Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 13 updates #19

Merged
merged 2 commits into from
Sep 26, 2024
Merged

Bump the npm_and_yarn group across 1 directory with 13 updates #19

merged 2 commits into from
Sep 26, 2024

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Sep 26, 2024

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
mocha 7.2.0 10.7.3
web3 1.2.6 1.5.3
webpack 3.12.0 5.95.0
js-yaml 3.0.1 3.14.1
tough-cookie 2.5.0 removed
web3 1.5.3 4.13.0

Updates mocha from 7.2.0 to 10.7.3

Release notes

Sourced from mocha's releases.

v10.7.3

10.7.3 (2024-08-09)

🩹 Fixes

v10.7.2

10.7.2 (2024-08-06)

📚 Documentation

🧹 Chores

v10.7.1

10.7.1 (2024-08-06)

🩹 Fixes

  • crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

  • add knip to validate included dependencies (5c2989f)
  • more fully remove assetgraph-builder and canvas (#5175) (1883c41)
  • replace nps with npm scripts (#5128) (c44653a), closes #5126

v10.7.0

What's Changed

New Contributors

Full Changelog: mochajs/mocha@v10.6.1...v10.7.0

v10.6.1

What's Changed

... (truncated)

Changelog

Sourced from mocha's changelog.

10.7.3 (2024-08-09)

🩹 Fixes

10.7.2 (2024-08-06)

📚 Documentation

🧹 Chores

10.7.1 (2024-08-06)

🩹 Fixes

  • crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

  • add knip to validate included dependencies (5c2989f)
  • more fully remove assetgraph-builder and canvas (#5175) (1883c41)
  • replace nps with npm scripts (#5128) (c44653a), closes #5126

10.7.0 / 2024-07-20

🎉 Enhancements

10.6.1 / 2024-07-20

🐛 Fixes

10.6.0 / 2024-07-02

🎉 Enhancements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.


Updates web3 from 1.2.6 to 1.5.3

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[1.2.6]

Added

  • Görli testnet ENS registry added to the known registries (#3338)

Changed

[1.2.7]

Added

  • Add revert reason support to sendSignedTransaction (#3345)
  • ENS module extended with the possibility to add a custom registry (#3301)
  • Missing ENS Registry methods and Resolver.supportsInterface method added (#3325)
  • Add optional gas type to AbiItem typescript definitions (for ABIs generated by Vyper) (#3437)
  • Add görli testnet ENS registry to the known registries (#3252)
  • Add auto-reconnect option for Websockets (#3092, #1085, #1391, #1558, #1852, #1646)

Changed

  • Ensure '0x' prefix is existing for Accounts.sign and Accounts.privateKeyToAccount (#3041)
  • Repository cleanup (#3443)
    • Removed old docs/_build folder
    • Removed old bower and meteor artifacts
    • Moved logo assets to own folder
    • Moved github assets to own folder
    • Remove @​types/node from (non-dev) dependency tree (#3965, #3227)
  • Please note: Geth v1.9.12 contains a breaking change for eth_call that will not default to your first account anymore if from is not set. If a sender is not explicitly defined, the eth_call will be executed from address(0). (#3467)
    • This was done to avoid the same input behaving differently in different environments. You should never do eth_call without explicitly setting a sender.
    • This means that if you're calling view methods that refer to a msg.sender without explicitly setting a from address in your request options, you may see unexpected behavior.
    • In web3.js, the from address can be specified on a per-call basis or by setting the defaultAccount property.

Fixed

  • Add missing subscription.on('connected') TS type definition (#3319)
  • Add missing bignumber.js dependency for TS types (#3386)
  • Upgrade swarm-js to 0.1.40 to remove npm vulnerability warning (#3399)
  • Upgrade devDeps to resolve security warnings (#3464)
    • dtslint 0.4.2 => 3.4.1
    • definitelytyped-header-parser 1.0.1 => 3.9.0
  • Race-condition when subscribing to historical logs as first client request (#3389)
  • Fix crash when using Web-Workers by removing any-promise dependency (#3377 #2211 #1774)
  • MaxListenersExceededWarning event emitter warning mitigated (#1648)

[1.2.8]

Added

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by spacesailor, a new releaser for web3 since your current version.


Updates webpack from 3.12.0 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

  • Fixed hanging when attempting to read a symlink-like file that it can't read
  • Handle default for import context element dependency
  • Merge duplicate chunks call after split chunks
  • Generate correctly code for dynamically importing the same file twice and destructuring
  • Use content hash as [base] and [name] for extracted DataURI's
  • Distinguish module and import in module-import for externals import's
  • [Types] Make EnvironmentPlugin default values types less strict
  • [Types] Typescript 5.6 compatibility

New Features

  • Add new optimization.entryIife option (true by default for the production mode)
  • Pass output.hash* options to loader context

Performance

  • Avoid unneeded re-visit in build chunk graph

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import

... (truncated)

Commits
  • e20fd63 chore(release): 5.95.0
  • 4866b0d feat: added new optimization.entryIife option
  • d90f692 fix: merge duplicate chunks after split chunks
  • 90dec30 fix(externals): distinguish “module” and “import” in “module-import”
  • c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
  • 14d8fa8 fix: all tests cases
  • dae16ad feat: pass output.hash* options to loader context
  • 75d185d feat: pass output.hash* options to loader context
  • 46e0b9c test: update
  • 8e62f9f test
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates json5 from 0.5.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

v1.0.1

This release includes a bug fix and minor change.

  • Fix: parse throws on unclosed objects and arrays.

  • New: package.json5 has been removed until an easier way to keep it in sync with package.json is found.

v1.0.0

This release includes major internal changes and public API enhancements.

  • Major JSON5 officially supports Node.js v4 and later. Support for Node.js v0.10 and v0.12 have been dropped.

  • New: Unicode property names and Unicode escapes in property names are supported. (#1)

  • New: stringify outputs trailing commas in objects and arrays when a space option is provided. (#66)

  • New: JSON5 allows line and paragraph separator characters (U+2028 and U+2029) in strings in order to be compatible with JSON. However, ES5 does not allow these characters in strings, so JSON5 gives a warning when they are parsed and escapes them when they are stringified. (#70)

  • New: stringify accepts an options object as its second argument. The supported options are replacer, space, and a new quote option that specifies the quote character used in strings. (#71)

  • New: The CLI supports STDIN and STDOUT and adds --out-file, --space, and --validate options. See json5 --help for more information. (#72, #84, and #108)

  • New: In addition to the white space characters space \t, \v, \f, \n, \r, and \xA0, the additional white space characters \u2028, \u2029, and all other characters in the Space Separator Unicode category are allowed.

  • New: In addition to the character escapes \', \", \\, \b, \f, \n, \r, and \t, the additional character escapes \v and \0, hexadecimal escapes like \x0F, and unnecessary escapes like \a are allowed in string values and string property names.

  • New: stringify outputs strings with single quotes by default but intelligently uses double quotes if there are more single quotes than double quotes inside the string. (i.e. stringify('Stay here.') outputs 'Stay here.' while stringify('Let\'s go.') outputs "Let's go.")

... (truncated)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates braces from 2.3.2 to 3.0.2

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits

Updates elliptic from 6.3.3 to 6.5.4

Commits

Updates js-yaml from 3.0.1 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits
  • 37caaad 3.14.1 released
  • 094c0f7 dist rebuild
  • 9586ebe Avoid calling hasOwnProperty of user-controlled objects
  • 34e5072 3.14.0 released
  • 7b25c83 Browser files rebuild
  • 6f73473 Dev deps bump
  • 0c29349 Travis-CI: drop old nodejs versions
  • 10be97e fix(loader): Add support for safe/loadAll(input, options)
  • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
  • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
  • Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates flat from 4.1.1 to 5.0.2

Commits
  • e5ffd66 Release 5.0.2
  • fdb79d5 Update dependencies, refresh lockfile, format with standard.
  • e52185d Test against node 14 in CI.
  • 0189cb1 Avoid arrow function syntax.
  • f25d3a1 Release 5.0.1
  • 54cc7ad use standard formatting
  • 779816e drop dependencies
  • 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
  • a61a554 Bump acorn from 7.1.0 to 7.4.0
  • 20ef0ef Fix prototype pollution on unflatten
  • Additional commits viewable in compare view

Updates got from 7.1.0 to 9.6.0

Release notes

Sourced from got's releases.

v9.6.0

  • Add init hook (#683) 677d0a4
  • Add beforeError hook (#696) 29ffb44

sindresorhus/got@v9.5.1...v9.6.0

v9.5.1

  • Fix memory leak when using socket timeout and keepalive agent (#694) 203dadc
  • Fix strange timing data for HTTP requests d136e61
  • Correctly preserve original status code when returning cached responses d136e61

sindresorhus/got@v9.5.0...v9.5.1

v9.5.0

  • Remove error thrown for URLs with auth component (#676) 5d20a43
  • Upgrade dependencies a1eadfe

sindresorhus/got@v9.4.0...v9.5.0

v9.4.0

  • Add ability to specify which network error codes to retry on. 9f3a099
  • Add Got options onto responses and errors. 33b838f
  • Correctly clear socket timeout on error. c8e358f

sindresorhus/got@v9.3.2...v9.4.0

v9.3.2

sindresorhus/got@v9.3.1...v9.3.2

v9.3.1

  • Don't override headers defined in the url argument when it's an object. 191e00a
  • Don't set content-length header when upload body size is null. 311b184

sindresorhus/got@v9.3.0...v9.3.1

v9.3.0

  • Add option to allow defaults to be mutable. b392f60
  • Add beforeRedirect, beforeRetry, and afterResponse hooks. 325409c
  • Retry on a few more errors. fbaaa2a
  • Include body property in HTTPError. fdc0fa6
  • Transform user set headers to lowercase. a07b2be
  • Support Electron renderer timings. 25f18be

sindresorhus/got@v9.2.0...v9.3.0

v9.2.2

  • Gracefully handle invalid Location redirect URLs. (#605) 7ae6939

... (truncated)

Commits

Removes tough-cookie

Updates web3 from 1.5.3 to 4.13.0

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[1.2.6]

Added

  • Görli testnet ENS registry added to the known registries (#3338)

Changed

[1.2.7]

Added

  • Add revert reason support to sendSignedTransaction (#3345)
  • ENS module extended with the possibility to add a custom registry (#3301)
  • Missing ENS Registry methods and Resolver.supportsInterface method added (#3325)
  • Add optional gas type to AbiItem typescript definitions (for ABIs generated by Vyper) (#3437)
  • Add görli testnet ENS registry to the known registries (#3252)
  • Add auto-reconnect option for Websockets (#3092, #1085, #1391, #1558, #1852, #1646)

Changed

  • Ensure '0x' prefix is existing for Accounts.sign and Accounts.privateKeyToAccount (#3041)
  • Repository cleanup (#3443)
    • Removed old docs/_build folder
    • Removed old bower and meteor artifacts
    • Moved logo assets to own folder
    • Moved github assets to own folder
    • Remove @​types/node from (non-dev) dependency tree (#3965, #3227)
  • Please note: Geth v1.9.12 contains a breaking change for eth_call that will not default to your first account anymore if from is not set. If a sender is not explicitly defined, the eth_call will be executed from address(0). (#3467)
    • This was done to avoid the same input behaving differently in different environments. You should never do eth_call without explicitly setting a sender.
    • This means that if you're calling view methods that refer to a msg.sender without explicitly setting a from address in your request options, you may see unexpected behavior.
    • I...

      Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 13 updates
b0251d6 
Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mocha](https://github.com/mochajs/mocha) | `7.2.0` | `10.7.3` |
| [web3](https://github.com/ChainSafe/web3.js) | `1.2.6` | `1.5.3` |
| [webpack](https://github.com/webpack/webpack) | `3.12.0` | `5.95.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.0.1` | `3.14.1` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `removed` |
| [web3](https://github.com/ChainSafe/web3.js) | `1.5.3` | `4.13.0` |



Updates `mocha` from 7.2.0 to 10.7.3
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v7.2.0...v10.7.3)

Updates `web3` from 1.2.6 to 1.5.3
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](web3/web3.js@v1.2.6...v1.5.3)

Updates `webpack` from 3.12.0 to 5.95.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v3.12.0...v5.95.0)

Updates `json5` from 0.5.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v0.5.1...v1.0.2)

Updates `braces` from 2.3.2 to 3.0.2
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.2)

Updates `elliptic` from 6.3.3 to 6.5.4
- [Commits](indutny/elliptic@v6.3.3...v6.5.4)

Updates `js-yaml` from 3.0.1 to 3.14.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.0.1...3.14.1)

Updates `express` from 4.18.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.18.2...4.21.0)

Updates `flat` from 4.1.1 to 5.0.2
- [Release notes](https://github.com/hughsk/flat/releases)
- [Commits](hughsk/flat@4.1.1...5.0.2)

Updates `got` from 7.1.0 to 9.6.0
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v7.1.0...v9.6.0)

Removes `tough-cookie`

Updates `web3` from 1.5.3 to 4.13.0
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](web3/web3.js@v1.2.6...v1.5.3)

Updates `yargs-parser` from 7.0.0 to 20.2.9
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)
- [Commits](yargs/yargs-parser@v7.0.0...yargs-parser-v20.2.9)

Updates `ws` from 3.3.3 to 8.18.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@3.3.3...8.18.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: web3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flat
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: got
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: web3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 26, 2024
@dependabot dependabot bot mentioned this pull request Sep 26, 2024
Closed
@socket-security Socket Security
Copy link

socket-security bot commented Sep 26, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/body-parser@1.20.3, npm/component-emitter@1.3.1, npm/encodeurl@2.0.0, npm/hash-base@3.0.4, npm/parse-asn1@5.1.7, npm/send@0.19.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@socket-security Socket Security
Copy link

socket-security bot commented Sep 26, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/pbkdf2@3.1.2 None 0 4.52 kB types
npm/@types/secp256k1@4.0.6 None 0 8.05 kB types
npm/array.prototype.reduce@1.0.7 None +22 2.87 MB ljharb
npm/asn1.js@4.10.1 unsafe +1 142 kB indutny
npm/aws4@1.13.2 environment 0 23.4 kB hichaelmart
npm/base-x@3.0.10 None 0 9.36 kB junderw
npm/binary-extensions@2.3.0 None 0 5.03 kB sindresorhus
npm/bindings@1.5.0 environment, filesystem 0 11.2 kB tootallnate
npm/body-parser@1.20.3 network Transitive: environment, filesystem +2 120 kB ulisesgascon
npm/braces@3.0.3 None 0 44.6 kB jonschlinkert
npm/browserify-sign@4.2.3 None +1 21.8 kB ljharb
npm/component-emitter@1.3.1 None 0 6.3 kB sindresorhus
npm/cookie@0.6.0 None 0 23.7 kB dougwilson
npm/d@1.0.2 None 0 14.2 kB medikoo
npm/data-view-buffer@1.0.1 None +2 65.3 kB ljharb
npm/data-view-byte-length@1.0.1 None 0 9.99 kB ljharb
npm/data-view-byte-offset@1.0.0 None +2 37.8 kB ljharb
npm/elliptic@6.5.7 None 0 119 kB indutny
npm/encodeurl@2.0.0 None 0 6.98 kB blakeembrey
npm/es-define-property@1.0.0 Transitive: eval +1 53.4 kB ljharb
npm/es-errors@1.3.0 None 0 12.3 kB ljharb
npm/es-object-atoms@1.0.0 None 0 9.17 kB ljharb
npm/es5-ext@0.10.64 eval 0 374 kB medikoo
npm/es6-symbol@3.1.4 None 0 16.5 kB medikoo
npm/esniff@2.0.1 None 0 60.9 kB medikoo
npm/express@4.21.0 environment, filesystem, network 0 221 kB wesleytodd
npm/file-uri-to-path@1.0.0 None 0 8.07 kB tootallnate
npm/fill-range@7.1.1 None +1 39.7 kB jonschlinkert
npm/finalhandler@1.3.1 environment 0 19 kB dougwilson, wesleytodd
npm/is-data-view@1.0.1 None +4 118 kB ljharb
npm/merge-descriptors@1.0.3 None 0 5.08 kB sindresorhus
npm/nan@2.20.0 None 0 430 kB kkoopa
npm/node-gyp-build@4.8.2 environment, filesystem 0 13.6 kB mafintosh
npm/object.getownpropertydescriptors@2.1.8 None 0 22.9 kB ljharb
npm/parse-asn1@5.1.7 None 0 24.7 kB ljharb
npm/path-to-regexp@0.1.10 None 0 6.38 kB blakeembrey
npm/possible-typed-array-names@1.0.0 None 0 10.9 kB ljharb
npm/pump@3.0.2 None 0 8.76 kB mafintosh
npm/qs@6.13.0 None +1 277 kB ljharb
npm/send@0.19.0 filesystem, network +2 64.8 kB ulisesgascon
npm/serve-static@1.16.2 None 0 25.4 kB wesleytodd
npm/spdx-exceptions@2.5.0 None 0 3.47 kB kemitchell
npm/spdx-license-ids@3.0.20 None 0 13 kB kemitchell, shinnn
npm/type@2.7.3 None 0 89.3 kB medikoo
npm/url@0.11.4 None +1 101 kB ljharb

🚮 Removed packages: npm/@types/pbkdf2@3.1.1, npm/@types/secp256k1@4.0.5, npm/argparse@0.1.16, npm/array.prototype.reduce@1.0.6, npm/asn1.js@5.4.1, npm/aws4@1.12.0, npm/base-x@3.0.9, npm/body-parser@1.20.2, npm/braces@3.0.2, npm/browserify-sign@4.2.2, npm/component-emitter@1.3.0, npm/cookie@0.5.0, npm/d@1.0.1, npm/elliptic@6.5.4, npm/es5-ext@0.10.62, npm/es6-symbol@3.1.3, npm/express@4.18.2, npm/fill-range@7.0.1, npm/finalhandler@1.2.0, npm/js-yaml@3.0.1, npm/merge-descriptors@1.0.1, npm/nan@2.18.0, npm/node-gyp-build@4.6.1, npm/object.getownpropertydescriptors@2.1.7, npm/parse-asn1@5.1.6, npm/path-to-regexp@0.1.7, npm/pump@3.0.0, npm/qs@6.11.0, npm/send@0.18.0, npm/serve-static@1.15.0, npm/spdx-exceptions@2.3.0, npm/spdx-license-ids@3.0.16, npm/type@1.2.0, npm/underscore.string@2.4.0, npm/underscore@1.7.0, npm/url@0.11.3

View full report↗︎

@legobeat
Copy link 

@SocketSecurity ignore npm/hash-base@3.0.4
@SocketSecurity ignore npm/component-emitter@1.3.1
@SocketSecurity ignore npm/parse-asn1@5.1.7
@SocketSecurity ignore npm/encodeurl@2.0.0
@SocketSecurity ignore npm/body-parser@1.20.3
@SocketSecurity ignore npm/send@0.19.0

new authors ok

@legobeat legobeat merged commit 866fb65 into main Sep 26, 2024
18 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-a0fde770ed branch September 26, 2024 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legobeat legobeat legobeat approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@legobeat