Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , web3, chai, , , , ethers, , hardhat, hardhat-gas-reporter #57

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , web3, chai, , , , ethers, , hardhat, hardhat-gas-reporter #57

wants to merge 1 commit into from

Conversation

BitcoinOutput
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nomiclabs/hardhat-ethers
from 2.0.5 to 2.2.3 | 7 versions ahead of your current version | a year ago
on 2023-04-10
web3
from 1.7.1 to 1.10.4 | 28 versions ahead of your current version | 7 months ago
on 2024-02-05
chai
from 4.3.6 to 4.5.0 | 7 versions ahead of your current version | 2 months ago
on 2024-07-25
@nomiclabs/hardhat-truffle5
from 2.0.5 to 2.0.7 | 3 versions ahead of your current version | 2 years ago
on 2022-09-02
@nomiclabs/hardhat-waffle
from 2.0.3 to 2.0.6 | 3 versions ahead of your current version | a year ago
on 2023-05-16
@openzeppelin/contracts
from 4.5.0 to 4.9.6 | 23 versions ahead of your current version | 6 months ago
on 2024-02-29
ethers
from 5.6.2 to 5.7.2 | 10 versions ahead of your current version | 2 years ago
on 2022-10-19
@openzeppelin/test-helpers
from 0.5.15 to 0.5.16 | 1 version ahead of your current version | 2 years ago
on 2022-09-06
hardhat
from 2.9.3 to 2.22.9 | 77 versions ahead of your current version | 23 days ago
on 2024-08-21
hardhat-gas-reporter
from 1.0.8 to 1.0.10 | 3 versions ahead of your current version | 7 months ago
on 2024-01-31

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 372 Proof of Concept
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958047		 372 No Known Exploit
high severity Information Exposure
SNYK-JS-OPENZEPPELINCONTRACTS-2958050		 372 No Known Exploit
high severity Incorrect Calculation
SNYK-JS-OPENZEPPELINCONTRACTS-2964946		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 372 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-OPENZEPPELINCONTRACTS-2980279		 372 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UNDICI-3323845		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 372 No Known Exploit
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417		 372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 372 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 372 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 372 No Known Exploit
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 372 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 372 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683		 372 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 372 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 372 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 372 No Known Exploit
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 372 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 372 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COOKIEJAR-3149984		 372 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 372 No Known Exploit
medium severity Improper Certificate Validation
SNYK-JS-UNDICI-2928996		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-2953389		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-2980276		 372 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-UNDICI-2980286		 372 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-2965798		 372 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5425051		 372 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352		 372 No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-OPENZEPPELINCONTRACTS-6346765		 372 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 372 Proof of Concept
medium severity CRLF Injection
SNYK-JS-UNDICI-3323844		 372 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 372 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 372 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 372 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 372 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676		 372 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 372 Proof of Concept
low severity Information Exposure
SNYK-JS-UNDICI-2957529		 372 Proof of Concept
low severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-5425827		 372 No Known Exploit
low severity Missing Authorization
SNYK-JS-OPENZEPPELINCONTRACTS-5672116		 372 No Known Exploit
low severity Information Exposure
SNYK-JS-UNDICI-5962466		 372 No Known Exploit
low severity Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336		 372 No Known Exploit
low severity Improper Access Control
SNYK-JS-UNDICI-6564963		 372 No Known Exploit
low severity Improper Authorization
SNYK-JS-UNDICI-6564964		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 372 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 372 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 372 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 372 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 372 No Known Exploit
Release notes
Package name: @nomiclabs/hardhat-ethers
  • 2.2.3 - 2023-04-10
  • 2.2.2 - 2023-01-11
  • 2.2.1 - 2022-10-27
  • 2.2.0 - 2022-10-10
  • 2.1.1 - 2022-08-16
  • 2.1.0 - 2022-07-07
  • 2.0.6 - 2022-05-11
  • 2.0.5 - 2022-02-10
from @nomiclabs/hardhat-ethers GitHub release notes
Package name: web3
  • 1.10.4 - 2024-02-05
  • 1.10.4-dev.0 - 2024-01-31
  • 1.10.3 - 2023-10-18
  • 1.10.3-dev.0 - 2023-10-16
  • 1.10.2 - 2023-08-28
  • 1.10.1 - 2023-08-14
  • 1.10.1-rc.0 - 2023-08-08
  • 1.10.0 - 2023-05-10
  • 1.10.0-rc.0 - 2023-05-02
  • 1.9.0 - 2023-03-20
  • 1.9.0-rc.0 - 2023-03-07
  • 1.8.2 - 2023-01-30
  • 1.8.2-rc.0 - 2023-01-11
  • 1.8.1 - 2022-11-10
  • 1.8.1-rc.0 - 2022-10-28
  • 1.8.0 - 2022-09-14
  • 1.8.0-rc.0 - 2022-09-08
  • 1.7.5 - 2022-08-01
  • 1.7.5-rc.1 - 2022-07-19
  • 1.7.5-rc.0 - 2022-07-15
  • 1.7.4 - 2022-06-21
  • 1.7.4-rc.2 - 2022-06-16
  • 1.7.4-rc.1 - 2022-06-08
  • 1.7.4-rc.0 - 2022-05-17
  • 1.7.3 - 2022-04-08
  • 1.7.3-rc.0 - 2022-04-07
  • 1.7.2 - 2022-04-07
  • 1.7.2-rc.0 - 2022-03-24
  • 1.7.1 - 2022-03-03
from web3 GitHub release notes
Package name: chai from chai GitHub release notes
Package name: @nomiclabs/hardhat-truffle5
  • 2.0.7 - 2022-09-02
  • 2.0.7-rc.0 - 2022-08-31
  • 2.0.6 - 2022-05-11
  • 2.0.5 - 2022-03-01
from @nomiclabs/hardhat-truffle5 GitHub release notes
Package name: @nomiclabs/hardhat-waffle
  • 2.0.6 - 2023-05-16
  • 2.0.5 - 2023-02-10

    This is the first version of the plugin published in collaboration with the TrueFi team, the maintainers of Waffle 🚀

    We moved this plugin to its own repository, cleaned it up in the process, and implemented some small improvements.

    Changes

    • c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config
  • 2.0.4 - 2023-02-09
  • 2.0.3 - 2022-03-01
from @nomiclabs/hardhat-waffle GitHub release notes
Package name: @openzeppelin/contracts
  • 4.9.6 - 2024-02-29
    • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)
  • 4.9.5 - 2023-12-08
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).
  • 4.9.4 - 2023-12-07
    • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
  • 4.9.3 - 2023-07-28

    Note
    This release contains a fix for GHSA-g4vp-m682-qqmp.

    • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
    • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
  • 4.9.2 - 2023-06-16
  • 4.9.1 - 2023-06-07
  • 4.9.0 - 2023-05-23
  • 4.9.0-rc.1 - 2023-05-17
  • 4.9.0-rc.0 - 2023-05-09
  • 4.8.3 - 2023-04-13
  • 4.8.2 - 2023-03-02
  • 4.8.1 - 2023-01-13
  • 4.8.0 - 2022-11-08
  • 4.8.0-rc.2 - 2022-10-17
  • 4.8.0-rc.1 - 2022-09-23
  • 4.8.0-rc.0 - 2022-09-07
  • 4.7.3 - 2022-08-10
  • 4.7.2 - 2022-07-27
  • 4.7.1 - 2022-07-20
  • 4.7.0 - 2022-06-29
  • 4.7.0-rc.0 - 2022-06-07
  • 4.6.0 - 2022-04-26
  • 4.6.0-rc.0 - 2022-03-31
  • 4.5.0 - 2022-02-09
from @openzeppelin/contracts GitHub release notes
Package name: ethers
  • 5.7.2 - 2022-10-19
  • 5.7.1 - 2022-09-14
  • 5.7.0 - 2022-08-19
  • 5.6.9 - 2022-06-18
  • 5.6.8 - 2022-05-24
  • 5.6.7 - 2022-05-21
  • 5.6.6 - 2022-05-14
  • 5.6.5 - 2022-05-03
  • 5.6.4 - 2022-04-14
  • 5.6.3 - 2022-04-13
  • 5.6.2 - 2022-03-26
from ethers GitHub release notes
Package name: @openzeppelin/test-helpers
  • 0.5.16 - 2022-09-06
    • Fix warning under Hardhat 2.11.
  • 0.5.15 - 2021-10-05
    • Fix snapshot.restore when used multiple times.
from @openzeppelin/test-helpers GitHub release notes
Package name: hardhat
  • 2.22.9 - 2024-08-21

    This is a small bug fix release remove a warning message against the local Hardhat node when deploying with Hardhat Ignition.

    Changes

    • 6771f00: Do not send http_setLedgerOutputEnabled messages beyond the HTTP Provider to prevent unwanted warnings in the logs of the local hardhat node

    💡 The Nomic Foundation is hiring! Check our open positions.

  • 2.22.8 - 2024-08-07

    This is a small bug fix release to resolve a bug with large responses from debug_traceTransaction.

    Changes

    • f5d5d15: Fixed an issue with debug_traceTransaction when large responses were generated
    • 31d9d77: Upgraded EDR to v0.5.2

    💡 The Nomic Foundation is hiring! Check our open positions.

  • 2.22.7 - 2024-07-30
  • 2.22.6 - 2024-07-01
  • 2.22.5 - 2024-06-03
  • 2.22.4 - 2024-05-14
  • 2.22.3 - 2024-04-17
  • 2.22.2 - 2024-03-21
  • 2.22.1 - 2024-03-14
  • 2.22.0 - 2024-03-13
  • 2.21.0 - 2024-03-04
  • 2.21.0-dev.1 - 2024-03-02
  • 2.21.0-dev.0 - 2024-02-21
  • 2.20.1 - 2024-02-15
  • 2.20.0 - 2024-02-14
  • 2.19.5 - 2024-01-30
  • 2.19.4 - 2023-12-26
  • 2.19.3 - 2023-12-19
  • 2.19.2 - 2023-12-05
  • 2.19.1 - 2023-11-15
  • 2.19.0 - 2023-11-02
  • 2.18.3 - 2023-10-24
  • 2.18.2 - 2023-10-19
  • 2.18.1 - 2023-10-11
  • 2.18.0 - 2023-10-05
  • 2.17.4 - 2023-09-27
  • 2.17.3 - 2023-09-11
  • 2.17.2 - 2023-08-28
  • 2.17.1 - 2023-08-01
  • 2.17.0 - 2023-07-14
  • 2.16.1 - 2023-06-27
  • 2.16.1-dev.0 - 2023-06-27
  • 2.16.0 - 2023-06-22
  • 2.16.0-dev.0 - 2023-06-21
  • 2.15.0 - 2023-06-08
  • 2.14.1 - 2023-05-31
  • 2.14.0 - 2023-04-15
  • 2.13.1 - 2023-04-10
  • 2.13.0 - 2023-03-02
  • 2.13.0-dev.4 - 2023-03-02
  • 2.13.0-dev.3 - 2023-02-27
  • 2.13.0-dev.2 - 2022-12-30
  • 2.13.0-dev.1 - 2022-11-24
  • 2.13.0-dev.0 - 2022-10-21
  • 2.12.8-viair.0 - 2023-02-14
  • 2.12.7 - 2023-02-09
  • 2.12.6 - 2023-01-11
  • 2.12.5 - 2022-12-29
  • 2.12.4 - 2022-12-08
  • 2.12.3 - 2022-11-30
  • 2.12.2 - 2022-11-01
  • 2.12.1 - 2022-10-27
  • 2.12.1-unknown-txs.0 - 2022-10-24
  • 2.12.1-ir.0 - 2022-10-12
  • 2.12.0 - 2022-10-10
  • 2.12.0-esm.1 - 2022-09-27
  • 2.12.0-esm.0 - 2022-09-23
  • 2.11.3-dev.0 - 2022-09-16
  • 2.11.2 - 2022-09-14
  • 2.11.1 - 2022-09-06
  • 2.11.0 - 2022-09-02
  • 2.11.0-rc.1 - 2022-09-02
  • 2.11.0-rc.0 - 2022-08-31
  • 2.11.0-dev.0 - 2022-08-23
  • 2.10.2 - 2022-08-16
  • 2.10.2-dev.0 - 2022-07-20
  • 2.10.1 - 2022-07-13
  • 2.10.0 - 2022-07-07
  • 2.9.9 - 2022-06-08
  • 2.9.8 - 2022-06-08
  • 2.9.8-dev.0 - 2022-06-03
  • 2.9.7 - 2022-05-30
  • 2.9.6 - 2022-05-19
  • 2.9.6-dev.1 - 2022-05-18
  • 2.9.6-dev.0 - 2022-05-18
  • 2.9.5 - 2022-05-12
  • 2.9.4 - 2022-05-11
  • 2.9.3 - 2022-04-05
from hardhat GitHub release notes
Package name: hardhat-gas-reporter
  • 1.0.10 - 2024-01-31
  • 1.0.9 - 2022-09-05

    What's Changed

    Full Changelog: v1.0.8...v1.0.9

  • 1.0.9-viem.0 - 2024-01-31

    This pre-release contains a work-around patch to make the gas reporter work with Hardhat's viem tooling. It can be installed with:

    npm install --save-dev hardhat-gas-reporter@viem

    ⚠️ Important: for the plugin to work correctly, it must be listed before the hardhat-viem plugin in hardhat.config.ts e.g

    import "hardhat-gas-reporter" // <--- first
import "@ nomicfoundation/hardhat-toolbox-viem"

    There is ongoing work to make this part of the normally published package in #167 but it will not be released until v2.0 (probably end of February at the earliest).

  • 1.0.8 - 2022-02-15
from hardhat-gas-reporter GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"nomiclabs/hardhat-ethers","to":"nomiclabs/hardhat-ethers"},{"name":"web3","from":"1.7.1","to":"1.10.4"},{"name":"chai","from":"4.3.6","to":"4.5.0"},{"name":"","from":"nomiclabs/hardhat-truffle5","to":"nomiclabs/hardhat-truffle5"},{"name":"","from":"nomiclabs/hardhat-waffle","to":"nomiclabs/hardhat-waffle"},{"name":"","from":"openzeppelin/contracts","to":"openzeppelin/contracts"},{"name":"ethers","from":"5.6.2","to":"5.7.2"},{"name":"","from":"openzeppelin/test-helpers","to":"openzeppelin/test-helpers"},{"name":"hardhat","from":"2.9.3","to":"2.22.9"},{"name":"hardhat-gas-reporter","from":"1.0.8","to":"1.0.10"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958047","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958047","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958050","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2958050","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2964946","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2964946","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Incorrect Calculation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2980279","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2980279","priority_score":385,"priority_score_factors":[{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-3323845","issue_id":"SNYK-JS-UNDICI-3323845","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MOCHA-2863123","issue_id":"SNYK-JS-MOCHA-2863123","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GETFUNCNAME-5923417","issue_id":"SNYK-JS-GETFUNCNAME-5923417","priority_score":537,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MOCHA-2863123","issue_id":"SNYK-JS-MOCHA-2863123","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NORMALIZEURL-1296539","issue_id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGET-2361683","issue_id":"SNYK-JS-SIMPLEGET-2361683","priority_score":547,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":410,"priority_score_factors":[{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":410,"priority_score_factors":[{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":425,"priority_score_factors":[{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":481,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":481,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ELLIPTIC-1064899","issue_id":"SNYK-JS-ELLIPTIC-1064899","priority_score":340,"priority_score_factors":[{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2928996","issue_id":"SNYK-JS-UNDICI-2928996","priority_score":377,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Certificate Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2953389","issue_id":"SNYK-JS-UNDICI-2953389","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-2980276","issue_id":"SNYK-JS-UNDICI-2980276","priority_score":270,"priority_score_factors":[{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-2980286","issue_id":"SNYK-JS-UNDICI-2980286","priority_score":320,"priority_score_factors":[{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-2965798","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-2965798","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425051","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425051","priority_score":340,"priority_score_factors":[{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5838352","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5838352","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Encoding or Escaping of Output"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-6346765","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-6346765","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Out-of-bounds Read"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":305,"priority_score_factors":[{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHPARSE-1077067","issue_id":"SNYK-JS-PATHPARSE-1077067","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-3323844","issue_id":"SNYK-JS-UNDICI-3323844","priority_score":337,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"4.6","score":230},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"CRLF Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":412,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MINIMATCH-3050818","issue_id":"SNYK-JS-MINIMATCH-3050818","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":326,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":305,"priority_score_factors":[{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":326,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-HIGHLIGHTJS-1048676","issue_id":"SNYK-JS-HIGHLIGHTJS-1048676","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UNDICI-2957529","issue_id":"SNYK-JS-UNDICI-2957529","priority_score":292,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425827","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5425827","priority_score":185,"priority_score_factors":[{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OPENZEPPELINCONTRACTS-5672116","issue_id":"SNYK-JS-OPENZEPPELINCONTRACTS-5672116","priority_score":185,"priority_score_factors":[{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Missing Authorization"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-5962466","issue_id":"SNYK-JS-UNDICI-5962466","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6252336","issue_id":"SNYK-JS-UNDICI-6252336","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Permissive Cross-domain Policy with Untrusted Domains"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564963","issue_id":"SNYK-JS-UNDICI-6564963","priority_score":130,"priority_score_factors":[{"type":"cvssScore","label":"2.6","score":130},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Access Control"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564964","issue_id":"SNYK-JS-UNDICI-6564964","priority_score":195,"priority_score_factors":[{"type":"cvssScore","label":"3.9","score":195},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Improper Authorization"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MINIMIST-2429795","issue_id":"SNYK-JS-MINIMIST-2429795","priority_score":292,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":176,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536758","issue_id":"SNYK-JS-TAR-1536758","priority_score":196,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"997f211d-6883-40b4-934d-df7183128ccd","prPublicId":"997f211d-6883-40b4-934d-df7183128ccd","packageManager":"npm","priorityScoreList":[482,375,375,375,425,385,482,482,375,472,537,375,375,482,547,410,410,425,425,430,481,372,340,377,372,270,320,265,340,265,265,305,372,337,412,265,326,432,265,372,292,185,185,195,195,130,195,176,292,176,196],"projectPublicId":"55e049aa-e546-4941-a805-ef9113babeed","projectUrl":"https://app.snyk.io/org/debuggineffect/project/55e049aa-e546-4941-a805-ef9113babeed?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"defau...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
20bd5f7 
Snyk has created this PR to upgrade:
  - @nomiclabs/hardhat-ethers from 2.0.5 to 2.2.3.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-ethers
  - web3 from 1.7.1 to 1.10.4.
    See this package in npm: https://www.npmjs.com/package/web3
  - chai from 4.3.6 to 4.5.0.
    See this package in npm: https://www.npmjs.com/package/chai
  - @nomiclabs/hardhat-truffle5 from 2.0.5 to 2.0.7.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-truffle5
  - @nomiclabs/hardhat-waffle from 2.0.3 to 2.0.6.
    See this package in npm: https://www.npmjs.com/package/@nomiclabs/hardhat-waffle
  - @openzeppelin/contracts from 4.5.0 to 4.9.6.
    See this package in npm: https://www.npmjs.com/package/@openzeppelin/contracts
  - ethers from 5.6.2 to 5.7.2.
    See this package in npm: https://www.npmjs.com/package/ethers
  - @openzeppelin/test-helpers from 0.5.15 to 0.5.16.
    See this package in npm: https://www.npmjs.com/package/@openzeppelin/test-helpers
  - hardhat from 2.9.3 to 2.22.9.
    See this package in npm: https://www.npmjs.com/package/hardhat
  - hardhat-gas-reporter from 1.0.8 to 1.0.10.
    See this package in npm: https://www.npmjs.com/package/hardhat-gas-reporter

See this project in Snyk:
https://app.snyk.io/org/debuggineffect/project/55e049aa-e546-4941-a805-ef9113babeed?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BitcoinOutput @snyk-bot