Bump truffle from 5.4.29 to 5.11.1 in /examples/truffle

[dependabot]

Bumps truffle from 5.4.29 to 5.11.1.

Release notes

Sourced from truffle's releases.

v5.11.1 — Watermelon ice cream

Hello hello! 🫠 This week we have a minor release that includes some maintenance work 🔧 and updates to the new visual debugger in Truffle Dashboard (check out the v5.11.0 release notes for more info on getting started using it). Shout out to @​dependabot for being cool and bumping stuff! Hee ho!

We hope your week is going well and we'll see you next time!

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Enhancement

• add a tooltip for the debug button in the tx signer for dashboard (#6142 by @​eggplantzzz)

Bug fix

• correct typo in etherscan message in Truffle Dashboard debugger (#6147 by @​eggplantzzz)

Internal improvement

• move source range data into Sources component (#6146 by @​eggplantzzz)

Dependency update

• bump word-wrap from 1.2.3 to 1.2.4 (#6143 by @​dependabot[bot])

5.11.0 — Apple pie, no bugs allowed

Hey again everyone, welcome back! 👯

This week's release contains a special new feature; we have ported our CLI debugger 🙅🏽‍♀️🐛 over to work with Truffle Dashboard! So now you can step through your Solidity code in the browser! After installing the new version of Truffle, run truffle dashboard on the command line. After Truffle Dashboard starts up, just navigate to the URL specified and you can get started! There may be a few preparation steps for you to get up-and-running with your code, so expand the information below for more! We hope you enjoy it and, as always, let us know if you find some bugs so that we can improve it!

To use the debugger to step through code, Truffle Dashboard will first need to have the compilations for the contracts involved. If the sources are verified on Etherscan, then using the debugger is simple: enter your transaction hash in the input field and click Debug. Truffle will automatically fetch them for you and compile them! If you are debugging a transaction and you have the sources locally in a Truffle or HardHat project, you can send them to Truffle Dashboard using one of the following two methods...

For Truffle projects 🍫 If you have a Truffle project with the source files, you should first open Truffle Dashboard by running truffle dashboard in a terminal. Once Truffle Dashboard is running, navigate in a web browser to the URL specified. You should see a page with "Truffle Dashboard" in the top left. In another terminal, navigate to your Truffle project directory and run truffle develop. After the development console opens up, run migrate --compile-all. After you migration is complete, Truffle Dashboard will have your compilations saved in the browser! You can then enter the transaction hash you are interested in in the Dashboard Debugger and click Debug! The debugger will load up your session and you can then step through your transaction. Neat!

For HardHat projects 👷‍♀️ If you have a HardHat project with the source files, you should open Truffle Dashboard by running truffle dashboard in a terminal. Once Truffle Dashboard is running, navigate in a web browser to the URL specified. You should see a page with "Truffle Dashboard" in the top-left. In another terminal window, navigate to your HardHat project's root directory and install the @​truffle/dashboard-hardhat-plugin by running npm install @truffle/dashboard-hardhat-plugin. In your hardhat-config.ts, add import "@truffle/dashboard-hardhat-plugin" to the top of the file. Then run npx hardhat compile to send the compilations to Truffle Dashboard where they will be saved in the browser! You can then enter the transaction hash you are interested in in the Dashboard Debugger and click Debug! The debugger will load up your session and you can then step through your transaction. Voila!

Note 1: You can verify that the compilation was received by opening the developer console in your browser. Set the logging levels to "all levels" and you should see a "received cli-event message" that looks something like the screenshot below.

... (truncated)

Commits

• 49350e7 Publish
• 2748ccb Publish
• 5e9f2c8 Merge pull request #6134 from trufflesuite/fixed-ganache
• 86330f3 Update Ganache to 7.9.0
• 83274ec Update README.md
• a6fb238 Publish
• 854a564 Publish
• 2f009e9 Bump semver from 5.7.1 to 7.5.2
• 88c064e Merge pull request #6109 from vlasov-hub/develop
• 8553732 Merge pull request #6104 from BIOtrice/develop
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
truffle	5.4.29...5.11.1	network, filesystem	+196/-550	270 MB	eggplantzzz

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Native code	ganache	7.9.0	Location: node_modules/@trufflesuite/bigint-buffer/binding.gyp +4 more instances...	truffle@5.11.1 via examples/truffle/package.json

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore ganache@7.9.0

[dependabot]

Superseded by #950.