[Snyk] Upgrade: merkletreejs, rlp #11
Conversation
Snyk has created this PR to upgrade:
- merkletreejs from 0.3.11 to 0.4.0.
See this package in npm: https://www.npmjs.com/package/merkletreejs
- rlp from 2.2.7 to 3.0.0.
See this package in npm: https://www.npmjs.com/package/rlp
See this project in Snyk:
https://app.snyk.io/org/okeamah/project/1a130d45-fd45-43fc-adae-043c2cd5f942?utm_source=github&utm_medium=referral&page=upgrade-pr
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a critical CVE?Contains a Critical Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
merkletreejs
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
from 0.3.11 to 0.4.0 | 1 version ahead of your current version | 2 months ago
on 2024-07-02
rlp
from 2.2.7 to 3.0.0 | 1 version ahead of your current version
on 2022-01-25
Release notes
Package name: merkletreejs
-
0.4.0 - 2024-07-02
-
0.3.11 - 2023-10-30
from merkletreejs GitHub release notesPackage name: rlp
-
3.0.0 - 2022-01-25
- New
- Refactored
- Dropped
- Dropped
- Removed
- The
- Renamed
- Moved
- Replaced static VM
- Converted
- Migrated
- Fixed a bug where
- Fixed longer output than return length in
- Use
- Fixed tx value overflow 256 bits, PR #471
- Use
- Fixed API doc types for
- New Karma browser testing for the API tests, PRs #461, PR #468
- Removed unused parts and tests within the test setup, PR #437
- Fixed a bug using
- Complete switch to Petersburg on tests, fix coverage, PR #448
- Added test for
- Fixed
-
2.2.7 - 2021-10-06
from rlp GitHub release notesThis release comes with a modernized
ES6-class structured code base, somesignificant local refactoring work regarding how
StackandMemoryare organized within the VM and it finalizes a first round of module structuring
now having separate folders for
bloom,evmandstaterelated code. Therelease also removes some rarely used parts of the API (
hookedVM,VM.deps).All this is to a large extend preparatory work for a
v4.0.0release which willfollow in the next months with
TypeScriptsupport and more system-widerefactoring work leading to a more modular and expandable VM and providing the
ground for future
eWASMintegration. If you are interested in the releaseprocess and want to take part in the refactoring discussion see the associated
issue #455.
VM Refactoring/Breaking Changes
Memoryclass for evm memory manipulation, PR #442Stackmanipulation in evm, PR #460createHookedVm(BREAKING), being made obsolete by the newStateManagerAPI, PR #451VM.depsattribute (please require dependencies yourself if you used this), PR #478fakeBlockchainclass and associated tests, PR #466petersburghardfork rules are now run as default (before:byzantium), PR #485Modularization
vmmodule toevm, moveprecompilestoevmmodule, PR #481stateManager,storageReaderandcachetostatemodule, PR #443logTablewith dynamic inline version inEXPopcode, PR #450Code Modernization/ES6
VMtoES6class, PR #478stateManagerandstorageReadertoES6class syntax, PR #452Bug Fixes
stateManager.setStateRoot()didn't clear the_storageTriescache, PR #445CALLopcode, PR #454BN.toArrayLike()instead ofBN.toBuffer()(browser compatibility), PR #458Maintenance/Optimization
BNreduction context inMODEXPprecompile, PR #463Documentation
Bloomfilter methods, PR #439Testing
--jsontrace flag in the tests, PR #438StateManager.dumpStorage(), PR #462ecmul_0-3_5616_28000_96(by test setup adoption), PR #473Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: