Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VM-332 - MEND - Update dependency web3-provider-engine to v17 - autoclosed #26

Closed
wants to merge 1 commit into from
Closed

VM-332 - MEND - Update dependency web3-provider-engine to v17 - autoclosed #26

wants to merge 1 commit into from

Conversation

copper-mend-app[bot]
Copy link

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
web3-provider-engine ^16.0.1 -> ^17.0.0 age adoption passing confidence

By merging this PR, the issue #22 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2021-3918
Critical Critical 9.8 CVE-2023-26136
High High 7.8 CVE-2021-43138
High High 7.5 CVE-2021-23343
High High 7.5 CVE-2022-24999
High High 7.5 CVE-2022-25883
High High 7.5 CVE-2022-25883
High High 7.2 CVE-2021-23337

Release Notes

MetaMask/web3-provider-engine (web3-provider-engine)

v17.0.0

Compare Source

Changed
  • Add deprecation notice (#​469)
  • BREAKING: Increase minimum Node.js version to 16 (#​447)
  • Bump ethereumjs and metamask dependencies (#​453) (#​471)
  • babelify dependencies (#​454)
  • Update dependency readable-stream from ^2.2.9 to ^3.6.2 (#​452)
  • Update devDependency browserify from 16.5.0 to 17.0.0 (#​456)

v16.0.8

Compare Source

Changed
  • Update dependencies (#​477)
    • eth-rpc-errors@^3.0.0->^4.0.3
    • ethereumjs-block@^1.2.2->^2.2.2
    • ethereumjs-util@^5.1.5->^7.1.5
    • ethereumjs-vm@^2.3.4->^2.6.0
    • eth-json-rpc-filters@^4.2.1->~5.0.0
    • eth-json-rpc-infura@^5.1.0 -> @metamask/eth-json-rpc-infura@^6.0.0
    • eth-json-rpc-middleware@^6.0.0->^8.1.0
    • eth-sig-util@^1.4.2 -> @metamask/eth-sig-util@^4.0.1
Fixed
  • Properly return signed transaction object in signTransaction of HookedWalletEthTxSubprovider (#​465)

v16.0.7

Compare Source

Fixed
  • Properly replace vulnerable dependency request with patched @cypress/request (#​459)

v16.0.6

Compare Source

Fixed
  • Replace vulnerable dependency request with patched @cypress/request (#​441)
  • Update ws from ^5.1.1 to ^7.5.9 (#​446)

v16.0.5

Compare Source

Changed
  • Update eth-block-tracker to 5.0.1 to remove unintentional dependency on Babel, which produced warning locally when not installed (#​409)

v16.0.4

Compare Source

Fixed
  • Remove vulnerable version of cross-fetch (#​404)

v16.0.3

Compare Source

Changed
  • Remove zero prefix from address. (#​380)
    • The previously published version v16.0.2 (now deprecated) included an upgrade that didn't take into account that tx.getSenderAddress().toString('hex') now includes the leading 0x prefix.

v16.0.2

Compare Source

Changed
  • Update ethereumjs-tx to @ethereumjs/tx to support EIP1559 transactions (#​356)
  • If you want to rebase/retry this PR, check this box

@copper-mend-app copper-mend-app bot added the security fix Security fix generated by Mend label May 23, 2024
@copper-mend-app copper-mend-app bot changed the title VM-332 - MEND - Update dependency web3-provider-engine to v17 VM-332 - MEND - Update dependency web3-provider-engine to v17 - autoclosed May 23, 2024
@copper-mend-app copper-mend-app bot closed this May 23, 2024
@copper-mend-app copper-mend-app bot deleted the fix-VM-332-MEND_web3-provider-engine-17.x branch May 23, 2024 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants