Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade solidity-coverage from 0.8.5 to 0.8.12 #37

Closed

Conversation

tobistudio
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade solidity-coverage from 0.8.5 to 0.8.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 11 versions ahead of your current version.

  • The recommended version was released on 4 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123
479 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352
479 No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-OPENZEPPELINCONTRACTS-6346765
479 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
479 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
479 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5425051
479 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5711902
479 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
479 Proof of Concept
low severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-5425827
479 No Known Exploit
low severity Missing Authorization
SNYK-JS-OPENZEPPELINCONTRACTS-5672116
479 No Known Exploit
Release notes
Package name: solidity-coverage
  • 0.8.12 - 2024-04-05

    What's Changed

    • Adds "work-around" support for the hardhat-viem plugin. If you're using viem, run the coverage task with:
      SOLIDITY_COVERAGE=true npx hardhat coverage
      
    • Adds support for solc v0.4.x
    • Fixes a bug where plugin crashed if the contract sources directory name contained a period.
    • Fixes a bug where instrumentation failed if there was whitespace between require statement and the terminating semi-colon

    PRs

    Full Changelog: v0.8.11...v0.8.12

  • 0.8.11 - 2024-03-07

    Summary

    0.8.11 fixes a(nother) bug that resulted in some line hits remaining undetected when compiling with viaIR=true

    What's Changed

    • Check all SWAP opcodes for inst. hashes when viaIR is true by @ cgewecke in #873

    Full Changelog: v0.8.10...v0.8.11

  • 0.8.10 - 2024-02-29

    Summary

    0.8.10 fixes a bug that resulted in some line hits remaining undetected when compiling with viaIR=true

    What's Changed

    • Check all PUSH opcodes for instr. hashes when viaIR is true by @ cgewecke in #871

    Full Changelog: v0.8.9...v0.8.10

  • 0.8.10-rc.0 - 2024-02-28
  • 0.8.9 - 2024-02-27

    What's Changed

    • Fix regression introduced in 0.8.7 where modifier branch coverage for modifiers inherited from a dependency was not measured correctly in some cases @ cgewecke in #868

    Full Changelog: v0.8.8...v0.8.9

  • 0.8.9-rc.0 - 2024-02-25
  • 0.8.8 - 2024-02-21

    What's Changed

    • Fix bug when instrumenting hardhat flattened contracts:
      • Only inject file-level instr. for first pragma in file by @ cgewecke in #865
    • Fix 0% coverage when using with hardhat-foundry & foundry.toml is present:
      • Coerce sources path to absolute path if necessary by @ cgewecke in #866

    Install

    npm install --save-dev solidity-coverage@latest
    npx hardhat clean
    

    Full Changelog: v0.8.7...v0.8.8

  • 0.8.7 - 2024-02-10

    What's Changed

    viaIR now allowed

    This release (hopefully) fixes a long-running problem solidity-coverage had with solc's viaIR compilation mode - It's now possible to use it without any special configuration. (Please report any ongoing issues with this to issue #861)

    If you've been using .solcover.js options like configureYulOptimizer and solcOptimizerDetails as a work around, you should remove them when upgrading. (Don't forget to run the hardhat clean task after updating any coverage config stuff).

    --network no longer allowed

    Sadly the ganache client has been deprecated. The coverage plugin never worked with its latest major version and the network flag only existed for its sake. Going forward, the network option throws an error notifying the user that coverage only uses the HardhatEVM network.

    --sources cli option

    You can now select a single file (or folder) at the command line to generate coverage for. This option should speed things up if you've been waiting for the plugin to instrument everything in a large project whenever you run the command.

    $ npx hardhat coverage --sources MyFile.sol
    $ npx hardhat coverage --sources MyFolder

    (Thanks so much @ clauBv23 for adding this!)

    Funding

    OpenZeppelin has very generously funded recent work at solidity-coverage via DRIPS, a public goods protocol which helps you direct money to projects in your dependency tree. Thanks so much! ❤️

    Links to relevant PRs

    • Add command option to specify the source files to run the coverage on (#806) by @ clauBv23 in #838
    • Remove ganache-cli related code from API & tests by @ cgewecke in #849
    • Add missing onPreCompile stage hook by @ cgewecke in #851
    • Enable coverage when viaIR compiler flag is true by @ cgewecke in #854

    Full Changelog: v0.8.6...v0.8.7

  • 0.8.7-viaIR.0 - 2024-02-09
  • 0.8.6 - 2024-01-29

    What's Changed

    Fixes

    • Perform ternary conditional injections before branch injections (#828) by @ cgewecke in #828
    • Fix chained ternary conditionals instrumentation by @ cgewecke in #830
    • Fix instrumentation error for virtual modifiers by @ cgewecke in #832
    • Throw error when mocha parallel is set to true by @ cgewecke in #833

    Documentation

    • Update faq.md with another viaIR optimizer config workaround by @ remedcu in #822
    • Document Istanbul check-coverage cli command by @ cgewecke in #834

    Dependencies

    Misc

    New Contributors

    Full Changelog: v0.8.5...v0.8.6

  • 0.8.6-sha1.0 - 2023-10-14
  • 0.8.5 - 2023-09-22

    What's Changed

    New Contributors

    Full Changelog: v0.8.4...v0.8.5

from solidity-coverage GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade solidity-coverage from 0.8.5 to 0.8.12.

See this package in npm:
solidity-coverage

See this project in Snyk:
https://app.snyk.io/org/dawnsee0823/project/a7063ebf-eb1f-4a43-a397-68540aab5222?utm_source=github&utm_medium=referral&page=upgrade-pr
@tobistudio tobistudio closed this Oct 2, 2024
@tobistudio tobistudio deleted the snyk-upgrade-452eef5269a29edd226f1b3356e94a09 branch October 2, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants