-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump the npm_and_yarn group across 2 directories with 23 updates #23
Conversation
… updates Bumps the npm_and_yarn group with 6 updates in the /tests/integration_tests/hardhat directory: | Package | From | To | | --- | --- | --- | | [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `4.8.2` | `4.9.6` | | [@openzeppelin/contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) | `4.8.2` | `4.9.6` | | [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `6.3.1` | | [ethereum-waffle](https://github.com/EthWorks/Waffle) | `3.4.4` | `4.0.10` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.1` | `1.15.6` | | [undici](https://github.com/nodejs/undici) | `5.19.1` | `5.28.4` | Bumps the npm_and_yarn group with 8 updates in the /tests/solidity directory: | Package | From | To | | --- | --- | --- | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.15.6` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [apollo-server-core](https://github.com/apollographql/apollo-server/tree/HEAD/packages/apollo-server-core) | `2.26.0` | `2.26.2` | | [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.3` | `6.11.4` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `@openzeppelin/contracts` from 4.8.2 to 4.9.6 - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md) - [Commits](OpenZeppelin/openzeppelin-contracts@v4.8.2...v4.9.6) Updates `@openzeppelin/contracts-upgradeable` from 4.8.2 to 4.9.6 - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/CHANGELOG.md) - [Commits](OpenZeppelin/openzeppelin-contracts-upgradeable@v4.8.2...v4.9.6) Updates `semver` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `semver` from 5.7.1 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v6.3.0...v6.3.1) Updates `ethereum-waffle` from 3.4.4 to 4.0.10 - [Release notes](https://github.com/EthWorks/Waffle/releases) - [Commits](https://github.com/EthWorks/Waffle/compare/[email protected]@4.0.10) Updates `ws` from 3.3.3 to 7.4.6 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@3.3.3...7.4.6) Updates `async` from 1.5.2 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v1.5.2...v2.6.4) Updates `braces` from 2.3.2 to 3.0.2 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.2) Updates `elliptic` from 6.5.3 to 6.5.4 - [Commits](indutny/elliptic@v6.5.3...v6.5.4) Updates `follow-redirects` from 1.15.1 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.6) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `node-fetch` from 1.7.3 to 2.7.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@1.7.3...v2.7.0) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `lodash` from 4.17.20 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.20...4.17.21) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `undici` from 5.19.1 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.19.1...v5.28.4) Updates `follow-redirects` from 1.14.8 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.6) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `apollo-server-core` from 2.26.0 to 2.26.2 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Commits](https://github.com/apollographql/apollo-server/commits/[email protected]/packages/apollo-server-core) Updates `get-func-name` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) Updates `protobufjs` from 6.11.3 to 6.11.4 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/protobufjs/protobuf.js/commits) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: "@openzeppelin/contracts" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@openzeppelin/contracts-upgradeable" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ethereum-waffle dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: apollo-server-core dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: get-func-name dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days-before-close if no further activity occurs. |
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
Bumps the npm_and_yarn group with 6 updates in the /tests/integration_tests/hardhat directory:
4.8.2
4.9.6
4.8.2
4.9.6
6.3.0
6.3.1
5.7.1
6.3.1
3.4.4
4.0.10
1.15.1
1.15.6
5.19.1
5.28.4
Bumps the npm_and_yarn group with 8 updates in the /tests/solidity directory:
1.14.8
1.15.6
4.2.1
4.2.3
0.10.53
0.10.64
4.18.2
4.19.2
2.26.0
2.26.2
2.0.0
2.0.2
6.11.3
6.11.4
1.2.3
1.2.5
Updates
@openzeppelin/contracts
from 4.8.2 to 4.9.6Release notes
Sourced from
@openzeppelin/contracts
's releases.... (truncated)
Changelog
Sourced from
@openzeppelin/contracts
's changelog.... (truncated)
Commits
dc44c9f
Release v4.9.6 (#4931)a6286d0
Port Base64 tests to truffle (#4926) (#4929)bd325d5
Release v4.9.5 (#4790)ad6a5b6
Add changeset88ac712
Replace doublefunctionDelegateCall
a83918d
Bump node CI version to 16.x0d5f54e
Release v4.9.4 (#4784)ccfffe1
Make Multicall context-aware9329cfa
Remove Wizard page from 4.xe1b3d8c
Remove Wizard from 4.x navigationUpdates
@openzeppelin/contracts-upgradeable
from 4.8.2 to 4.9.6Release notes
Sourced from
@openzeppelin/contracts-upgradeable
's releases.... (truncated)
Changelog
Sourced from
@openzeppelin/contracts-upgradeable
's changelog.... (truncated)
Commits
2d081f2
Transpile dc44c9f12492017
Transpile a6286d0fa40cb0b
Transpile bd325d564c73bfa
Transpile ad6a5b6831f9fb9
Transpile 88ac712ef55babc
Transpile a83918df5bc5999
Transpile 98c7a4cf152b820
Transpile 0ed435b7f34a3a7
Transpile 17c1a3a43d4c0d5
Transpile fd81a96fUpdates
semver
from 6.3.0 to 6.3.1Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
44d27bc
chore: release 6.3.1928e56d
fix: better handling of whitespace (#591)39f6326
chore:@npmcli/template-oss
@4
.16.0Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
semver
from 5.7.1 to 6.3.1Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
44d27bc
chore: release 6.3.1928e56d
fix: better handling of whitespace (#591)39f6326
chore:@npmcli/template-oss
@4
.16.0Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
ethereum-waffle
from 3.4.4 to 4.0.10Release notes
Sourced from ethereum-waffle's releases.
... (truncated)
Commits
0915e72
🎉 Release new version (#823)4d83cde
⭐️ Support events not defined in a contract (#822)a1d89d0
🎉 Release new version (#821)216f1d8
🌏 Switch hardhat errors priority (#820)13d1af0
🎉 Release new version (#796)5637cc5
🦉 Optimism tests use latest commit (#819)1fa1312
🥑 Add mock contract typing (#818)702c6ab
🗾 Extend matching of Hardhat revert reasons (#802)46b954e
🖼 Mock contract chaining behaviour (#816)fb6863d
🍶 Implement mocking receive function to revert (#807)Updates
ws
from 3.3.3 to 7.4.6Release notes
Sourced from ws's releases.
... (truncated)
Commits
f5297f7
[dist] 7.4.600c425e
[security] Fix ReDoS vulnerability990306d
[lint] Fix prettier error32e3a84
[security] Remove reference to Node Security Project8c914d1
[minor] Fix nitsfc7e27d
[ci] Test on node 16587c201
[ci] Do not test on node 15f672710
[dist] 7.4.567e25ff
[fix] Fix case whereabortHandshake()
does not close the connection23ba6b2
[fix] Make UTF-8 validation work even if utf-8-validate is not installedUpdates
async
from 1.5.2 to 2.6.4Release notes
Sourced from async's releases.
... (truncated)
Changelog
Sourced from async's changelog.