[Snyk] Security upgrade @solana/web3.js from 0.87.1 to 1.91.3

[krisboit]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Improper Restriction of Operations within the Bounds of a Memory Buffer SNYK-JS-SOLANAWEB3JS-6647564	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @solana/web3.js

The new version differs by 250 commits.

• 77d9352 fix: bounds check
• 5b21c65 refactor(experimental): nit: rename define to describe (#2384)
• ce1be3f refactor(experimental): rename getScalarEnumCodec to getEnumCodec (#2383)
• 7e86583 refactor(experimental): rename getDataEnumCodec to getDiscriminatedUnionCodec (#2382)
• 49a764c refactor(experimental): support number and symbol discriminator values for getDataEnumCodec (#2381)
• bf029dd refactor(experimental): support custom discriminator property for getDataEnumCodec (#2380)
• 3c33220 Move comments about signature busting to the callsites that bust the signatures (#2386)
• 4fbec68 Upgrade to Jest 30 (#1914)
• 50fe84e Revert "Show no Turbo logs except when there is an error (#2366)" (#2385)
• b566e7a Enable `require-await` linter (#2353)
• 8af5427 Show no Turbo logs except when there is an error (#2366)
• 478443f Validate that the public key generated from createKeyPairFromBytes() belongs to the private key (#2329)
• 9370133 Negative error codes now get decoded correctly by the production error decoder (#2376)
• 6135928 Split the dependency between `compile:typedefs` and the legacy library (#2370)
• 38000cb Find all misnamed Rollup configs and fix them (#2371)
• 6eded26 Bust the prettier cache any time any file changes (#2369)
• c03a8d5 Strip `outputs` from the Turborepo config, because omitting it is the same as passing an empty array (#2368)
• 99a9cbe Break the `style:fix` cache any time any file changes (#2367)
• 4402f35 Since tests depend on _implementations_, make sure to build upstreams before running tests (#2373)
• 94f2053 Move dependencies out of `devDependencies` where they are used in the implementation (#2375)
• 65f262c Run `style:fix` with the new, actually working config (#2365)
• d2c0daf Make the Prettier task behave more like your editor (#2364)
• 5908de2 Patch `jest-runner-prettier` to work with Prettier 3 (#2363)
• 0a19b75 Upgrade to Turbo 1.13

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.