[Snyk] Security upgrade nyc from 11.9.0 to 13.0.1

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/web3-wrapper/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nyc

The new version differs by 21 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. (Update Lerna & other small changes 0xProject/0x-monorepo#896)
• d0b76e2 fix: Enable es-modules by default. (Update Versions & Changelogs 0xProject/0x-monorepo#889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing (Refactor 0x.js 0xProject/0x-monorepo#863)
• c325799 docs: reference babel 7 in all places (Fix bugs having to do with block timestamps and order expirationTimes 0xProject/0x-monorepo#881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. (New tslint rules 0xProject/0x-monorepo#883)
• 8ab1ae3 chore: update dependencies (Bump npm-run-all from 4.1.2 to 4.1.3 0xProject/0x-monorepo#872)
• 52b69ef fix: Update caching-transform options. (Bump nodemon from 1.17.3 to 1.18.1 0xProject/0x-monorepo#873)
• 624a723 chore: update dependencies (Integrate Heap analytics into the website 0xProject/0x-monorepo#866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info (Bump nodemon from 1.17.3 to 1.18.0 0xProject/0x-monorepo#860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report (Bump less-loader from 2.2.3 to 4.1.0 0xProject/0x-monorepo#859)
• f09cf02 chore: update dependencies ([SoHoAudit] Externally supplied variable salt is used explicitly as timestamp within MixinExchangeCore.sol#47-55 which may lead to confusion 0xProject/0x-monorepo#855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… ([SoHoAudit] Combined taker fees exceeding MAX_INT will revert execution rather than successfully process MixinMatchOrders.sol#281-284: 0xProject/0x-monorepo#853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 ([SoHoAudit] Suggested usage of transfer in place of call.value() on line AssetProxyOwner.sol#91 0xProject/0x-monorepo#854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding ([SoHoAudit] Misleading verbiage within batch processing in batchFillOrders, batchFillOrKillOrders, marketSellOrders, marketSellOrdersNoThrow, marketBuyOrders, marketBuyOrdersNoThrow, and batchCancelOrders 0xProject/0x-monorepo#851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase (Add revert reasons and optimization to safeMath 0xProject/0x-monorepo#848)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/pluralize@0.0.29	None	0	4.18 kB	types
npm/abbrev@1.1.1	None	0	4.78 kB	isaacs
npm/batch@0.6.1	None	0	7.29 kB	dougwilson
npm/browserify-aes@1.2.0	None	0	29.8 kB	cwmma
npm/chai-as-promised@7.1.1	None	0	27.5 kB	domenic
npm/cipher-base@1.0.4	None	0	7.95 kB	cwmma
npm/cors@2.8.5	None	0	20 kB	dougwilson
npm/create-hash@1.2.0	None	0	5.21 kB	cwmma
npm/create-hmac@1.1.7	None	0	5.81 kB	cwmma
npm/crypto-browserify@3.12.0	None	+5	94.5 kB	cwmma
npm/css-to-react-native@3.2.0	environment	+1	96.5 kB	jacobp100
npm/deep-eql@4.1.3	None	0	24.2 kB	chai
npm/detect-libc@1.0.3	environment, filesystem, shell	0	17.2 kB	lovell
npm/es6-object-assign@1.1.0	None	0	13.1 kB	rubennorte
npm/evp_bytestokey@1.0.3	None	0	5.13 kB	dcousens
npm/expand-tilde@2.0.2	None	0	6.59 kB	doowb
npm/fast-json-stable-stringify@2.0.0	None	0	16.1 kB	esp
npm/get-func-name@2.0.2	None	0	8.68 kB	keithamus
npm/glob@7.1.4	filesystem Transitive: environment	+2	73.2 kB	isaacs
npm/hmac-drbg@1.0.1	None	+1	26.5 kB	indutny
npm/homedir-polyfill@1.0.3	environment, filesystem	0	8.05 kB	doowb
npm/invariant@2.2.4	None	0	7.64 kB	zertosh
npm/levn@0.3.0	None	+2	90.9 kB	gkz
npm/lodash.foreach@4.5.0	None	0	17.9 kB	jdalton
npm/lodash.reduce@4.6.0	None	0	67.9 kB	jdalton
npm/pkg-dir@3.0.0	None	+1	8.27 kB	sindresorhus
npm/react-dom@18.3.1	environment	0	4.51 MB	react-bot
npm/react@18.3.1	environment	0	318 kB	react-bot
npm/reflect-metadata@0.1.13	None	0	293 kB	rbuckton
npm/scheduler@0.23.2	environment	0	93.4 kB	react-bot
npm/throat@4.1.0	None	0	7.91 kB	forbeslindesay
npm/util@0.12.5	environment Transitive: eval	+3	118 kB	goto-bus-stop
npm/valid-url@1.0.9	None	0	17.2 kB	odysseas
npm/whatwg-encoding@1.0.5	None	0	12.3 kB	domenic
npm/wordwrap@0.0.3	None	0	37 kB	substack

🚮 Removed packages: npm/@types/istanbul-lib-coverage@2.0.1, npm/agent-base@4.2.1, npm/array-each@1.0.1, npm/array-union@1.0.2, npm/async-each@1.0.3, npm/bignumber.js@9.0.0, npm/check-error@1.0.2, npm/decode-uri-component@0.2.0, npm/detect-file@1.0.0, npm/discontinuous-range@1.0.0, npm/expand-brackets@2.1.4, npm/extend-shallow@3.0.2, npm/extglob@2.0.4, npm/fast-diff@1.2.0, npm/function-bind@1.1.1, npm/heap@0.2.6, npm/ini@1.3.5, npm/ip@1.1.5, npm/jmespath@0.16.0, npm/js-tokens@3.0.2, npm/json-parse-better-errors@1.0.2, npm/json5@0.5.1, npm/jsonstream@1.3.5, npm/loader-runner@2.4.0, npm/memory-fs@0.4.1, npm/mute-stream@0.0.7, npm/obuf@1.1.2, npm/os-homedir@1.0.2, npm/p-defer@1.0.0, npm/path-browserify@0.0.1, npm/path-is-inside@1.0.2, npm/path-key@2.0.1, npm/prr@1.0.1, npm/querystringify@2.1.1, npm/regex-not@1.0.2, npm/semver@6.3.0, npm/shebang-regex@1.0.0, npm/snapdragon@0.8.2, npm/split-string@3.1.0, npm/strip-eof@1.0.0, npm/symbol-observable@1.2.0, npm/to-regex@3.0.2, npm/vm-browserify@1.1.2, npm/webpack-sources@1.4.3, npm/which-module@2.0.0

View full report↗︎