Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 #2607

Merged
merged 12 commits into from
Jul 2, 2024
Merged

build(deps): [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 #2607

merged 12 commits into from
Jul 2, 2024

Conversation

swirlds-automation
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • dapp-example/package.json
  • dapp-example/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

@quiet-node quiet-node added this to the 0.50.0 milestone Jun 17, 2024
@quiet-node quiet-node added the dependencies Pull requests that update a dependency file label Jun 17, 2024
@quiet-node quiet-node changed the title [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 build(deps): [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 Jun 17, 2024
@snyk-bot @quiet-node
fix: dapp-example/package.json & dapp-example/package-lock.json to re…
9b047a0 
…duce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-7266574

Signed-off-by: Logan Nguyen <[email protected]>
@quiet-node quiet-node force-pushed the snyk-fix-6d845809e3f613ff3fc42427b0df2dde branch from 4f9e16f to 9b047a0 Compare June 17, 2024 16:52
@quiet-node quiet-node modified the milestones: 0.50.0, 0.51.0 Jun 17, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 17, 2024
edited
Loading

Tests

    2 files  158 suites   13s ⏱️
856 tests 855 ✔️ 1 💤 0
868 runs  867 ✔️ 1 💤 0

Results for commit 1e01137.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 17, 2024
edited
Loading

Acceptance Tests

  17 files  220 suites   28m 39s ⏱️
604 tests 599 ✔️ 4 💤 1
667 runs  662 ✔️ 4 💤 1

Results for commit 1e01137.

♻️ This comment has been updated with latest results.

@quiet-node quiet-node self-assigned this Jun 21, 2024
@quiet-node quiet-node force-pushed the snyk-fix-6d845809e3f613ff3fc42427b0df2dde branch from e4c1fa3 to 50c9558 Compare June 21, 2024 23:46
quiet-node and others added 6 commits June 24, 2024 10:44
@quiet-node
dep: bumped packages
dc6f9e5 
Signed-off-by: Logan Nguyen <[email protected]>
@natanasow
chore: fix dependencies
a505586 
Signed-off-by: nikolay <[email protected]>
@natanasow
chore: edit sleeps
3294681 
Signed-off-by: nikolay <[email protected]>
@natanasow
chore: bump timeout
53640e7 
Signed-off-by: nikolay <[email protected]>
@natanasow
chore: revert spec
a7401e9 
Signed-off-by: nikolay <[email protected]>
@natanasow
chore: fix _signingKey
4b45adc 
Signed-off-by: nikolay <[email protected]>
@quiet-node quiet-node force-pushed the snyk-fix-6d845809e3f613ff3fc42427b0df2dde branch from 4b45adc to 711cbb5 Compare June 28, 2024 23:09
@natanasow
chore: edit tests
43fa223 
Signed-off-by: nikolay <[email protected]>
@natanasow natanasow force-pushed the snyk-fix-6d845809e3f613ff3fc42427b0df2dde branch from 711cbb5 to 43fa223 Compare July 1, 2024 09:31
@ebadiere ebadiere modified the milestones: 0.51.0, 0.52.0 Jul 1, 2024
@natanasow
chore: test
1e01137 
Signed-off-by: nikolay <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jul 2, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

georgi-l95
georgi-l95 approved these changes Jul 2, 2024
View reviewed changes
Copy link
Collaborator

@georgi-l95 georgi-l95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@natanasow natanasow merged commit 7f649d5 into main Jul 2, 2024
33 checks passed
@natanasow natanasow deleted the snyk-fix-6d845809e3f613ff3fc42427b0df2dde branch July 2, 2024 09:44
ebadiere pushed a commit that referenced this pull request Aug 1, 2024
@swirlds-automation @snyk-bot
@quiet-node @natanasow @ebadiere
build(deps): [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 (#2607)
605aa13 
* fix: dapp-example/package.json & dapp-example/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-7266574

Signed-off-by: Logan Nguyen <[email protected]>

* fix: migrated ethersv5 to ethersv6 in dapp-example

Signed-off-by: Logan Nguyen <[email protected]>

* dep: bumped packages

Signed-off-by: Logan Nguyen <[email protected]>

* chore: fix dependencies

Signed-off-by: nikolay <[email protected]>

* chore: edit sleeps

Signed-off-by: nikolay <[email protected]>

* chore: bump timeout

Signed-off-by: nikolay <[email protected]>

* chore: revert spec

Signed-off-by: nikolay <[email protected]>

* chore: fix _signingKey

Signed-off-by: nikolay <[email protected]>

* chore: edit tests

Signed-off-by: nikolay <[email protected]>

* chore: edit events

Signed-off-by: nikolay <[email protected]>

* chore: test

Signed-off-by: nikolay <[email protected]>

---------

Signed-off-by: Logan Nguyen <[email protected]>
Signed-off-by: nikolay <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Logan Nguyen <[email protected]>
Co-authored-by: nikolay <[email protected]>
Signed-off-by: ebadiere <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@georgi-l95 georgi-l95 georgi-l95 approved these changes

@Ivo-Yankov Ivo-Yankov Awaiting requested review from Ivo-Yankov Ivo-Yankov is a code owner

@lukelee-sl lukelee-sl Awaiting requested review from lukelee-sl lukelee-sl is a code owner automatically assigned from hashgraph/hedera-smart-contracts

Assignees

@natanasow natanasow

@quiet-node quiet-node

Labels
dependencies Pull requests that update a dependency file
Projects
Smart Contract Sprint Board
Archived in project
Milestone
0.52.0
Development

Successfully merging this pull request may close these issues.
6 participants
@swirlds-automation @georgi-l95 @ebadiere @natanasow @quiet-node @snyk-bot