Skip to content

[Snyk] Fix for 2 vulnerabilities#26

Open
thealidev wants to merge 1 commit intomainfrom
snyk-fix-ef07b3d3afd9a5245fd37cf9abbfdbb4
Open

[Snyk] Fix for 2 vulnerabilities#26
thealidev wants to merge 1 commit intomainfrom
snyk-fix-ef07b3d3afd9a5245fd37cf9abbfdbb4

Conversation

@thealidev
Copy link
Owner

@thealidev thealidev commented Oct 12, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 Yes No Known Exploit
high severity 701/1000
Why? Recently disclosed, Has a fix available, CVSS 8.3		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8172694		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: next The new version differs by 250 commits.
  • d7a96d2 v12.0.8
  • df0e899 v12.0.8-canary.22
  • d291aa9 Refactor data fetching API docs (#30615)
  • b6b7d85 Docs: correct ignorance pattern for .env.local (#32647)
  • 36eba95 Fixes #33153: Updating cross-references from master to main + canary (#33198)
  • 0de8447 v12.0.8-canary.21
  • 57a8705 Add util for normalizing errors (#33159)
  • 2d0fd34 Fix broken yarn pnp (#32867)
  • 9836429 drop dynamic import with `ssr: false` on server-side (#32606)
  • 600f113 next-swc: fix ssg code elimination when used in render (#32709)
  • 5f4947e Add Caveats section to custom error page (#33160)
  • 3eabb7f v12.0.8-canary.20
  • 4aa9879 Allow dependencies to use environment variables in middlewares (#33141)
  • f0ad19a use a separate webpack runtime for middleware (#33134)
  • 8ae08b9 No info on environment variables in the src folder (#33110) (#33136)
  • 213f5a4 docs: minor text-copy cleanup (#33120)
  • 87dbd03 Update swc (#33063)
  • 320986a Update next.config.js (#33091)
  • 3861e4b Adding Asset Component for Rich Text Renderer (#32503)
  • e5e04c9 Update using-mdx.md (#33077)
  • aeb67cc v12.0.8-canary.19
  • 6f5bfc1 Fix middleware at root in standalone mode (#33053)
  • efabf81 Add util for generating new tests/error documents (#33001)
  • 48c0bc8 Remove extra config from tailwind example (#33062)

See the full diff

Package name: web3 The new version differs by 250 commits.
  • c8799b0 changelog bumps
  • 50a2469 version bumps
  • 09f4c8b Fix validation uint int sizes (#6434)
  • 226b3ba 6508 fix (#6509)
  • 70d1957 Add functionality to extend tx types (#6493)
  • 10d1f12 socket provider fix 6416 (#6496)
  • 42502b6 Avoid using `**` with `BigInt` (#6506)
  • e760667 update tests (#6474)
  • 6e43d1b Fix typos (#6494)
  • b38f00d getRevertReason update for signed Txs (#6497)
  • 9a5fd87 fix: web3.min.js cdn 404 (#6489)
  • 4879326 Implement `EventEmitter` compatible with browsers (#6398)
  • ae98628 Bump postcss from 8.4.24 to 8.4.31 in /docs (#6476)
  • 6d99cd0 waitForTransactionReceipt fix (#6464)
  • 0e78235 Bump zod from 3.21.4 to 3.22.3 (#6477)
  • 80986bb fix stale (#6473)
  • 9b03f9d Fixed withdrawals property type bytes to address (#6471)
  • 90d78c1 add privateKeyToPublicKey function to accounts (#6466)
  • bfcbea8 Bump cross-fetch to version 4 (#6463)
  • 4b445ae Fixup base fee type (#6456)
  • 3060994 6344 - normalize v on recover (#6462)
  • c490c18 feat: replace ethers abi coder with ours (#6385)
  • b8fa712 fix: timer types to be context dependent (#6460)
  • 80adabe make default transaction 0x2 (#6426)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

@socket-security
Copy link

socket-security bot commented Oct 12, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/next@12.0.8 environment, filesystem, network, shell, unsafe +52 581 MB vercel-release-bot
npm/web3@4.2.0 Transitive: environment, eval, filesystem, network +64 18.5 MB jdevcs

🚮 Removed packages: npm/next@10.0.7, npm/web3@1.3.4

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thealidev @snyk-bot