[Snyk] Upgrade web3 from 1.0.0-beta.55 to 1.3.5

[snyk-bot]

Snyk has created this PR to upgrade web3 from 1.0.0-beta.55 to 1.3.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 31 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-04-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-URLPARSE-543307	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.3.5 - 2021-04-05
  

  Added

  • Github action for running tests for web3-eth2-core and web3-eth2-beaconchain packages (#3892)
  • Added description to documentation on how to connect using a remote node provider (#3884)
  • Added Security risk warning to docs for web3.utils.soliditySha3 (#3908)
  • .nvmrc file using Node.js version v.14.15.1 (#3817)
  • Add commitment to semantic versioning since version 1.3.0 and onwards (#3961)

  Changed

  • Unified babel compiler for web3-eth2-core and web3-eth2-beaconchain (#3892)
  • Renamed the tsc script in all packages to compile; updates the corresponding lerna run usage in the main package.json (#3894)
  • moved deprecation warnings to postinstall scripts (#3917)
  • Upgrade @ chainsafe/geth-dev-assistant from 0.1.5 to 0.1.9 (#3950)
  • Replaced hardcoded infura link with Github Secret for some tests (#3943)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-eth-accounts (#3941)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-bzz (#3940)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-core-requestmanager (#3945)
  • Rewrite web3-eth-iban in ES6 (#3955)
• 1.3.5-rc.0 - 2021-03-24
  

  Added

  • Github action for running tests for web3-eth2-core and web3-eth2-beaconchain packages (#3892)
  • Added description to documentation on how to connect using a remote node provider (#3884)
  • Added Security risk warning to docs for web3.utils.soliditySha3 (#3908)
  • .nvmrc file using Node.js version v.14.15.1 (#3817)
  • Add commitment to semantic versioning since version 1.3.0 and onwards (#3961)

  Changed

  • Unified babel compiler for web3-eth2-core and web3-eth2-beaconchain (#3892)
  • Renamed the tsc script in all packages to compile; updates the corresponding lerna run usage in the main package.json (#3894)
  • moved deprecation warnings to postinstall scripts (#3917)
  • Upgrade @ chainsafe/geth-dev-assistant from 0.1.5 to 0.1.9 (#3950)
  • Replaced hardcoded infura link with Github Secret for some tests (#3943)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-eth-accounts (#3941)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-bzz (#3940)
  • Bump elliptic from 6.5.3 to 6.5.4 for web3-core-requestmanager (#3945)
  • Rewrite web3-eth-iban in ES6 (#3955)
• 1.3.4 - 2021-02-03
  

  This release contains bug fixes, updates dependencies (including 4 security vulnerabilities), adds deprecation notice for web3-bzz, and updates the Typescript types for web3-eth2-core and web3-eth2-beaconchain

  Changed

  • Fixed mutation of inputs to encoding and decoding functions (#3748)
  • Fix default value for fromBlock option for logs subscriptions (defaults to latest) (#3883)
  • ethjs-signer test (#3876)
  • Rename web3-eth2-base to web3-eth2-core and web3-eth2-beacon to web3-eth2-beaconchain (#3833)
  • Bump ts-node from version ^8.10.2 to ^9.0.0 (#3856)
  • Ran npm audit fix which fixed 4 vulnerabilities (#3856)
  • Correct web3-eth2-beaconchain type declarations (#3859) and (#3865)
  • Move interfaces IBaseAPISchema and IBaseAPIMethodSchema to index.d.ts for web3-eth2-core (#3878)
  • Update dependencies for web3-eth2-core (#3878)

  Removed

  • Remove notImplemented flag from ETH2 Beacon Chain package methods schema (#3861)
  • Removes IETH2BeaconChain interface in favor of exporting a class type: ETH2BeaconChain (#3878)
  • Remove index.d.ts files in favor of types.ts for web3-eth2-core and web3-eth2-beaconchain (#3878)
  • schema.ts from web3-eth2-core (#3878)
  • dtslint npm command from web3-eth2-core and web3-eth2-beaconchain as index.d.ts files were removed (#3878)

  Added

  • Add ETH2Core class export to index.d.ts for web3-eth2-core (#3878)
  • Deprecation of bzz warning (#3872)
  • Deprecation of shh warning (#3889)
• 1.3.4-rc.2 - 2021-01-28
  Read more
• 1.3.4-rc.1 - 2021-01-26
  

  v1.3.4-rc.1

• 1.3.3 - 2021-01-22
  

  Notice: This release is exactly the same as v1.3.2, unfortunately we had an issue with one of our builds and the ./dist folder was not update correctly. This only affected users who were using the .min.js version of web3.js, and NPM users were not affected. We are pulling v1.3.2 to reduce confusion.

  This release is a hot fix to address a breaking change in the Metamask API. This release does not follow our conventional release structure and builds off of the v1.3.1 tag, thus does not include any commits outside of those directly related to PR #3864.

  If you have any questions please reach out to us on twitter or by email ([email protected])

  Fixed

  • Fix EIP-1193 provider subscriptions (#3864)
  • Updated the ./dist with the latest build from v1.3.2
• 1.3.2 - 2021-01-21
  

  This release is a hot fix to address a breaking change in the Metamask API. This release does not follow our conventional release structure and builds off of the v1.3.1 tag, thus does not include any commits outside of those directly related to PR #3864.

  If you have any questions please reach out to us on twitter or by email ([email protected])

  Fixed

  • Fix EIP-1193 provider subscriptions (#3864)
• 1.3.2-rc.2 - 2021-01-21
  Read more
• 1.3.1 - 2020-12-17
• 1.3.0 - 2020-09-15
• 1.3.0-rc.0 - 2020-09-02
• 1.2.11 - 2020-07-18
• 1.2.10 - 2020-07-17
• 1.2.10-rc.0 - 2020-07-09
• 1.2.9 - 2020-06-09
• 1.2.9-rc.0 - 2020-06-02
• 1.2.8 - 2020-05-20
• 1.2.8-rc.1 - 2020-05-18
• 1.2.8-rc.0 - 2020-05-08
• 1.2.7 - 2020-04-24
• 1.2.7-rc.0 - 2020-04-15
• 1.2.6 - 2020-02-02
• 1.2.5 - 2020-01-27
• 1.2.5-rc.0 - 2020-01-16
• 1.2.4 - 2019-11-15
• 1.2.3 - 2019-11-14
• 1.2.2 - 2019-10-23
• 1.2.1 - 2019-08-06
• 1.2.0 - 2019-07-23
• 1.0.0-beta2 - 2017-07-20
• 1.0.0-beta1 - 2017-07-20
• 1.0.0-beta.55 - 2019-05-09

from web3 GitHub release notes

Commit messages

Package name: web3

• 6674ea5 v1.3.5
• a79835d Update version numbers
• 5a3701a Built dist
• a128561 Update changelog
• 888d107 Feature/web3 eth iban es6 (#3964) (#3965)
• dc148e7 Clarify commitment to semantic versioning (#3961) (#3962)
• 88f59fe Debugging failing tests (#3959) (#3960)
• 8b2291b Rename tsc to compile (#3957) (#3958)
• bb259d9 add nvmrc file (#3817)
• 20bf22d Bump elliptic from 6.5.3 to 6.5.4 in /packages/web3-core-requestmanager (#3945)
• ba5a25f Bump elliptic from 6.5.3 to 6.5.4 in /packages/web3-bzz (#3940)
• 53b00aa Bump elliptic from 6.5.3 to 6.5.4 in /packages/web3-eth-accounts (#3941)
• d37d187 use posinstall to do deprecation warnings (#3917)
• 2c5a8ec Replace hardcoded infura endpoints (#3943)
• f196996 Update soliditySha3 docs (#3908)
• 06610f2 Wyatt/eth2 GitHub action (#3896)
• 60b30b8 Merge pull request #3885 from ChainSafe/release/1.3.4
• f6d60bd Merge branch '1.x' into release/1.3.4
• 91e42f8 commit binary
• a4840c3 v1.3.4
• 719482b Revert "Add eth2 github action (#3892)" (#3895)
• 1a252a9 Add eth2 github action (#3892)
• f72f828 v1.3.4-rc.2
• 0280051 Built dist

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs