Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade @openzeppelin/contracts from 4.1.0 to 4.9.6 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade @openzeppelin/contracts from 4.1.0 to 4.9.6 #7

wants to merge 1 commit into from

Conversation

AKJUS
Copy link
Owner

@AKJUS AKJUS commented Sep 12, 2024

snyk-top-banner

Snyk has created this PR to upgrade @openzeppelin/contracts from 4.1.0 to 4.9.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 37 versions ahead of your current version.

  • The recommended version was released on 6 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JS-OPENZEPPELINCONTRACTS-6056529		 579 No Known Exploit
critical severity Privilege Escalation
SNYK-JS-OPENZEPPELINCONTRACTS-1570170		 579 No Known Exploit
high severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-1585627		 579 No Known Exploit
critical severity Improper Initialization
SNYK-JS-OPENZEPPELINCONTRACTS-1920946		 579 No Known Exploit
high severity Deserialization of Untrusted Data
SNYK-JS-OPENZEPPELINCONTRACTS-2320176		 579 No Known Exploit
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958047		 579 No Known Exploit
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958050		 579 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-OPENZEPPELINCONTRACTS-2980279		 579 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-2965798		 579 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352		 579 No Known Exploit
low severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-5425827		 579 No Known Exploit
Release notes
Package name: @openzeppelin/contracts
  • 4.9.6 - 2024-02-29
    • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)
  • 4.9.5 - 2023-12-08
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).
  • 4.9.4 - 2023-12-07
    • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
  • 4.9.3 - 2023-07-28

    Note
    This release contains a fix for GHSA-g4vp-m682-qqmp.

    • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
    • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
  • 4.9.2 - 2023-06-16
  • 4.9.1 - 2023-06-07
  • 4.9.0 - 2023-05-23
  • 4.9.0-rc.1 - 2023-05-17
  • 4.9.0-rc.0 - 2023-05-09
  • 4.8.3 - 2023-04-13
  • 4.8.2 - 2023-03-02
  • 4.8.1 - 2023-01-13
  • 4.8.0 - 2022-11-08
  • 4.8.0-rc.2 - 2022-10-17
  • 4.8.0-rc.1 - 2022-09-23
  • 4.8.0-rc.0 - 2022-09-07
  • 4.7.3 - 2022-08-10
  • 4.7.2 - 2022-07-27
  • 4.7.1 - 2022-07-20
  • 4.7.0 - 2022-06-29
  • 4.7.0-rc.0 - 2022-06-07
  • 4.6.0 - 2022-04-26
  • 4.6.0-rc.0 - 2022-03-31
  • 4.5.0 - 2022-02-09
  • 4.5.0-rc.0 - 2022-01-13
  • 4.4.2 - 2022-01-11
  • 4.4.1 - 2021-12-14
  • 4.4.0 - 2021-11-25
  • 4.4.0-rc.1 - 2021-11-16
  • 4.4.0-rc.0 - 2021-10-20
  • 4.3.3 - 2021-11-12
  • 4.3.2 - 2021-09-14
  • 4.3.1 - 2021-08-26
  • 4.3.0 - 2021-08-17
  • 4.3.0-rc.0 - 2021-08-06
  • 4.2.0 - 2021-06-30
  • 4.2.0-rc.0 - 2021-06-23
  • 4.1.0 - 2021-04-29
from @openzeppelin/contracts GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @openzeppelin/contracts from 4.1.0 to 4.9.6
dcf6dc5 
Snyk has created this PR to upgrade @openzeppelin/contracts from 4.1.0 to 4.9.6.

See this package in npm:
@openzeppelin/contracts

See this project in Snyk:
https://app.snyk.io/org/akjus/project/281cc718-5a15-4efa-86ab-13b32b7f847f?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AKJUS @snyk-bot