Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @truffle/contract from 4.1.15 to 4.2.6 #217

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @truffle/contract from 4.1.15 to 4.2.6 #217

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • contracts/package.json
    • contracts/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @truffle/contract The new version differs by 250 commits.
  • a0bbfcc Publish
  • 45cd769 Merge pull request #3018 from trufflesuite/yultide
  • 8c41e9b Rename idOrPath to astRef and add explanation
  • 6e07c4b Merge pull request #3070 from trufflesuite/doot-de-doo
  • ca01e1c Merge branch 'develop' into yultide
  • dd8567d Merge branch 'develop' into doot-de-doo
  • 567181a Finalize COLONY CircleCI job
  • 76e9db9 Move declaration option into tsconfig.json from build script
  • 06a9cb5 Replace manual string concatenation with makePath
  • be9bbe4 Unify Solidity/Yul variable handling
  • 6ce968b Merge pull request #3071 from trufflesuite/circleci-project-setup
  • 9d058d7 take COLONY job off TravisCI
  • e769f19 Add .circleci/config.yml
  • ecb2924 Improve typescript invocations in build scripts
  • 082d61e Merge pull request #3069 from trufflesuite/dont-look-back
  • c4ec2e0 Import @ truffle/codec in a more sensible way
  • e016a6a Add comment with link to lookbehind issue
  • 579c9cf Reclassify exorcist as devDependency, not dependency
  • f001228 Replace lookbehind replace with parameterized replace
  • 5c1caf4 Merge pull request #3065 from trufflesuite/no-utf8
  • 2cb930d Remove unused @ types/utf8 dependency from decoder
  • f892ce0 Merge pull request #3060 from trufflesuite/fix/add-validate-to-typings
  • ef68d7e add validate function to contract-schema exported typings
  • 3034fdb Merge pull request #3057 from trufflesuite/minmax

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: contracts/package.json & contracts/package-lock.json to reduce v…
69c6119 
…ulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot