Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @solana/web3.js from 1.91.1 to 1.91.3 #148

Merged
merged 1 commit into from
Apr 18, 2024
Merged

[Snyk] Security upgrade @solana/web3.js from 1.91.1 to 1.91.3 #148

merged 1 commit into from
Apr 18, 2024

Conversation

YvesCandel
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Improper Restriction of Operations within the Bounds of a Memory Buffer
SNYK-JS-SOLANAWEB3JS-6647564		 No No Known Exploit
Commit messages
Package name: @solana/web3.js The new version differs by 75 commits.
  • 77d9352 fix: bounds check
  • 5b21c65 refactor(experimental): nit: rename define to describe (#2384)
  • ce1be3f refactor(experimental): rename getScalarEnumCodec to getEnumCodec (#2383)
  • 7e86583 refactor(experimental): rename getDataEnumCodec to getDiscriminatedUnionCodec (#2382)
  • 49a764c refactor(experimental): support number and symbol discriminator values for getDataEnumCodec (#2381)
  • bf029dd refactor(experimental): support custom discriminator property for getDataEnumCodec (#2380)
  • 3c33220 Move comments about signature busting to the callsites that bust the signatures (#2386)
  • 4fbec68 Upgrade to Jest 30 (#1914)
  • 50fe84e Revert "Show no Turbo logs except when there is an error (#2366)" (#2385)
  • b566e7a Enable `require-await` linter (#2353)
  • 8af5427 Show no Turbo logs except when there is an error (#2366)
  • 478443f Validate that the public key generated from createKeyPairFromBytes() belongs to the private key (#2329)
  • 9370133 Negative error codes now get decoded correctly by the production error decoder (#2376)
  • 6135928 Split the dependency between `compile:typedefs` and the legacy library (#2370)
  • 38000cb Find all misnamed Rollup configs and fix them (#2371)
  • 6eded26 Bust the prettier cache any time any file changes (#2369)
  • c03a8d5 Strip `outputs` from the Turborepo config, because omitting it is the same as passing an empty array (#2368)
  • 99a9cbe Break the `style:fix` cache any time any file changes (#2367)
  • 4402f35 Since tests depend on _implementations_, make sure to build upstreams before running tests (#2373)
  • 94f2053 Move dependencies out of `devDependencies` where they are used in the implementation (#2375)
  • 65f262c Run `style:fix` with the new, actually working config (#2365)
  • d2c0daf Make the Prettier task behave more like your editor (#2364)
  • 5908de2 Patch `jest-runner-prettier` to work with Prettier 3 (#2363)
  • 0a19b75 Upgrade to Turbo 1.13

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@mindrunner mindrunner added this pull request to the merge queue Apr 18, 2024
Merged via the queue into develop with commit 01effad Apr 18, 2024
3 checks passed
@mindrunner mindrunner deleted the snyk-fix-c14e28e82426a18628df6493c0fc7e1e branch April 18, 2024 20:18
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 0.7.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mindrunner mindrunner mindrunner approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@YvesCandel @mindrunner @snyk-bot