[Snyk] Upgrade web3 from 1.0.0-beta.37 to 1.2.6 #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade web3 from 1.0.0-beta.37 to 1.2.6. See this package in NPM: https://www.npmjs.com/package/web3 See this project in Snyk: https://app.snyk.io/org/denissnykio/project/214ee7eb-423f-4a9b-b288-a07f49ae957a?utm_source=github&utm_medium=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade web3 from 1.0.0-beta.37 to 1.2.6.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.The recommended version fixes:
snyk:lic:npm:web3-utils:LGPL-3.0
snyk:lic:npm:web3-shh:LGPL-3.0
snyk:lic:npm:web3-providers-ws:LGPL-3.0
snyk:lic:npm:web3-providers-ipc:LGPL-3.0
snyk:lic:npm:web3-providers-http:LGPL-3.0
snyk:lic:npm:web3-net:LGPL-3.0
snyk:lic:npm:web3-eth:LGPL-3.0
snyk:lic:npm:web3-eth-personal:LGPL-3.0
snyk:lic:npm:web3-eth-iban:LGPL-3.0
snyk:lic:npm:web3-eth-ens:LGPL-3.0
snyk:lic:npm:web3-eth-contract:LGPL-3.0
snyk:lic:npm:web3-eth-accounts:LGPL-3.0
snyk:lic:npm:web3-eth-abi:LGPL-3.0
snyk:lic:npm:web3-core:LGPL-3.0
snyk:lic:npm:web3-core-subscriptions:LGPL-3.0
snyk:lic:npm:web3-core-requestmanager:LGPL-3.0
snyk:lic:npm:web3-core-promievent:LGPL-3.0
snyk:lic:npm:web3-core-method:LGPL-3.0
snyk:lic:npm:web3-core-helpers:LGPL-3.0
snyk:lic:npm:web3-bzz:LGPL-3.0
snyk:lic:npm:web3:LGPL-3.0
SNYK-JS-DECOMPRESS-557358
Release notes
Package name: web3
-
1.2.6 - 2020-02-02
- Görli testnet ENS registry added to the known registries (#3338)
- ENS registry addresses updated (#3353, https://medium.com/the-ethereum-name-service/ens-registry-migration-bug-fix-new-features-64379193a5a)
-
1.2.5 - 2020-01-27
- Revert instruction handling added which can get activated with the
- The
- Agent option added to the
- Fix crash when decoding events with identical signatures, differently indexed args (#3272)
- Fix user supplied callback not fired in eth.accounts.signTransaction (#3283)
- Fix minified bundle (#3256)
- callback type definition for
- Fix export bloom functions on the index.js
- Prefer receipt status to code availability on contract deployment (#3298)
-
1.2.5-rc.0 - 2020-01-16
-
1.2.4 - 2019-11-15
- Fix npm installation error for scrypt-shim and websocket (#3210)
-
1.2.3 - 2019-11-14
- Fix perfect gas usage causes tx to error (#3175)
- Fix regenerator runtime error in web3.min.js (#3155)
- Fix TS types for eth.subscribe syncing, newBlockHeaders, pendingTransactions (#3159)
- Improve web3-eth-abi decodeParameters error message (#3134)
-
1.2.2 - 2019-10-23
- chain
- hardfork
- common
- defaultChain
- defaultHardfork
- defaultCommon
- transactionPollingTimeout
- transactionConfirmationBlocks
- transactionBlockTimeout
- isBloom
- isUserEthereumAddressInBloom
- isContractAddressInBloom
- isTopic
- isTopicInBloom
- isInBloom
- localStorage support detection added (#3031)
- getNetworkType method extended with Görli testnet (#3095)
- supportsSubscriptions method added to providers (#3116)
- Add
- Minified file added to web3 package (#3131)
- The transaction confirmation workflow can now be configured (#3130)
- Additional parameters for accounts.signTransaction added (docs) (#3141)
- Emit
- TypeScript type definitions added for all modules (#3132)
- Bloom filters added to web3.utils (#3137)
- Fix allow
- Fix randomHex returning inconsistent string lengths (#1490)
- Fix make isBN minification safe (#1777)
- Fix incorrect references to BigNumber in utils.fromWei and utils.toWei error messages (#2468)
- Fix error incorrectly thrown when receipt.status is
- Fix incorrectly populating chainId param with
- regeneratorRuntime error fixed (#3058)
- Fix accessing event.name where event is undefined (#3014)
- fixed Web3Utils toHex() for Buffer input (#3021)
- Fix bubbling up tx signing errors (#2063, #3105)
- HttpProvider: CORS issue with Firefox and Safari (#2978)
- Ensure the immutability of the
- Gas check fixed (#2381)
- Signing issues #1998, #2033, and #1074 fixed (#3125)
- Fix hexToNumber and hexToNumberString prefix validation (#3086)
- The receipt will now returned on a EVM error (this got removed on beta.18) (#3129)
- Fixes transaction confirmations with the HttpProvider (#3140)
-
1.2.1 - 2019-08-06
- Node >= v8.0.0 support (#2938)
-
1.2.0 - 2019-07-23
-
1.0.0-beta2 - 2017-07-20
-
1.0.0-beta1 - 2017-07-20
-
1.0.0-beta.55 - 2019-05-09
-
1.0.0-beta.54 - 2019-05-02
-
1.0.0-beta.53 - 2019-04-30
-
1.0.0-beta.52 - 2019-04-04
-
1.0.0-beta.51 - 2019-03-28
-
1.0.0-beta.50 - 2019-03-20
-
1.0.0-beta.49 - 2019-03-19
-
1.0.0-beta.48 - 2019-03-05
-
1.0.0-beta.47 - 2019-03-01
-
1.0.0-beta.46 - 2019-02-09
-
1.0.0-beta.44 - 2019-02-08
-
1.0.0-beta.43 - 2019-02-06
-
1.0.0-beta.42 - 2019-02-06
-
1.0.0-beta.41 - 2019-01-28
-
1.0.0-beta.40 - 2019-01-28
-
1.0.0-beta.39 - 2019-01-27
-
1.0.0-beta.38 - 2019-01-25
-
1.0.0-beta.37 - 2018-12-08
from web3 GitHub release notesThis release does update the ENS registry address in the web3.js library.
Added
Changed
This release does add the
requestAccounts,getPendingTransactions, andgetProofJSON-RPC method. By side of it does it improve the returnedErrorobject on the failure of a transaction and provides the possibility to activate the revert instruction handling with the newly addedhandleRevertmodule option.Added
eth_requestAccountsasrequestAccountsadded to web3-eth package (#3219)sha3RawandsoliditySha3Rawadded to web3-utils package (#3226)eth_getProofasgetProofadded to web3-eth package (#3220)BNandBigNumberobjects are now supported by theabi.encodeParameter(s)method (#3238)getPendingTransactionsadded to web3-eth package (#3239)handleRevertmodule property (#3248)receiptdoes now exist as property on the error object for transaction related errors (#3259)internalTypeadded toAbiInputTS interface inweb3-utils(#3279)HttpProvideroptions (#2980)Changed
eth-libdependency updated (0.2.7 => ^0.2.8) (#3242)Fixed
defaultBlockproperty handling fixed (#3247)clearSubscriptionsdoes no longer throw an error if no running subscriptions do exist (#3246)Accounts.signTransactionfixed (#3280)This is a release candidate for version 1.2.5 of web3.js
The changelog of it can be seen here #3315
This release is a hotfix for the scrypt-shim and websocket dependency.
Fixed
We have improved with this release the TypeScript type definitions, we applied a fix for the OOG (out-of-gas) error issue, and we added a missing polyfill to the web3.min.js file.
Fixed
TypeScript
We have back-ported all the types from 2.x to 1.x and do now provide the type definitions directly from the web3 repository. (Docs)
Thanks Josh Stevens for back-porting them for us!
Signing
We have improved the signing process and updated it to the latest version of
ethereumjs-tx. This update brought up some newly required configuration properties for custom chains.These new
TransactionConfigconfig properties do also have the related default properties on theweb3-ethandweb3-eth-contractmodule:Transaction Confirmation Workflow
We updated the confirmation workflow for the
HttpProvider. A confirmation will now only get triggered if a new block is existing and not each second.Additionally is it now possible to configure the confirmation workflow with the following default properties on the
web3-ethandweb3-eth-contractmodule:New JSON-RPC Method
We added the JSON-RPC method
eth_chainIdasgetChainIdmethod on theweb3-ethmodule.The documentation for this method can be found here.
New utility Functions: Bloom-Filters
What are bloom filters?
A Bloom filter is a probabilistic, space-efficient data structure used for fast checks of set membership. That probably doesn’t mean much to you yet, and so let’s explore how bloom filters might be used.
Imagine that we have some large set of data, and we want to be able to quickly test if some element is currently in that set. The naive way of checking might be to query the set to see if our element is in there. That’s probably fine if our data set is relatively small. Unfortunately, if our data set is really big, this search might take a while. Luckily, we have tricks to speed things up in the Ethereum world!
A bloom-filter is one of these tricks. The basic idea behind the Bloom filter is to hash each new element that goes into the data set, take certain bits from this hash, and then use those bits to fill in parts of a fixed-size bit array (e.g. set certain bits to 1). This bit array is called a bloom filter.
Later, when we want to check if an element is in the set, we simply hash the element and check that the right bits are in the bloom filter. If at least one of the bits is 0, then the element definitely isn’t in our data set! If all of the bits are 1, then the element might be in the data set, but we need to actually query the database to be sure. So we might have false positives, but we’ll never have false negatives. This can greatly reduce the number of database queries we have to make.
Bloom filters benefits with a real-life example
An Ethereum real-life example in where this is useful is if you want to update a user's balance on every new block so it stays as close to real-time as possible. Without using a bloom filter on every new block you would have to force the balances even if that user may not have had any activity within that block. But if you use the logBlooms from the block you can test the bloom filter against the users Ethereum address before you do any more slow operations, this will dramatically decrease the number of calls you do as you will only be doing those extra operations if that Ethereum address is within that block (minus the false positives outcome which will be negligible). This will be highly performant for your app.
Added Functions:
Thanks Josh Stevens for adding these functions!
Subscription Events
We extended the subscription events with a
connectedevent. Theconnectedevent will emit the subscription ID as a hex value when the subscription got established. This applies toContractevents as well.Example:
Providers
We extend the provider interface with the method
supportsSubscription. This will help the DApp developers to detect if thecurrentProviderdoes support subscriptions.Changelog
Added
eth.getChainIdmethod (#3113)connectedevent on subscription creation (#3028)Fixed
0as a validfromBlockortoBlockfilter param (#1100)null(#2183)net_versionwhen signing txs (#2378)txobject passed to functionsignTransaction(#2190)This release contains several stability improvements.
Fixed
websocketdependency fixed (#2971, #2976)requestOptionsadded toWebsocketProvider(#2979)Thanks for providing these fixes @michaelsbradleyjr.
We decided jointly with the open-source community to release the older architecture (1.0.0-beta.37) as 1.x version of web3.js. Further details are explained in the following Medium blog post.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs