[Snyk] Upgrade web3 from 1.5.2 to 1.10.0

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3 from 1.5.2 to 1.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 33 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-05-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	430/1000 Why? CVSS 8.6	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	430/1000 Why? CVSS 8.6	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	430/1000 Why? CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	430/1000 Why? CVSS 8.6	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	430/1000 Why? CVSS 8.6	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	430/1000 Why? CVSS 8.6	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	430/1000 Why? CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	430/1000 Why? CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	430/1000 Why? CVSS 8.6	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	430/1000 Why? CVSS 8.6	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	430/1000 Why? CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	430/1000 Why? CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	430/1000 Why? CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.10.0 - 2023-05-10
  

  Fixed

  • Improved the error propagation in web3-providers-http package to effectively propagate useful error infomation about failed HTTP connections (#5955)
  • Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask (#4454) and related "n.data.substring is not a function", that is raised when there is a revert and web.eth.handleRevert = true (#6000)

  Changed

  • transaction.type is now formatted to a hex string before being send to provider (#5979)
  • When sending a transaction, if transaction.type === '0x1' && transaction.accessList === undefined, then transaction.accessList is set to [] (#5979)
  • Removed an unnecessary chainId parameter from toChecksumAddress() function types (#5888)

  Added

  • Added support for getPastEvents method to filter allEvents and specific event (#6015)

  Security

  • Updated dependencies (#6044)
• 1.10.0-rc.0 - 2023-05-02
  

  Fixed

  • Improved the error propagation in web3-providers-http package to effectively propagate useful error infomation about failed HTTP connections (#5955)
  • Fixed "Uncaught TypeError" calling a contract function that revert using MetaMask (#4454) and related "n.data.substring is not a function", that is raised when there is a revert and web.eth.handleRevert = true (#6000)

  Changed

  • transaction.type is now formatted to a hex string before being send to provider (#5979)
  • When sending a transaction, if transaction.type === '0x1' && transaction.accessList === undefined, then transaction.accessList is set to [] (#5979)
  • Removed an unnecessary chainId parameter from toChecksumAddress() function types (#5888)

  Added

  • Added support for getPastEvents method to filter allEvents and specific event (#6015)

  Security

  • Updated dependencies (#6044)
• 1.9.0 - 2023-03-20
  

  Fixed

  • Fixed skipped ws-ganache tests (#5759)
  • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
  • Fixed Error: Number can only safely store up to 53 bits (#5845)
  • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
  • Fixed Transaction type by adding missing properties (#5856)

  Changed

  • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
  • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
  • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
  • Add description to error for failed connection on websocket (#5884)

  Security

  • Updated dependencies (#5885)
• 1.9.0-rc.0 - 2023-03-07
  

  Fixed

  • Fixed skipped ws-ganache tests (#5759)
  • Fixed "provider started to reconnect error" in web3-provider-ws (#5820)
  • Fixed Error: Number can only safely store up to 53 bits (#5845)
  • Fixed types for packages which have default exports but not declared default export in .d.ts (#5866)
  • Fixed Transaction type by adding missing properties (#5856)

  Changed

  • Add optional hexFormat param to getTransaction and getBlock that accepts the value 'hex' (#5845)
  • utils.toNumber and utils.hexToNumber can now return the large unsafe numbers as BigInt, if true was passed to a new optional parameter called bigIntOnOverflow (#5845)
  • Updated @ types/bn.js dependency to 5.1.1 in web3, web3-core and web3-eth-contract as reason mentioned in #5640 (#5885)
  • Add description to error for failed connection on websocket (#5884)

  Security

  • Updated dependencies (#5885)
• 1.8.2 - 2023-01-30
  

  Changed

  • Updated Webpack 4 to Webpack 5, more details at (#5629)
  • crypto-browserify module is now used only in webpack builds for polyfilling browsers (#5629)
  • Updated ethereumjs-util to 7.1.5 (#5629)
  • Updated lerna 4 to version 6 (#5680)
  • Bump utils 0.12.0 to 0.12.5 (#5691)

  Fixed

  • Fixed types for web3.utils._jsonInterfaceMethodToString (#5550)
  • Fixed Next.js builds failing on Node.js v16, Abortcontroller added if it doesn't exist globally (#5601)
  • Builds fixed by updating all typescript versions to 4.1 (#5675)

  Removed

  • clean-webpack-plugin has been removed from dev-dependencies (#5629)

  Added

  • https-browserify, process, stream-browserify, stream-http, crypto-browserify added to dev-dependencies for polyfilling (#5629)
  • Add readable-stream to dev-dependancies for webpack (#5629)

  Security

  • npm audit fix for libraries update (#5726)
• 1.8.2-rc.0 - 2023-01-11
  Read more
• 1.8.1 - 2022-11-10
• 1.8.1-rc.0 - 2022-10-28
• 1.8.0 - 2022-09-14
• 1.8.0-rc.0 - 2022-09-08
• 1.7.5 - 2022-08-01
• 1.7.5-rc.1 - 2022-07-19
• 1.7.5-rc.0 - 2022-07-15
• 1.7.4 - 2022-06-21
• 1.7.4-rc.2 - 2022-06-16
• 1.7.4-rc.1 - 2022-06-08
• 1.7.4-rc.0 - 2022-05-17
• 1.7.3 - 2022-04-08
• 1.7.3-rc.0 - 2022-04-07
• 1.7.2 - 2022-04-07
• 1.7.2-rc.0 - 2022-03-24
• 1.7.1 - 2022-03-03
• 1.7.1-rc.0 - 2022-02-10
• 1.7.0 - 2022-01-17
• 1.7.0-rc.0 - 2021-12-09
• 1.6.1 - 2021-11-15
• 1.6.1-rc.3 - 2021-11-10
• 1.6.1-rc.2 - 2021-10-27
• 1.6.1-rc.0 - 2021-10-09
• 1.6.0 - 2021-09-30
• 1.6.0-rc.0 - 2021-09-26
• 1.5.3 - 2021-09-22
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15

from web3 GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.