[Snyk] Upgrade web3 from 1.3.1 to 1.10.1

[BitcoinOutput]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.3.1 to 1.10.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 56 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-08-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-NUNJUCKS-5431309	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.10.1 - 2023-08-14
  

  Fixed

  • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
  • ABI encoding for large negative ints (#6239)
  • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

  Changed

  • Replace ethereumjs-util with @ ethereumjs/util (#6283)
• 1.10.1-rc.0 - 2023-08-08
  

  Fixed

  • Builds fixed by updating all typescript versions to 4.9.5 (#6238)
  • ABI encoding for large negative ints (#6239)
  • Updated type file for submitWork parameters, accepts 3 parameters instead of an array (#5200)

  Changed

  • Replace ethereumjs-util with @ ethereumjs/util (#6283)
• 1.10.0 - 2023-05-10
  

  Fixed

  • Improved the error propagation in web3-providers-http package to effectively propagate useful error infomation about failed HTTP connections (#5955)
  • Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask (#4454) and related "n.data.substring is not a function", that is raised when there is a revert and web.eth.handleRevert = true (#6000)

  Changed

  • transaction.type is now formatted to a hex string before being send to provider (#5979)
  • When sending a transaction, if transaction.type === '0x1' && transaction.accessList === undefined, then transaction.accessList is set to [] (#5979)
  • Removed an unnecessary chainId parameter from toChecksumAddress() function types (#5888)

  Added

  • Added support for getPastEvents method to filter allEvents and specific event (#6015)

  Security

  • Updated dependencies (#6044)
• 1.10.0-rc.0 - 2023-05-02
  

  Fixed

  • Improved the error propagation in web3-providers-http package to effectively propagate useful error infomation about failed HTTP connections (#5955)
  • Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask (#4454) and related "n.data.substring is not a function", that is raised when there is a revert and web.eth.handleRevert = true (#6000)

  Changed

  • transaction.type is now formatted to a hex string before being send to provider (#5979)
  • When sending a transaction, if transaction.type === '0x1' && transaction.accessList === undefined, then transaction.accessList is set to [] (#5979)
  • Removed an unnecessary chainId parameter from toChecksumAddress() function types (#5888)

  Added

  • Added support for getPastEvents method to filter allEvents and specific event (#6015)

  Security

  • Updated dependencies (#6044)
• 1.9.0 - 2023-03-20
• 1.9.0-rc.0 - 2023-03-07
• 1.8.2 - 2023-01-30
• 1.8.2-rc.0 - 2023-01-11
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17
• 1.7.0-rc.0 - 2021-12-09
• 1.6.1 - 2021-11-15
• 1.6.1-rc.3 - 2021-11-10
• 1.6.1-rc.2 - 2021-10-27
• 1.6.1-rc.0 - 2021-10-09
• 1.6.0 - 2021-09-30
• 1.6.0-rc.0 - 2021-09-26
• 1.5.3 - 2021-09-22
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15
• 1.5.2-rc.0 - 2021-08-15
• 1.5.1 - 2021-08-05
• 1.5.1-rc.1 - 2021-08-05
• 1.5.1-rc.0 - 2021-07-31
• 1.5.0 - 2021-07-28
• 1.5.0-rc.1 - 2021-07-24
• 1.5.0-rc.0 - 2021-07-21
• 1.4.0 - 2021-06-30
• 1.4.0-rc.0 - 2021-06-25
• 1.3.6 - 2021-05-14
• 1.3.6-rc.2 - 2021-05-13
• 1.3.6-rc.1 - 2021-05-09
• 1.3.5 - 2021-04-05
• 1.3.5-rc.0 - 2021-03-24
• 1.3.4 - 2021-02-03
• 1.3.4-rc.2 - 2021-01-28
• 1.3.4-rc.1 - 2021-01-26
• 1.3.3 - 2021-01-22
• 1.3.2 - 2021-01-21
• 1.3.2-rc.2 - 2021-01-21
• 1.3.1 - 2020-12-17

from web3 GitHub release notes

Commit messages

Package name: web3

• 2e62b53 build for 1.10.1
• 4dce137 v1.10.1
• 82cb898 updated file in dist
• b8b9d74 changelog update
• 0e4ebbe lerna build
• e31bb41 v1.10.1-rc.0
• d419ede npm i
• 1b65ccf codeowners update (#6324)
• d4217a2 1x doc updates (#6325)
• 5f02175 Replace ethereumjs-util with @ ethereumjs/util (#6283)
• e68194b 1.x - update submit work and contract.myMethod.send docs (#6229)
• 47b9769 Fix for ABI encoding large negative ints (#6239)
• 512aba7 Bump `typescript` to `4.9.5` and `ts-node` to `10.9.1` (#6238)
• 6bde558 Release/1.10.0 (#6058)
• 13a2edc Remove the unnecessary chainId parameter (#5888) (#6057)
• 7b3ce91 1x update (#6044)
• 195cd3c Filter option doesn't work in getPastEvents (#6015)
• 48958ee Nicos99/revert call (#6009)
• 6ce085b Fix error: "n.data.substring is not a function" (#6000)
• 4e5afa1 Format `transaction.type` to hex. Add empty `accessList` is `tx.type === '0x1'` (#5979)
• 9238e10 Bump webpack from 5.75.0 to 5.76.0 (#5925)
• 2097f8d Improve logging of connection errors (#5955)
• b4d1272 Create CODEOWNERS (#5952)
• 11bb4d4 github conf for stale issues and PRs (#5893)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs