[Snyk] Fix for 9 vulnerabilities

[baby636]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • app/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-543307	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-WEB3UTILS-6229337	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ethereumjs-wallet

The new version differs by 60 commits.

• f30e8b6 Merge pull request V2.0.2 fuseio/fuse-network#129 from ethereumjs/new-release
• 5c83398 Bumped version to v1.0.0, added CHANGELOG entry
• cead4f9 Merge pull request fix a merge error fuseio/fuse-network#128 from Tenderly/removing-native-js-dependencies
• c0edad3 Update HDKey require to import.
• b6b4103 Removes semicolon.
• 80ac8b2 Switching to hdkey from js-ethereum-cryptography.
• 35df952 Merge pull request Add cache size input fuseio/fuse-network#127 from ethereumjs/update-hdkey-dependency
• 5f504fd update to hdkey 2.0.1
• 8fc5410 Updated hdkey dependency from v1.1.1 to v2.0.0 (updated secp256k1 dependency to v4)
• 23c7106 Merge pull request Update bootnodes fuseio/fuse-network#126 from ethereumjs/update-ethereumjs-util
• 9228c81 Updated ethereumjs-util dependency to v7.0.2
• 626e720 Merge pull request Update spark to OE 3.3.5 fuseio/fuse-network#125 from ethereumjs/use-scrypt-js
• 110c3b5 remove freenode reference
• 71d1c44 use `scrypt-js`
• 59eb071 Merge pull request Feature: add working docker-compose.yaml fuseio/fuse-network#121 from ethereumjs/update-ethereumjs-util-to-v700
• 073319c upgrade karma-typescript to v5 (which supports es modules, reducing need for karma-typescript-es6-transform)
• 61487a1 Updated error msg in index.spec.ts .getPrivateKey() test to match with new msg from updated secp2561 v4 library
• 5ec8756 Limited ethereumjs-util import scope in tests
• 6a388e4 Added Buffer conversion for entropy in Thirdparty API fromKryptoKit(), some Buffer type assertions
• d305a65 Bumped ethereumjs-util version to v7.0.1 in package.json
• b7574b1 Merge pull request Bump block size to 20million, bump version string to 2.0.2 for spark fuseio/fuse-network#120 from ethereumjs/useGHActions
• c79ea93 Merge branch 'master' into useGHActions
• 236478a Merge pull request Adding fusespark testnet to Chainlist fuseio/fuse-network#117 from ethereumjs/remove-wallet-subprovider
• 8c116e2 Corrected Remarks-about-toV3 header level in README

See the full diff

Package name: web3

The new version differs by 250 commits.

• 5b5bf87 changelog updates
• 45d55c3 version update
• 4358140 Release/4.0.1 rc.2 (#6152)
• cdc2835 fix canary auth (#6151)
• 55a4de1 add util polyfill (#6150)
• 45edf3d Canary releases (#6143)
• 01ce365 Proposal for rearranging docs (#6141)
• 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
• d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
• 88ac791 Correct and enhance documentation for subscribing to events (#6129)
• daaaff7 Autotype for contract methods (#6137)
• ab80131 support ESM builds (#6131)
• 6202d1e min build whitelisting (#6132)
• 7a924db migration guide update (#6130)
• 4f423fc Fix validation of nested tuples (#6125)
• 408332d fix!: remove non read-only ens methods (#6084)
• 8c5ea34 Providers Tutorial (#6095)
• f2abd6a Eth turorial (#6120)
• 210455a transaction integration tests (#6071)
• fe959a1 Contract options fix (#6118)
• bf1311f update docs so web is imported by default (#6112)
• 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
• 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
• edc7a84 `defaultTransactionTypeParser` Refactor (#6102)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Open Redirect
🦉 Prototype Pollution