[Snyk] Security upgrade @truffle/decoder from 3.0.16 to 5.0.11

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • static/node/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/decoder

The new version differs by 250 commits.

• fb27278 Publish
• b31b941 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4363 from trufflesuite/archaeology
• c1cb87d Add test of compiling on Solidity <0.4.20
• 9e51fe6 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4346 from trufflesuite/extract-web3-eth
• 9500eea Update type for Eip1193Provider request method
• 5467f5b Remove unused import
• b29a361 Rename type
• 58ff2d6 Add block type and add typings
• cdbe05b Simplify check for eip1193-compliancy
• ebe5c41 Add type for 1193-compliant provider
• bd5ff12 Simplify variable name
• ff9d48a Add Log type and adjust a typing
• ccddc9d Rename Web3Adapter to ProviderAdapter
• d2b9dfc Refine some methods and tweak return values to keep parity with web3's returns
• 0fef3d8 Remove web3-eth and implement our own rpc calls
• 0a6e24e Write our own implementation for eth_getCode in decoder
• a422fe4 Adjust implementation for web3-eth to copy the style in the docs
• 537ad5a Remove type, refine a type, and get ts to compile
• ecf743a Add getStorageAt method and use it in decoders
• b34657e Update decoders to use web3Adapter instead of web3 directly
• 6a0aac8 Add one more method and loosen a type or two to continue hacking
• 7afff55 Add a few more methods to Web3Adapter class
• efac32b Refine types a bit and update call to getPastLogs
• c66e6dd WIP for implementing the Web3Adapter for the decoder

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

[secure-code-warrior-for-github]

Micro-Learning Topic: Open redirect (Detected by phrase)

Matched on "Open Redirect"

What is this? (2min video)

This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).

Try this challenge in Secure Code Warrior

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.