[Snyk] Fix for 4 vulnerabilities

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

Commit messages

Package name: prettier-plugin-solidity

The new version differs by 116 commits.

• 1a10aa4 Bump to 1.0.0
• 245ae22 Updating tests (An improvement in pausable.sol OpenZeppelin/openzeppelin-contracts#723)
• 6596e18 Bump jest from 29.3.0 to 29.3.1 (Categorized ERC721 token OpenZeppelin/openzeppelin-contracts#756)
• 1c35036 Bump jest from 29.2.2 to 29.3.0 (Evaluate adding standard interface detection to all contracts OpenZeppelin/openzeppelin-contracts#754)
• 9de4e5b Merge pull request cleaned up unsued variable definition OpenZeppelin/openzeppelin-contracts#753 from prettier-solidity/dependabot/npm_and_yarn/eslint-8.27.0
• dd43d20 Bump eslint from 8.26.0 to 8.27.0
• b9387ca Don't mark the compiler option as experimental
• 3e61cab Bump to 1.0.0-rc.1
• 84a4c9c Merge pull request Implement crowdsales for NFTs OpenZeppelin/openzeppelin-contracts#752 from prettier-solidity/cleaning_AssemblyAssignment
• 642bb7e Changing function's name
• f692f67 removing unnecessary `join`
• 1f7caa4 Upgrade parser and fix several issues (Remove deprecated docs directory and link to new documentation in readme. OpenZeppelin/openzeppelin-contracts#750)
• 5af6a55 Add spaces around exponentiation operator (Automate docs generation using solidity-docgen. OpenZeppelin/openzeppelin-contracts#751)
• 51805d6 Bump jest from 29.2.1 to 29.2.2 (Add CanRefundGas contract OpenZeppelin/openzeppelin-contracts#749)
• 6b56883 Bump eslint from 8.25.0 to 8.26.0 (Extension to allow recovery of lost tokens OpenZeppelin/openzeppelin-contracts#748)
• 0cc0d10 Merge pull request Add Whitelist contract OpenZeppelin/openzeppelin-contracts#746 from prettier-solidity/dependabot/npm_and_yarn/jest-29.2.1
• a62d6d6 Merge pull request Feature/crowdsale refactor OpenZeppelin/openzeppelin-contracts#744 from prettier-solidity/dependabot/npm_and_yarn/eslint-8.25.0
• c3db693 Merge pull request Add Authorizable contract OpenZeppelin/openzeppelin-contracts#743 from prettier-solidity/dependabot/npm_and_yarn/semver-7.3.8
• 6db79b3 Bump jest from 29.1.2 to 29.2.1
• af58f04 Bump eslint from 8.24.0 to 8.25.0
• 18a316f Bump semver from 7.3.7 to 7.3.8
• a0edae0 Bump jest from 29.1.1 to 29.1.2 (TokenVesting contstructor natspec updates OpenZeppelin/openzeppelin-contracts#742)
• 43eae04 Bump emoji-regex from 10.1.0 to 10.2.1 (ERC 865 OpenZeppelin/openzeppelin-contracts#741)
• d426eb8 Bump jest from 29.0.3 to 29.1.1 (Crowdsale Refactor  OpenZeppelin/openzeppelin-contracts#739)

See the full diff

Package name: semver

The new version differs by 82 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (Make coverage badge flat OpenZeppelin/openzeppelin-contracts#566)
• 5c8efbc fix: preserve build in raw after inc (why use asserts in SafeMath to take all the gas? OpenZeppelin/openzeppelin-contracts#565)
• 717534e fix: better handling of whitespace (Do not notify via Slack about PR build failures OpenZeppelin/openzeppelin-contracts#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (Abstract contracts should have internal constructors OpenZeppelin/openzeppelin-contracts#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Warning about function default visibility OpenZeppelin/openzeppelin-contracts#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (Linter: upgrade to v1 OpenZeppelin/openzeppelin-contracts#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (change to upper case #546 OpenZeppelin/openzeppelin-contracts#552)
• 503a4e5 feat: allow identifierBase to be false (Increase test coverage to 92% OpenZeppelin/openzeppelin-contracts#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (Make all constants be named with UPPER_CASE OpenZeppelin/openzeppelin-contracts#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (Increase test coverage to 91% OpenZeppelin/openzeppelin-contracts#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Opinion on checking the parameter in Crowdsale OpenZeppelin/openzeppelin-contracts#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (Changing the ownership in two stages OpenZeppelin/openzeppelin-contracts#538)
• aa516b5 fix: faster parse options (Update solidity-coverage for fork. OpenZeppelin/openzeppelin-contracts#535)
• 61e6ea1 fix: faster cache key factory for range (Unable to test Zeppelin contracts OpenZeppelin/openzeppelin-contracts#536)
• f8b8b61 fix: optimistic parse (i got problem  OpenZeppelin/openzeppelin-contracts#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (Date utility OpenZeppelin/openzeppelin-contracts#533)
• 3f222b1 fix: reuse comparators on subset (Updated mul() and div() methods. OpenZeppelin/openzeppelin-contracts#537)
• 113f513 feat: identifierBase parameter for .inc (Can't install OpenZeppelin OpenZeppelin/openzeppelin-contracts#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: solidity-coverage

The new version differs by 72 commits.

• 0a33e13 0.8.0
• 4c63612 Add hardhat to peerDependencies (Error encountered, bailing. Network state unknown. Review successful transactions manually. Error: VM Exception while processing transaction: revert OpenZeppelin/openzeppelin-contracts#722)
• 9ce20ff Typo / Grammar fix. (Fixed Contribution Guidelines link OpenZeppelin/openzeppelin-contracts#738)
• 204a5eb Added a section for the report location. (Crowdsale Refactor  OpenZeppelin/openzeppelin-contracts#739)
• ed3d504 Fix README for v0.8 release
• 05ab320 Fixes for Hardhat 2.11.0 (Test helpers reusability issue OpenZeppelin/openzeppelin-contracts#740)
• bc7d076 0.8.0 Additional Coverage Measurements & Restructure (Merge)
• a7db2fe More README changes
• 16367d1 Remove truffle files from project
• 26898c1 Remove Builder-E2E test
• 8ea8ec9 Fix true/false scoped method definition function visibilities
• 21ca46e Temporarily skip truffle integration tests
• 22992e1 Fix constructor test
• cf126ea Fix assert tests
• 0ba3f11 Remove more buildler things
• d57a131 Remove buidler
• 3bcec94 Fix rebase errors & regenerate yarn.lock
• 88c1d00 Fix loops, modifiers, options and statements tests
• 0deb001 Fix if/else tests
• 29c0fdd Fix constructor keyword test
• d4e8536 Update tests for adjusted statement coverage
• 3edfd25 Stop injecting statement coverage into conditionals
• 7eb94a9 Update @ solidity-parser/parser to 0.14.1
• e9133d7 Generate mocha JSON output with --matrix (test: add tests for max64 and min64 from Math OpenZeppelin/openzeppelin-contracts#601)

See the full diff

Package name: web3

The new version differs by 77 commits.

• 02895cb Build for 1.7.5
• 34f6b68 v1.7.5
• 195f01d Manual build commit for 1.7.5-rc.1
• b640e26 v1.7.5-rc.1
• 96a7935 npm i
• 9476964 Merge branch '1.x' into release/1.7.5
• 84ac9b7 Fixed unit tests & removed dead code for web3-providers-http (#5228) (#5264)
• 2dcf142 Manual build commit for 1.7.5-rc.0
• ba30e1d v1.7.5-rc.0
• c93940b npm i and CHANGELOG update for 1.7.5 release
• fc7bfcd 1.x Libs Update including parse-url (#5254)
• ca827a7 fix Promise in Accounts.signTransaction() throwing errors that cannot be caught Add AccessManager guide (#4691) OpenZeppelin/openzeppelin-contracts#4724 (#5080) (#5252)
• 35d8f7f Update AbstractProvider with correct typing (#5206)
• 57b6dc4 Add createAccessList type (#5146) (#5204)
• 46b5a5b fix remove wallet using an index when an account address and address lowercase are equal Fix spelling  OpenZeppelin/openzeppelin-contracts#5049 (Kansas1295 patch 3 OpenZeppelin/openzeppelin-contracts#5050) (#5202)
• 2a1308f Fix transactionRoot -> transactionsRoot in BlockHeader (#5083) (#5197)
• 9e0d9d1 hexToNumber: return BigInt if result is bigger than max integer (#5157)
• 555aa0d web3-providers-http: Migrate from xhr2-cookies to cross-fetch (#5179)
• c034b8d Update `got` dependency for `web3-bzz` package (#5178)
• aae9d4a Updates on `README.md` Format (#5115)
• 8f05f19 Fixed documentation for web3.eth.accounts.signTransaction (#5121)
• 5b10473 Fix typo (#5116)
• 18da528 fix typos in web3-eth-accounts.rst & TESTING.md Propose Function is missing Optional Parameters OpenZeppelin/openzeppelin-contracts#5047 (Fix typo in Governance docs OpenZeppelin/openzeppelin-contracts#5048)
• e9ab4a5 Typo foudn (#5142)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Regular Expression Denial of Service (ReDoS)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 466438b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR