Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade web3 from 1.0.0-beta.35 to 1.2.6 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade web3 from 1.0.0-beta.35 to 1.2.6 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 1, 2020

Snyk has created this PR to upgrade web3 from 1.0.0-beta.35 to 1.2.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 29 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-02-02.

The recommended version fixes:

Severity Issue Exploit Maturity
Arbitrary File Overwrite
SNYK-JS-TAR-174125		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 No Known Exploit
Release notes
Package name: web3
  • 1.2.6 - 2020-02-02

    This release does update the ENS registry address in the web3.js library.

    Added

    • Görli testnet ENS registry added to the known registries (#3338)

    Changed

  • 1.2.5 - 2020-01-27

    This release does add the requestAccounts, getPendingTransactions, and getProof JSON-RPC method. By side of it does it improve the returned Error object on the failure of a transaction and provides the possibility to activate the revert instruction handling with the newly added handleRevert module option.

    Added

    • eth_requestAccounts as requestAccounts added to web3-eth package (#3219)
    • sha3Raw and soliditySha3Raw added to web3-utils package (#3226)
    • eth_getProof as getProof added to web3-eth package (#3220)
    • BN and BigNumber objects are now supported by the abi.encodeParameter(s) method (#3238)
    • getPendingTransactions added to web3-eth package (#3239)
    • Revert instruction handling added which can get activated with the handleRevert module property (#3248)
    • The receipt does now exist as property on the error object for transaction related errors (#3259)
    • internalType added to AbiInput TS interface in web3-utils (#3279)
    • Agent option added to the HttpProvider options (#2980)

    Changed

    • eth-lib dependency updated (0.2.7 => ^0.2.8) (#3242)

    Fixed

    • Fix crash when decoding events with identical signatures, differently indexed args (#3272)
    • Fix user supplied callback not fired in eth.accounts.signTransaction (#3283)
    • Fix minified bundle (#3256)
    • defaultBlock property handling fixed (#3247)
    • clearSubscriptions does no longer throw an error if no running subscriptions do exist (#3246)
    • callback type definition for Accounts.signTransaction fixed (#3280)
    • Fix export bloom functions on the index.js
    • Prefer receipt status to code availability on contract deployment (#3298)
  • 1.2.5-rc.0 - 2020-01-16

    This is a release candidate for version 1.2.5 of web3.js

    The changelog of it can be seen here #3315

  • 1.2.4 - 2019-11-15

    This release is a hotfix for the scrypt-shim and websocket dependency.

    Fixed

    • Fix npm installation error for scrypt-shim and websocket (#3210)
  • 1.2.3 - 2019-11-14

    We have improved with this release the TypeScript type definitions, we applied a fix for the OOG (out-of-gas) error issue, and we added a missing polyfill to the web3.min.js file.

    Fixed

    • Fix perfect gas usage causes tx to error (#3175)
    • Fix regenerator runtime error in web3.min.js (#3155)
    • Fix TS types for eth.subscribe syncing, newBlockHeaders, pendingTransactions (#3159)
    • Improve web3-eth-abi decodeParameters error message (#3134)
  • 1.2.2 - 2019-10-23

    TypeScript

    We have back-ported all the types from 2.x to 1.x and do now provide the type definitions directly from the web3 repository. (Docs)

    Thanks Josh Stevens for back-porting them for us!

    Signing

    We have improved the signing process and updated it to the latest version of ethereumjs-tx. This update brought up some newly required configuration properties for custom chains.

    These new TransactionConfig config properties do also have the related default properties on the web3-eth and web3-eth-contract module:

    Transaction Confirmation Workflow

    We updated the confirmation workflow for the HttpProvider. A confirmation will now only get triggered if a new block is existing and not each second.

    Additionally is it now possible to configure the confirmation workflow with the following default properties on the web3-eth and web3-eth-contract module:

    New JSON-RPC Method

    We added the JSON-RPC method eth_chainId as getChainId method on the web3-eth module.
    The documentation for this method can be found here.

    New utility Functions: Bloom-Filters

    What are bloom filters?

    A Bloom filter is a probabilistic, space-efficient data structure used for fast checks of set membership. That probably doesn’t mean much to you yet, and so let’s explore how bloom filters might be used.

    Imagine that we have some large set of data, and we want to be able to quickly test if some element is currently in that set. The naive way of checking might be to query the set to see if our element is in there. That’s probably fine if our data set is relatively small. Unfortunately, if our data set is really big, this search might take a while. Luckily, we have tricks to speed things up in the Ethereum world!

    A bloom-filter is one of these tricks. The basic idea behind the Bloom filter is to hash each new element that goes into the data set, take certain bits from this hash, and then use those bits to fill in parts of a fixed-size bit array (e.g. set certain bits to 1). This bit array is called a bloom filter.

    Later, when we want to check if an element is in the set, we simply hash the element and check that the right bits are in the bloom filter. If at least one of the bits is 0, then the element definitely isn’t in our data set! If all of the bits are 1, then the element might be in the data set, but we need to actually query the database to be sure. So we might have false positives, but we’ll never have false negatives. This can greatly reduce the number of database queries we have to make.

    Bloom filters benefits with a real-life example

    An Ethereum real-life example in where this is useful is if you want to update a user's balance on every new block so it stays as close to real-time as possible. Without using a bloom filter on every new block you would have to force the balances even if that user may not have had any activity within that block. But if you use the logBlooms from the block you can test the bloom filter against the users Ethereum address before you do any more slow operations, this will dramatically decrease the number of calls you do as you will only be doing those extra operations if that Ethereum address is within that block (minus the false positives outcome which will be negligible). This will be highly performant for your app.

    Added Functions:

    Thanks Josh Stevens for adding these functions!

    Subscription Events

    We extended the subscription events with a connected event. The connected event will emit the subscription ID as a hex value when the subscription got established. This applies to Contract events as well.

    Example:

    var subscription = web3.eth.subscribe(
  'logs', 
  {
    address: '0x123456..',
    topics: ['0x12345...']
  }
)
.on('connected', console.log);
> '0x9ce59a13059e417087c02d3236a0b1cc'

    Providers

    We extend the provider interface with the method supportsSubscription. This will help the DApp developers to detect if the currentProvider does support subscriptions.

    Changelog

    Added

    • localStorage support detection added (#3031)
    • getNetworkType method extended with Görli testnet (#3095)
    • supportsSubscriptions method added to providers (#3116)
    • Add eth.getChainId method (#3113)
    • Minified file added to web3 package (#3131)
    • The transaction confirmation workflow can now be configured (#3130)
    • Additional parameters for accounts.signTransaction added (docs) (#3141)
    • Emit connected event on subscription creation (#3028)
    • TypeScript type definitions added for all modules (#3132)
    • Bloom filters added to web3.utils (#3137)

    Fixed

    • Fix allow 0 as a valid fromBlock or toBlock filter param (#1100)
    • Fix randomHex returning inconsistent string lengths (#1490)
    • Fix make isBN minification safe (#1777)
    • Fix incorrect references to BigNumber in utils.fromWei and utils.toWei error messages (#2468)
    • Fix error incorrectly thrown when receipt.status is null (#2183)
    • Fix incorrectly populating chainId param with net_version when signing txs (#2378)
    • regeneratorRuntime error fixed (#3058)
    • Fix accessing event.name where event is undefined (#3014)
    • fixed Web3Utils toHex() for Buffer input (#3021)
    • Fix bubbling up tx signing errors (#2063, #3105)
    • HttpProvider: CORS issue with Firefox and Safari (#2978)
    • Ensure the immutability of the tx object passed to function signTransaction (#2190)
    • Gas check fixed (#2381)
    • Signing issues #1998, #2033, and #1074 fixed (#3125)
    • Fix hexToNumber and hexToNumberString prefix validation (#3086)
    • The receipt will now returned on a EVM error (this got removed on beta.18) (#3129)
    • Fixes transaction confirmations with the HttpProvider (#3140)
  • 1.2.1 - 2019-08-06

    This release contains several stability improvements.

    Fixed

    • websocket dependency fixed (#2971, #2976)
    • requestOptions added to WebsocketProvider (#2979)
    • Node >= v8.0.0 support (#2938)

    Thanks for providing these fixes @michaelsbradleyjr.

  • 1.2.0 - 2019-07-23

    We decided jointly with the open-source community to release the older architecture (1.0.0-beta.37) as 1.x version of web3.js. Further details are explained in the following Medium blog post.

  • 1.0.0-beta2 - 2017-07-20
  • 1.0.0-beta1 - 2017-07-20
  • 1.0.0-beta.55 - 2019-05-09
  • 1.0.0-beta.54 - 2019-05-02
  • 1.0.0-beta.53 - 2019-04-30
  • 1.0.0-beta.52 - 2019-04-04
  • 1.0.0-beta.51 - 2019-03-28
  • 1.0.0-beta.50 - 2019-03-20
  • 1.0.0-beta.49 - 2019-03-19
  • 1.0.0-beta.48 - 2019-03-05
  • 1.0.0-beta.47 - 2019-03-01
  • 1.0.0-beta.46 - 2019-02-09
  • 1.0.0-beta.44 - 2019-02-08
  • 1.0.0-beta.43 - 2019-02-06
  • 1.0.0-beta.42 - 2019-02-06
  • 1.0.0-beta.41 - 2019-01-28
  • 1.0.0-beta.40 - 2019-01-28
  • 1.0.0-beta.39 - 2019-01-27
  • 1.0.0-beta.38 - 2019-01-25
  • 1.0.0-beta.37 - 2018-12-08
  • 1.0.0-beta.36 - 2018-09-04
  • 1.0.0-beta.35 - 2018-07-25
from web3 GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot