[Snyk] Fix for 3 vulnerabilities

[davidevernizzi]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • testing/contract-integrations/package.json
  • testing/contract-integrations/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	No	No Known Exploit
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	No	Proof of Concept
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Validation of Integrity Check Value SNYK-JS-SECP256K1-8237220	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @certusone/wormhole-sdk

The new version differs by 250 commits.

• 343d213 Node/CCQ: Proxy log stats on timeout (Node/CCQ: Proxy log stats on timeout wormhole-foundation/wormhole#4067)
• 46bcc70 Node: Log fatal not making it to grafana (Node: Log fatal not making it to grafana wormhole-foundation/wormhole#4063)
• 7bf815e Node/CCQ: Allow address wildcard (Node/CCQ: Allow address wildcard wormhole-foundation/wormhole#4062)
• fc9ba90 node: Add Makefile test target for arm64 (node: Add Makefile test target for arm64 wormhole-foundation/wormhole#4057)
• c381d6b sdk: add Mantle and X Layer relayer addresses
• 7e205e1 Node/P2P: Allow disabling subscribing to VAAs (Node/P2P: Allow disabling subscribing to VAAs wormhole-foundation/wormhole#4019)
• e351236 Node: Processor performance improvements (Node: Processor performance improvements wormhole-foundation/wormhole#3988)
• d3533aa Node: Gossip Topic Split (Node: Gossip Topic Split wormhole-foundation/wormhole#4000)
• c2496cd ci: bump foundry to 2024-08-04 nightly
• 83c5e49 Terra2: Use "docker compose", not docker-compose (Terra2: Use "docker compose", not "docker-compose" wormhole-foundation/wormhole#4056)
• 71fd496 sdk: update karura testnet contracts and tokenBridgeVAA (chore: update karura testnet contracts and tokenBridgeVAA wormhole-foundation/wormhole#4055)
• 6b72e57 node: Fix missing tokens in generated token list due to outdated SDK (node: Fix missing support for chains in generated token list due to outdated SDK wormhole-foundation/wormhole#4053)
• f20a42e Node: Gateway relayer can ignore already attested return (Node: Gateway relayer can ignore already attested return wormhole-foundation/wormhole#4052)
• bc9ed51 CI: query-sdk-ci fails intermittently (CI: query-sdk-ci fails intermittently wormhole-foundation/wormhole#4046)
• 9f98901 clients/js: move towards sdkV2
• eebc7ae ci: reveal sdk/js-query test errors
• 3e13e79 ci: fix node tests fail intermittently (ci: fix node tests fail intermittently wormhole-foundation/wormhole#4044)
• caf6346 node: Update token entries for devnet and testnet configs (node: Update token entries for devnet and testnet configs wormhole-foundation/wormhole#4045)
• 1c06d70 wormchain: refresh interchaintest (wormchain: refresh interchaintest wormhole-foundation/wormhole#3991)
• 1018463 wormchain: change ioutil to io and os (change ioutil to io and os wormhole-foundation/wormhole#3970)
• b90ea59 Tilt: More multiple guardian changes (Tilt: More multiple guardian changes wormhole-foundation/wormhole#4043)
• 5042ff1 node: Flow cancel enhancements and bug fixes (node: Flow cancel enhancements and bug fixes wormhole-foundation/wormhole#4016)
• 038d76b node/cleanup: Add some documentation and an ignore-list to mainnet_chains_test.go (node/cleanup: Add some documentation and an ignore-list to mainnet_chains_test.go wormhole-foundation/wormhole#4038)
• 30e4042 Node: Minor logging changes

See the full diff

Package name: @solana/web3.js

The new version differs by 250 commits.

• 7141986 fix: replace tweetnacl impl
• ef5a6da Update rollup script to exclude new secp256k1 and hmac/sha256 dependencies (#27428)
• f8b5608 [web3.js] Replace sha256 and secp256k1 impls (#27390)
• 8e30e66 feat: add support for creating version 0 transactions (#27142)
• 4f2d052 [web3.js] Eliminate dependency on `URL` class (#27349)
• 8d5e263 chore: bump eslint-plugin-mocha from 10.0.4 to 10.1.0 in /web3.js (#27332)
• 40022a3 chore: bump @ commitlint/travis-cli from 17.0.0 to 17.0.3 in /web3.js (#27331)
• eaa318d chore: bump @ babel/register from 7.17.7 to 7.18.9 in /web3.js (#27330)
• 9abf36c chore: bump @ babel/core from 7.18.0 to 7.18.13 in /web3.js (#27329)
• 2cc39ab VoteProgram.safeWithdraw function to safeguard against accidental vote account closures (#26586)
• 55652a0 chore: bump @ babel/preset-env from 7.18.0 to 7.18.10 in /web3.js (#27138)
• 659067b chore: add constant for pubkey byte length (#27134)
• 895de4c feat: add getAddressLookupTable method to Connection (#27127)
• 732f8aa chore: restructure utils code
• 81a1d2c chore: restructure program files
• 53dd609 chore: restucture message files
• 9823da7 chore: restructure transaction files
• 7d05857 feat: support minContextSlot in getParsedAccountInfo method (#27084)
• d7ed86a chore: annotate more types as deprecated (#27067)
• bbfd5d3 feat: handle `loadedAddresses` field in tx meta responses (#27065)
• 3708ea1 chore: update `tweetnacl` dependency to 1.0.3 explicitly (#26907)
• 2dc0551 chore: Update web3.js README to ask that contributions and issues regarding web3.js be filed against the monorepo and not the mirror
• 091faf5 fix: (web3.js) clear the idle timer whenever the websocket closes (#26734)
• 85a6a3f feat(web3.js): add support for get stake minimum delegation (#26682)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.