Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , #674

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

X-oss-byte
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@ethereumjs/util
from 8.0.5 to 8.1.0 | 2 versions ahead of your current version | a year ago
on 2023-06-20
@ganache/utils
from 0.8.0 to 0.9.2 | 3 versions ahead of your current version | 9 months ago
on 2023-12-21

Release notes
Package name: @ethereumjs/util
  • 8.1.0 - 2023-06-20

    EIP-7685 Requests: EIP-6110 (Deposits) / EIP-7002 (Withdrawals) / EIP-7251 (Consolidations)

    This library now supports EIP-6110 deposit requests, see PR #3390, EIP-7002 withdrawal requests, see PR #3385 and EIP-7251 consolidation requests, see PR #3477 as well as the underlying generic execution layer request logic introduced with EIP-7685 (PR #3372).

    These new request types will be activated with the Prague hardfork, see @ ethereumjs/block README for detailed documentation.

    EIP-2935 Serve Historical Block Hashes from State (Prague)

    Starting with this release the VM supports EIP-2935 which stores the latest 256 block hashes in the storage of a system contract, see PR #3475 as the major integrational PR (while work on this has already been done in previous PRs).

    This EIP will be activated along the Prague hardfork. Note that this EIP has no effect on the resolution of the BLOCKHASH opcode, which will be a separate activation taking place by the integration of EIP-7709 in the following Osaka hardfork.

    Verkle Dependency Decoupling

    We have relatively light-heartedly added a new @ ethereumjs/verkle main dependency to the VM/EVM stack in the v7.2.1 release, which added an additional burden to the bundle size by several hundred KB and additionally draws in unnecessary WASM code. Coupling with Verkle has been refactored in PR #3462 and the direct dependency has been removed again.

    An update to this release is therefore strongly recommended even if other fixes or features are not that relevant for you right now.

    Verkle Updates

    • Fixes for Kaustinen4 support, PR #3269
    • Kaustinen5 related fixes, PR #3343
    • Kaustinen6 adjustments, verkle-cryptography-wasm migration, PRs #3355 and #3356
    • Missing beaconroot account verkle fix, PR #3421
    • Remove the hacks to prevent account cleanups of system contracts, PR #3418
    • Updates EIP-2935 tests with the new proposed bytecode and corresponding config, PR #3438
    • Fix EIP-2935 address conversion issues, PR #3447
    • Remove backfill of block hashes on EIP-2935 activation, PR #3478

    Other Features

    • Add evmOpts to the VM opts to allow for options chaining to the underlying EVM, PR #3481
    • Stricter prefixed hex typing, PRs #3348, #3427 and #3357 (some changes removed in PR #3382 for backwards compatibility reasons, will be reintroduced along upcoming breaking releases)

    Other Changes

    • Removes support for EIP-2315 simple subroutines for EVM (deprecated with an alternative version integrated into EOF), PR #3342
    • Small clean-up to VM._emit(), PR #3396
    • Update mcl-wasm Dependency (Esbuild Issue), PR #3461

    Bugfixes

    • Fix block building with blocks including CL requests, PR #3413
    • Ensure system address is not created if it is empty, PR #3400
  • 8.0.6 - 2023-04-24
  • 8.0.5 - 2023-02-27
from @ethereumjs/util GitHub release notes
Package name: @ganache/utils
  • 0.9.2 - 2023-12-21
  • 0.9.1 - 2023-08-22
  • 0.9.0 - 2023-07-05
  • 0.8.0 - 2023-04-13
from @ganache/utils GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @ethereumjs/util from 8.0.5 to 8.1.0.
    See this package in npm: https://www.npmjs.com/package/@ethereumjs/util
  - @ganache/utils from 0.8.0 to 0.9.2.
    See this package in npm: https://www.npmjs.com/package/@ganache/utils

See this project in Snyk:
https://app.snyk.io/org/sammyfilly/project/d7ed5c2b-4d6f-49eb-82ed-18060656fe78?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

stackblitz bot commented Sep 6, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

Copy link

changeset-bot bot commented Sep 6, 2024

⚠️ No Changeset found

Latest commit: 7d5c7df

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants