Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @openzeppelin/contracts from 4.8.3 to 4.9.6 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade @openzeppelin/contracts from 4.8.3 to 4.9.6 #8

wants to merge 1 commit into from

Conversation

pouya-eghbali
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @openzeppelin/contracts from 4.8.3 to 4.9.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2024-02-29.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5711902		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit
Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit
Out-of-bounds Read
SNYK-JS-OPENZEPPELINCONTRACTS-6346765		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit
Missing Authorization
SNYK-JS-OPENZEPPELINCONTRACTS-5672116		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @openzeppelin/contracts
  • 4.9.6 - 2024-02-29
    • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)
  • 4.9.5 - 2023-12-08
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).
  • 4.9.4 - 2023-12-07
    • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
    • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
  • 4.9.3 - 2023-07-28

    Note
    This release contains a fix for GHSA-g4vp-m682-qqmp.

    • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
    • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
  • 4.9.2 - 2023-06-16
  • 4.9.1 - 2023-06-07
  • 4.9.0 - 2023-05-23
  • 4.9.0-rc.1 - 2023-05-17
  • 4.9.0-rc.0 - 2023-05-09
  • 4.8.3 - 2023-04-13
from @openzeppelin/contracts GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 329eb9a1
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (329eb9a) Report Missing Report Missing Report Missing
Head commit (724554e) 508 485 95.47%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#8) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pouya-eghbali @snyk-bot