Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , web3, chai, , , , ethers, , hardhat, hardhat-gas-reporter #57

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , web3, chai, , , , ethers, , hardhat, hardhat-gas-reporter #57

wants to merge 1 commit into from

Conversation

BitcoinOutput
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nomiclabs/hardhat-ethers
from 2.0.5 to 2.2.3 | 7 versions ahead of your current version | a year ago
on 2023-04-10
web3
from 1.7.1 to 1.10.4 | 28 versions ahead of your current version | 7 months ago
on 2024-02-05
chai
from 4.3.6 to 4.5.0 | 7 versions ahead of your current version | 2 months ago
on 2024-07-25
@nomiclabs/hardhat-truffle5
from 2.0.5 to 2.0.7 | 3 versions ahead of your current version | 2 years ago
on 2022-09-02
@nomiclabs/hardhat-waffle
from 2.0.3 to 2.0.6 | 3 versions ahead of your current version | a year ago
on 2023-05-16
@openzeppelin/contracts
from 4.5.0 to 4.9.6 | 23 versions ahead of your current version | 6 months ago
on 2024-02-29
ethers
from 5.6.2 to 5.7.2 | 10 versions ahead of your current version | 2 years ago
on 2022-10-19
@openzeppelin/test-helpers
from 0.5.15 to 0.5.16 | 1 version ahead of your current version | 2 years ago
on 2022-09-06
hardhat
from 2.9.3 to 2.22.9 | 77 versions ahead of your current version | 23 days ago
on 2024-08-21
hardhat-gas-reporter
from 1.0.8 to 1.0.10 | 3 versions ahead of your current version | 7 months ago
on 2024-01-31

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 372 Proof of Concept
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958047		 372 No Known Exploit
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958050		 372 No Known Exploit
high severity Incorrect Calculation
SNYK-JS-OPENZEPPELINCONTRACTS-2964946		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 372 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-OPENZEPPELINCONTRACTS-2980279		 372 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UNDICI-3323845		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 372 No Known Exploit
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 372 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 372 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 372 No Known Exploit
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 372 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 372 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683		 372 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 372 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 372 No Known Exploit
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 372 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 372 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 372 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 372 No Known Exploit
medium severity Improper Certificate Validation
SNYK-JS-UNDICI-2928996		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-2953389		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-2980276		 372 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-UNDICI-2980286		 372 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-2965798		 372 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5425051		 372 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352		 372 No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-OPENZEPPELINCONTRACTS-6346765		 372 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-3323844		 372 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 372 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 372 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 372 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 372 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 372 Proof of Concept
low severity Information Exposure
SNYK-JS-UNDICI-2957529		 372 Proof of Concept
low severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-5425827		 372 No Known Exploit
low severity Missing Authorization
SNYK-JS-OPENZEPPELINCONTRACTS-5672116		 372 No Known Exploit
low severity Information Exposure
SNYK-JS-UNDICI-5962466		 372 No Known Exploit
low severity Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336		 372 No Known Exploit
low severity Improper Access Control
SNYK-JS-UNDICI-6564963		 372 No Known Exploit
low severity Improper Authorization
SNYK-JS-UNDICI-6564964		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 372 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 372 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 372 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 372 No Known Exploit
Release notes
Package name: @nomiclabs/hardhat-ethers
  • 2.2.3 - 2023-04-10
  • 2.2.2 - 2023-01-11
  • 2.2.1 - 2022-10-27
  • 2.2.0 - 2022-10-10
  • 2.1.1 - 2022-08-16
  • 2.1.0 - 2022-07-07
  • 2.0.6 - 2022-05-11
  • 2.0.5 - 2022-02-10
from @nomiclabs/hardhat-ethers GitHub release notes
Package name: web3
  • 1.10.4 - 2024-02-05
  • 1.10.4-dev.0 - 2024-01-31
  • 1.10.3 - 2023-10-18
  • 1.10.3-dev.0 - 2023-10-16
  • 1.10.2 - 2023-08-28
  • 1.10.1 - 2023-08-14
  • 1.10.1-rc.0 - 2023-08-08
  • 1.10.0 - 2023-05-10
  • 1.10.0-rc.0 - 2023-05-02
  • 1.9.0 - 2023-03-20
  • 1.9.0-rc.0 - 2023-03-07
  • 1.8.2 - 2023-01-30
  • 1.8.2-rc.0 - 2023-01-11
  • 1.8.1 - 2022-11-10
  • 1.8.1-rc.0 - 2022-10-28
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
  • 1.7.5-rc.1 - 2022-07-19
  • 1.7.5-rc.0 - 2022-07-15
  • 1.7.4 - 2022-06-21
  • 1.7.4-rc.2 - 2022-06-16
  • 1.7.4-rc.1 - 2022-06-08
  • 1.7.4-rc.0 - 2022-05-17
  • 1.7.3 - 2022-04-08
  • 1.7.3-rc.0 - 2022-04-07
  • 1.7.2 - 2022-04-07
  • 1.7.2-rc.0 - 2022-03-24
  • 1.7.1 - 2022-03-03
from web3 GitHub release notes
Package name: chai from chai GitHub release notes
Package name: @nomiclabs/hardhat-truffle5
  • 2.0.7 - 2022-09-02
  • 2.0.7-rc.0 - 2022-08-31
  • 2.0.6 - 2022-05-11
  • 2.0.5 - 2022-03-01
from @nomiclabs/hardhat-truffle5 GitHub release notes
Package name: @nomiclabs/hardhat-waffle
  • 2.0.6 - 2023-05-16
  • 2.0.5 - 2023-02-10

    This is the first version of the plugin published in collaboration with the TrueFi team, the maintainers of Waffle 🚀

    We moved this plugin to its own repository, cleaned it up in the process, and implemented some small improvements.

    Changes

    • c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config
  • 2.0.4 - 2023-02-09
  • 2.0.3 - 2022-03-01
from @nomiclabs/hardhat-waffle GitHub release notes
Package name: @openzeppelin/contracts
  • 4.9.6 - 2024-02-29
    • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)
  • 4.9.5 - 2023-12-08
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).
  • 4.9.4 - 2023-12-07
    • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
  • 4.9.3 - 2023-07-28

    Note
    This release contains a fix for GHSA-g4vp-m682-qqmp.

    • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
    • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
  • 4.9.2 - 2023-06-16
  • 4.9.1 - 2023-06-07
  • 4.9.0 - 2023-05-23
  • 4.9.0-rc.1 - 2023-05-17
  • 4.9.0-rc.0 - 2023-05-09
  • 4.8.3 - 2023-04-13
  • 4.8.2 - 2023-03-02
  • 4.8.1 - 2023-01-13
  • 4.8.0 - 2022-11-08
  • 4.8.0-rc.2 - 2022-10-17
  • 4.8.0-rc.1 - 2022-09-23
  • 4.8.0-rc.0 - 2022-09-07
  • 4.7.3 - 2022-08-10
  • 4.7.2 - 2022-07-27
  • 4.7.1 - 2022-07-20
  • 4.7.0 - 2022-06-29
  • 4.7.0-rc.0 - 2022-06-07
  • 4.6.0 - 2022-04-26
  • 4.6.0-rc.0 - 2022-03-31
  • 4.5.0 - 2022-02-09
from @openzeppelin/contracts GitHub release notes
Package name: ethers
  • 5.7.2 - 2022-10-19
  • 5.7.1 - 2022-09-14
  • 5.7.0 - 2022-08-19
  • 5.6.9 - 2022-06-18
  • 5.6.8 - 2022-05-24
  • 5.6.7 - 2022-05-21
  • 5.6.6 - 2022-05-14
  • 5.6.5 - 2022-05-03
  • 5.6.4 - 2022-04-14
  • 5.6.3 - 2022-04-13
  • 5.6.2 - 2022-03-26
from ethers GitHub release notes
Package name: @openzeppelin/test-helpers
  • 0.5.16 - 2022-09-06
    • Fix warning under Hardhat 2.11.
  • 0.5.15 - 2021-10-05
    • Fix snapshot.restore when used multiple times.
from @openzeppelin/test-helpers GitHub release notes
Package name: hardhat
  • 2.22.9 - 2024-08-21

    This is a small bug fix release remove a warning message against the local Hardhat node when deploying with Hardhat Ignition.

    Changes

    • 6771f00: Do not send http_setLedgerOutputEnabled messages beyond the HTTP Provider to prevent unwanted warnings in the logs of the local hardhat node

    💡 The Nomic Foundation is hiring! Check our open positions.

  • 2.22.8 - 2024-08-07

    This is a small bug fix release to resolve a bug with large responses from debug_traceTransaction.

    Changes

    • f5d5d15: Fixed an issue with debug_traceTransaction when large responses were generated
    • 31d9d77: Upgraded EDR to v0.5.2

    💡 The Nomic Foundation is hiring! Check our open positions.

  • 2.22.7 - 2024-07-30
  • 2.22.6 - 2024-07-01
  • 2.22.5 - 2024-06-03
  • 2.22.4 - 2024-05-14
  • 2.22.3 - 2024-04-17
  • 2.22.2 - 2024-03-21
  • 2.22.1 - 2024-03-14
  • 2.22.0 - 2024-03-13
  • 2.21.0 - 2024-03-04
  • 2.21.0-dev.1 - 2024-03-02
  • 2.21.0-dev.0 - 2024-02-21
  • 2.20.1 - 2024-02-15
  • 2.20.0 - 2024-02-14
  • 2.19.5 - 2024-01-30
  • 2.19.4 - 2023-12-26
  • 2.19.3 - 2023-12-19
  • 2.19.2 - 2023-12-05
  • 2.19.1 - 2023-11-15
  • 2.19.0 - 2023-11-02
  • 2.18.3 - 2023-10-24
  • 2.18.2 - 2023-10-19
  • 2.18.1 - 2023-10-11
  • 2.18.0 - 2023-10-05
  • 2.17.4 - 2023-09-27
  • 2.17.3 - 2023-09-11
  • 2.17.2 - 2023-08-28
  • 2.17.1 - 2023-08-01
  • 2.17.0 - 2023-07-14
  • 2.16.1 - 2023-06-27
  • 2.16.1-dev.0 - 2023-06-27
  • 2.16.0 - 2023-06-22
  • 2.16.0-dev.0 - 2023-06-21
  • 2.15.0 - 2023-06-08
  • 2.14.1 - 2023-05-31
  • 2.14.0 - 2023-04-15
  • 2.13.1 - 2023-04-10
  • 2.13.0 - 2023-03-02
  • 2.13.0-dev.4 - 2023-03-02
  • 2.13.0-dev.3 - 2023-02-27
  • 2.13.0-dev.2 - 2022-12-30
  • 2.13.0-dev.1 - 2022-11-24
  • 2.13.0-dev.0 - 2022-10-21
  • 2.12.8-viair.0 - 2023-02-14
  • 2.12.7 - 2023-02-09
  • 2.12.6 - 2023-01-11
  • 2.12.5 - 2022-12-29
  • 2.12.4 - 2022-12-08
  • 2.12.3 - 2022-11-30
  • 2.12.2 - 2022-11-01
  • 2.12.1 - 2022-10-27
  • 2.12.1-unknown-txs.0 - 2022-10-24
  • 2.12.1-ir.0 - 2022-10-12
  • 2.12.0 - 2022-10-10
  • 2.12.0-esm.1 - 2022-09-27
  • 2.12.0-esm.0 - 2022-09-23
  • 2.11.3-dev.0 - 2022-09-16
  • 2.11.2 - 2022-09-14
  • 2.11.1 - 2022-09-06
  • 2.11.0 - 2022-09-02
  • 2.11.0-rc.1 - 2022-09-02
  • 2.11.0-rc.0 - 2022-08-31
  • 2.11.0-dev.0 - 2022-08-23
  • 2.10.2 - 2022-08-16
  • 2.10.2-dev.0 - 2022-07-20
  • 2.10.1 - 2022-07-13
  • 2.10.0 - 2022-07-07
  • 2.9.9 - 2022-06-08
  • 2.9.8 - 2022-06-08
  • 2.9.8-dev.0 - 2022-06-03
  • 2.9.7 - 2022-05-30
  • 2.9.6 - 2022-05-19
  • 2.9.6-dev.1 - 2022-05-18
  • 2.9.6-dev.0 - 2022-05-18
  • 2.9.5 - 2022-05-12
  • 2.9.4 - 2022-05-11
  • 2.9.3 - 2022-04-05
from hardhat GitHub release notes
Package name: hardhat-gas-reporter
  • 1.0.10 - 2024-01-31
  • 1.0.9 - 2022-09-05

    What's Changed

    Full Changelog: v1.0.8...v1.0.9

  • 1.0.9-viem.0 - 2024-01-31

    This pre-release contains a work-around patch to make the gas reporter work with Hardhat's viem tooling. It can be installed with:

    npm install --save-dev hardhat-gas-reporter@viem

    ⚠️ Important: for the plugin to work correctly, it must be listed before the hardhat-viem plugin in hardhat.config.ts e.g

    import "hardhat-gas-reporter" // <--- first
import "@ nomicfoundation/hardhat-toolbox-viem"

    There is ongoing work to make this part of the normally published package in #167 but it will not be released until v2.0 (probably end of February at the earliest).

  • 1.0.8 - 2022-02-15
from hardhat-gas-reporter GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"nomiclabs/hardhat-ethers","to":"nomiclabs/hardhat-ethers"},{"name":"web3","from":"1.7.1","to":"1.10.4"},{"name":"chai","from":"4.3.6","to":"4.5.0"},{"name":"","from":"nomiclabs/hardhat-truffle5","to":"nomiclabs/hardhat-truffle5"},{"name":"","from":"nomiclabs/hardhat-waffle","to":"nomiclabs/hardhat-waffle"},{"name":"","from":"openzeppelin/contracts","to":"openzeppelin/contracts"},{"name":"ethers","from":"5.6.2","to":"5.7.2"},{"name":"","from":"openzeppelin/test-helpers","to":"openzeppelin/test-helpers"},{"name":"hardhat","from":"2.9.3","to":"2.22.9"},{"name":"hardhat-gas-reporter","from":"1.0.8","to":"1.0.10"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958047","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958047","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958050","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958050","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2964946","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2964946","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Incorrect Calculation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2980279","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2980279","priority_score":385,"priority_score_factors":[{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-3323845","issue_id":"SNYK-JS-UNDICI-3323845","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MOCHA-2863123","issue_id":"SNYK-JS-MOCHA-2863123","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GETFUNCNAME-5923417","issue_id":"SNYK-JS-GETFUNCNAME-5923417","priority_score":537,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MOCHA-2863123","issue_id":"SNYK-JS-MOCHA-2863123","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NORMALIZEURL-1296539","issue_id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGET-2361683","issue_id":"SNYK-JS-SIMPLEGET-2361683","priority_score":547,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":410,"priority_score_factors":[{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":410,"priority_score_factors":[{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":481,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":481,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ELLIPTIC-1064899","issue_id":"SNYK-JS-ELLIPTIC-1064899","priority_score":340,"priority_score_factors":[{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2928996","issue_id":"SNYK-JS-UNDICI-2928996","priority_score":377,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Certificate Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2953389","issue_id":"SNYK-JS-UNDICI-2953389","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-2980276","issue_id":"SNYK-JS-UNDICI-2980276","priority_score":270,"priority_score_factors":[{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-2980286","issue_id":"SNYK-JS-UNDICI-2980286","priority_score":320,"priority_score_factors":[{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2965798","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2965798","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425051","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425051","priority_score":340,"priority_score_factors":[{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5838352","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5838352","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Encoding or Escaping of Output"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-6346765","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-6346765","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Out-of-bounds Read"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":305,"priority_score_factors":[{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHPARSE-1077067","issue_id":"SNYK-JS-PATHPARSE-1077067","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-3323844","issue_id":"SNYK-JS-UNDICI-3323844","priority_score":337,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"4.6","score":230},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":412,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MINIMATCH-3050818","issue_id":"SNYK-JS-MINIMATCH-3050818","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":326,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":305,"priority_score_factors":[{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":326,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-HIGHLIGHTJS-1048676","issue_id":"SNYK-JS-HIGHLIGHTJS-1048676","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2957529","issue_id":"SNYK-JS-UNDICI-2957529","priority_score":292,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425827","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425827","priority_score":185,"priority_score_factors":[{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5672116","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5672116","priority_score":185,"priority_score_factors":[{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Missing Authorization"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-5962466","issue_id":"SNYK-JS-UNDICI-5962466","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6252336","issue_id":"SNYK-JS-UNDICI-6252336","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Permissive Cross-domain Policy with Untrusted Domains"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564963","issue_id":"SNYK-JS-UNDICI-6564963","priority_score":130,"priority_score_factors":[{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Access Control"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564964","issue_id":"SNYK-JS-UNDICI-6564964","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Authorization"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MINIMIST-2429795","issue_id":"SNYK-JS-MINIMIST-2429795","priority_score":292,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536758","issue_id":"SNYK-JS-TAR-1536758","priority_score":196,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"997f211d-6883-40b4-934d-df7183128ccd","prPublicId":"997f211d-6883-40b4-934d-df7183128ccd","packageManager":"npm","priorityScoreList":[482,375,375,375,425,385,482,482,375,472,537,375,375,482,547,410,410,425,425,430,481,372,340,377,372,270,320,265,340,265,265,305,372,337,412,265,326,432,265,372,292,185,185,195,195,130,195,176,292,176,196],"projectPublicId":"55e049aa-e546-4941-a805-ef9113babeed","projectUrl":"https://app.snyk.io/org/debuggineffect/project/55e049aa-e546-4941-a805-ef9113babeed?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"defau...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
20bd5f7 
Snyk has created this PR to upgrade:
  - @nomiclabs/hardhat-ethers from 2.0.5 to 2.2.3.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-ethers
  - web3 from 1.7.1 to 1.10.4.
    See this package in npm: https://www.npmjs.com/package/web3
  - chai from 4.3.6 to 4.5.0.
    See this package in npm: https://www.npmjs.com/package/chai
  - @nomiclabs/hardhat-truffle5 from 2.0.5 to 2.0.7.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-truffle5
  - @nomiclabs/hardhat-waffle from 2.0.3 to 2.0.6.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-waffle
  - @openzeppelin/contracts from 4.5.0 to 4.9.6.
    See this package in npm: https://www.npmjs.com/package/@openzeppelin/contracts
  - ethers from 5.6.2 to 5.7.2.
    See this package in npm: https://www.npmjs.com/package/ethers
  - @openzeppelin/test-helpers from 0.5.15 to 0.5.16.
    See this package in npm: https://www.npmjs.com/package/@openzeppelin/test-helpers
  - hardhat from 2.9.3 to 2.22.9.
    See this package in npm: https://www.npmjs.com/package/hardhat
  - hardhat-gas-reporter from 1.0.8 to 1.0.10.
    See this package in npm: https://www.npmjs.com/package/hardhat-gas-reporter

See this project in Snyk:
https://app.snyk.io/org/debuggineffect/project/55e049aa-e546-4941-a805-ef9113babeed?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BitcoinOutput @snyk-bot