Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade ethers from 5.7.2 to 6.11.1 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade ethers from 5.7.2 to 6.11.1 #5

wants to merge 1 commit into from

Conversation

Jircs1
Copy link
Owner

@Jircs1 Jircs1 commented Mar 17, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade ethers from 5.7.2 to 6.11.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 64 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-02-14.
Release notes
Package name: ethers
  • 6.11.1 - 2024-02-14
    • Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).
    • Allow ENS wildcards with labels up to 255 bytes wide; discussed with ENS and deemed safe (#4543; 7f14bde).
    • Enforce string is passed to toUtf8Bytes (#4583; f45bb87).
    • Fix transaction.index not being populated on some backends (#4591; 7f0e140).
  • 6.11.0 - 2024-02-09
    • Allow transaction encoding for inferred type transactions (f02211d).
    • Added EIP-4788, receipts root and state root fields to Block (#4570; c5f126f).
    • Added EIP-4844 fields to Provider classes and formatter (#4570; 7b4f2c1).
    • Assert BrowserProvider receives an EIP-1193 provider to fail early when passing undefined ethereum object (b69f43b).
    • Add timeout to ContractTransactionResponse wait (#4497; 095de51).
    • Allow override keyword in human-readable ABI and improve error messages (#4514, #4548; be5ec2d).
    • Expand Contract sub-class to accept BaseContract super-class constructor arguments (#4538; 98496bc).
    • Allow network for default provider to be null to select mainnet (#4501; b6bf7ab).
    • Allow long dnsEncode names with optional length parameter (#4543; a136348).
    • Fix parseLog signature when receiving read-only array for topics (#4029, #4459; 20cd8a2).
    • Use Secure endpoints for BNB on Etherscan (#4525; 1f6e188).
    • Added holesky network and related end-points for supporting providers (c6e6c43).
    • Added EIP-4844 BLOb transactions (#4554; 9c1e82e).
    • Normalize EIP-712 types before computing the payload (#4541; 56c1361).
    • Updated thrid-part provider URLs for QuickNode (2b4891d).
    • Fixed normalization and abstracted EIP-712 Array parsing (#4541; 8f99601).
    • Updated third-party provider network URLs (#4542; 84ca14f).
    • Added additional sepolia testnets (4efef76).
    • Fix EIP-712 type aliases for uint and int (#4541; 43fb9c2).
    • Fixed typo in Error string (#4539; 7882905).
    • Better debugging output on fetch errors (bee07a0).
  • 6.10.0 - 2024-01-13
    • Limit decoded result imflation ratio from ABI-encoded data (#4537; 1b4debd).
  • 6.9.2 - 2024-01-03
    • Fix Base58 padding for string representation of binary data (#4527; ccac24a).
  • 6.9.1 - 2023-12-20
    • Fix uncatchable issue when sending transactions over JSON-RPC and provide some retry-recovery for missing v (#4513; 1802215).
  • 6.9.0 - 2023-11-27
    • Use provider-specified suggested priority fee when available, otherwise fallback onto existing logic of 1 gwei (#4463; f8f11c7).
    • Add auto-detected static network support to providers and allow customizing socket provider options (#4199, #4418, #4441; 4681b83).
    • Added Base network to AlchemyProvider (#4384; 9e74d14).
    • Fixed ParamType formatting causing bad tuple full and minimal ABI output (#4329, #4479; 2b67488).
    • Adjust for provider config weight when kicking off a request in FallbackProvider (#4298; da34e35).
    • More robust FallbackProvider broadcast (#4186, #4297, #4442; e2485b8).
    • Added safe and finalized provider events (#3921; a92766e).
  • 6.8.1 - 2023-11-01
    • Fixed typo in error description when converting values to arrays (#4427, #4446; 8fed2f8).
    • Fix invalid token nonpayable being included in formatted constructor (#4412; 2e0bd90).
    • Add ENS support for Sepolia (#4422; 1da50ae).
  • 6.8.0 - 2023-10-11
    • Replicated former ENS normalize behaviour for empty strings and update namehash testcases (125ff11).
    • Initial shortMessage support for errors (#4241; d6a8c14).
    • Fixed resolving ENS addresses used as from parameters (#3961; 2616f4c).
    • Merge: 9a4b753 0c9c23b Merge branch 'v5.8-progress' (cd5f0fe).
    • Allow more loose input format for RLP encoder (#4402; 9a4b753).
    • Update to latest noble crypto libraries (#3975; b27faa0).
    • More robust configuration options for FetchRequest getUrl functions (#4353; 9541f2f).
    • Ignore blockTag when calling Etherscan if it is the default block tag (dcea9b3).
  • 6.7.1 - 2023-08-15
  • 6.7.0 - 2023-08-03
    • Fixed receipt wait not throwing on reverted transactions (25fef4f).
    • Added custom priority fee to Optimism chain (via telegram) (ff80b04).
    • Add context to Logs that fail decoding due to ABI issues to help debugging (f3c46f2).
    • Added new exports for FallbackProviderOptions and FetchUrlFeeDataNetworkPlugin (#2828, #4160; b1dbbb0).
    • Allow overriding pollingInterval in JsonRpcProvider constructor (via discord) (f42f258).
    • Fixed FallbackProvider priority sorting (#4150; 78538eb).
    • Added linea network to InfuraProvider and Network (#4184, #4190; d3e5e2c).
    • Added whitelist support to getDefaultProvider (82bb936).
    • Add Polygon RPC endpoints to the default provider (#3689; 23704a9).
    • Added customizable quorum to FallbackProvider (#4160; 8f0a509).
    • Added basic Gas Station support via a NetworkPlugin (#2828; 229145d).
    • Add BNB URLs to EtherscanProvider networks (ec39abe).
    • Added tests for JSON format (#4248; ba36079).
    • Use empty string for unnamed parameters in JSON output instead of undefined (#4248; 8c2652c).
    • Return undefined for Contract properties that do not exist instead of throwing an error (#4266; 5bf7b34).
  • 6.6.7 - 2023-07-28
  • 6.6.6 - 2023-07-28
  • 6.6.5 - 2023-07-24
  • 6.6.4 - 2023-07-16
  • 6.6.3 - 2023-07-12
  • 6.6.2 - 2023-06-28
  • 6.6.1 - 2023-06-23
  • 6.6.0 - 2023-06-14
  • 6.5.1 - 2023-06-08
  • 6.5.0 - 2023-06-07
  • 6.4.2 - 2023-06-06
  • 6.4.1 - 2023-06-02
  • 6.4.0 - 2023-05-20
  • 6.3.0 - 2023-04-07
  • 6.2.3 - 2023-03-28
  • 6.2.2 - 2023-03-24
  • 6.2.1 - 2023-03-23
  • 6.2.0 - 2023-03-20
  • 6.1.0 - 2023-03-07
  • 6.0.8 - 2023-02-23
  • 6.0.7 - 2023-02-23
  • 6.0.6 - 2023-02-23
  • 6.0.5 - 2023-02-19
  • 6.0.4 - 2023-02-16
  • 6.0.3 - 2023-02-13
  • 6.0.2 - 2023-02-04
  • 6.0.1 - 2023-02-04
  • 6.0.0 - 2023-02-03
  • 6.0.0-beta-exports.16 - 2023-02-02
  • 6.0.0-beta-exports.15 - 2023-01-31
  • 6.0.0-beta-exports.14 - 2023-01-27
  • 6.0.0-beta-exports.13 - 2023-01-27
  • 6.0.0-beta-exports.12 - 2023-01-27
  • 6.0.0-beta-exports.11 - 2023-01-22
  • 6.0.0-beta-exports.10 - 2023-01-15
  • 6.0.0-beta-exports.9 - 2022-12-30
  • 6.0.0-beta-exports.8 - 2022-12-10
  • 6.0.0-beta-exports.7 - 2022-11-30
  • 6.0.0-beta-exports.6 - 2022-11-09
  • 6.0.0-beta-exports.5 - 2022-11-09
  • 6.0.0-beta-exports.4 - 2022-10-01
  • 6.0.0-beta-exports.3 - 2022-09-30
  • 6.0.0-beta-exports.2 - 2022-09-27
  • 6.0.0-beta-exports.1 - 2022-09-16
  • 6.0.0-beta-exports.0 - 2022-09-05
  • 6.0.0-beta.9 - 2022-04-20
  • 6.0.0-beta.8 - 2022-04-20
  • 6.0.0-beta.7 - 2022-04-20
  • 6.0.0-beta.6 - 2022-04-20
  • 6.0.0-beta.5 - 2022-04-19
  • 6.0.0-beta.4 - 2022-04-17
  • 6.0.0-beta.3 - 2022-04-14
  • 6.0.0-beta.2 - 2022-04-11
  • 6.0.0-beta.1 - 2022-04-11
  • 5.7.2 - 2022-10-19
from ethers GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@typechain/[email protected] filesystem Transitive: environment, network, unsafe +73 88.4 MB ethereum-ts-bot
npm/@typechain/[email protected] filesystem Transitive: environment, eval, network, shell, unsafe +296 269 MB ethereum-ts-bot
npm/@types/[email protected] None 0 96.1 kB types
npm/[email protected] network Transitive: environment, filesystem +10 20.4 MB ricmoo
npm/[email protected] environment, filesystem, network, shell Transitive: eval, unsafe +280 257 MB kanej
npm/[email protected] filesystem Transitive: environment, eval, shell, unsafe +70 101 MB diego.bale.arg
npm/[email protected] environment, filesystem, unsafe +18 69.6 MB blakeembrey
npm/[email protected] environment, filesystem Transitive: unsafe +28 80.2 MB ethereum-ts-bot
npm/[email protected] None 0 66.8 MB typescript-bot

🚮 Removed packages: npm/@typechain/[email protected], npm/@types/[email protected], npm/@types/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jircs1 @snyk-bot