide the type definitions directly from the web3 repository. (Docs)
Thanks Josh Stevens for back-porting them for us!
Signing
We have improved the signing process and updated it to the latest version of
ethereumjs-tx. This update brought up some newly required configuration properties for custom chains.These new
TransactionConfigconfig properties do also have the related default properties on theweb3-ethandweb3-eth-contractmodule:Transaction Confirmation Workflow
We updated the confirmation workflow for the
HttpProvider. A confirmation will now only get triggered if a new block is existing and not each second.Additionally is it now possible to configure the confirmation workflow with the following default properties on the
web3-ethandweb3-eth-contractmodule:New JSON-RPC Method
We added the JSON-RPC method
eth_chainIdasgetChainIdmethod on theweb3-ethmodule.The documentation for this method can be found here.
New utility Functions: Bloom-Filters
What are bloom filters?
A Bloom filter is a probabilistic, space-efficient data structure used for fast checks of set membership. That probably doesn’t mean much to you yet, and so let’s explore how bloom filters might be used.
Imagine that we have some large set of data, and we want to be able to quickly test if some element is currently in that set. The naive way of checking might be to query the set to see if our element is in there. That’s probably fine if our data set is relatively small. Unfortunately, if our data set is really big, this search might take a while. Luckily, we have tricks to speed things up in the Ethereum world!
A bloom-filter is one of these tricks. The basic idea behind the Bloom filter is to hash each new element that goes into the data set, take certain bits from this hash, and then use those bits to fill in parts of a fixed-size bit array (e.g. set certain bits to 1). This bit array is called a bloom filter.
Later, when we want to check if an element is in the set, we simply hash the element and check that the right bits are in the bloom filter. If at least one of the bits is 0, then the element definitely isn’t in our data set! If all of the bits are 1, then the element might be in the data set, but we need to actually query the database to be sure. So we might have false positives, but we’ll never have false negatives. This can greatly reduce the number of database queries we have to make.
Bloom filters benefits with a real-life example
An Ethereum real-life example in where this is useful is if you want to update a user's balance on every new block so it stays as close to real-time as possible. Without using a bloom filter on every new block you would have to force the balances even if that user may not have had any activity within that block. But if you use the logBlooms from the block you can test the bloom filter against the users Ethereum address before you do any more slow operations, this will dramatically decrease the number of calls you do as you will only be doing those extra operations if that Ethereum address is within that block (minus the false positives outcome which will be negligible). This will be highly performant for your app.
Added Functions:
Thanks Josh Stevens for adding these functions!
Subscription Events
We extended the subscription events with a
connectedevent. Theconnectedevent will emit the subscription ID as a hex value when the subscription got established. This applies toContractevents as well.Example:
Providers
We extend the provider interface with the method
supportsSubscription. This will help the DApp developers to detect if thecurrentProviderdoes support subscriptions.Changelog
Added
eth.getChainIdmethod (#3113)connectedevent on subscription creation (#3028)Fixed
0as a validfromBlockortoBlockfilter param (#1100)null(#2183)net_versionwhen signing txs (#2378)txobject passed to functionsignTransaction(#2190)This release contains several stability improvements.
Fixed
websocketdependency fixed (#2971, #2976)requestOptionsadded toWebsocketProvider(#2979)Thanks for providing these fixes @michaelsbradleyjr.
We decided jointly with the open-source community to release the older architecture (1.0.0-beta.37) as 1.x version of web3.js. Further details are explained in the following Medium blog post.
Documentation
We have added some new examples to the Module API documentation.
Feel free to open a GitHub issue with your feedback about the new Module API.
web3-bzz
The
web3-bzzmodule got removed because the usedswarm-jsdependency is no longer maintained and outdated. We recommend using erebos as alternative.Issues
Web3 Module API Documentation
The Module API gives you the possibility to create your own custom Web3 Module with JSON-RPC methods, subscriptions, or contracts.
The Web3 standard modules are a good example of the API the core does provide.
Fixed Issues
Other Improvements
I've updated the error handling of the underlying socket connections for the
IpcProviderand theWebsocketProvider.This release contains several bug fixes and some new modules and methods.
Compare view beta.52 - beta.53
We have currently an open discussion about the coming stable release of Web3.js.
Feel free to join the discussion here.
New Modules
Thanks for adding the Management API modules
Minner,TxPool,Admin, andDebug@princesinha19. The newly added modules are standalone modules which means you have to install and import them separately.Please read the documentation for further details.
New Methods
web3.eth.getPendingTransactions()web3.eth.getProof()Fixed Issues
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs