[Snyk] Upgrade web3 from 1.2.9 to 1.7.0

[snyk-bot]

Snyk has created this PR to upgrade web3 from 1.2.9 to 1.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 37 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-01-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Information Exposure SNYK-JS-SIMPLEGET-2361683	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3

• 1.7.0 - 2022-01-17
  

  Added

  • maxPriorityFeePerGas and maxFeePerGas added to Transaction and TransactionConfig interfaces (#4232) (#4585)

  Fixed

  • Fix readthedoc's build for web3js documentation (#4425)
  • Fix response sorting for batch requests (#4250)

  Changed

  • Changed getFeeHistory first parameter type from number to hex according to the spec (#4529)
• 1.7.0-rc.0 - 2021-12-09
  

  Added

  • maxPriorityFeePerGas and maxFeePerGas added to Transaction and TransactionConfig interfaces (#4232) (#4585)

  Fixed

  • Fix readthedoc's build for web3js documentation (#4425)
  • Fix response sorting for batch requests (#4250)

  Changed

  • Changed getFeeHistory first parameter type from number to hex according to the spec (#4529)
• 1.6.1 - 2021-11-15
  

  Added

  • Support for eth_createAccessList as both an rpc call (web3.eth.createAccessList) and property of contract method wrappers (contractInstance.methods.getValue().createAccessList) (#4332)

  Changed

  • Not considering tx.chainId if tx.common.customChain.chainId is provided for web3.eth.accounts.signTransaction function (#4293)
  • Added missing PromiEvent handler types (#4194)
  • Updated README to include Webpack 5 angular support instructions (#4174)
  • Updated the documentation for the Web3.utils, removed context for _ (underscore lib) (#4403)
  • Emit subscription id with connect event when creating a subscription (#4300)
  • Introduced new configuration "blockHeaderTimeout" for waiting of block headers for transaction receipt (#3891)
  • Format block.baseFeePerGas to number (#4330)
  • Correct web3-eth-personal.sendTransaction example in documentation (#4409)
  • Updated README to include Webpack 5 angular support instructions (#4174)

  Fixed

  • Fix 1.6.1 build size issue with removing static asset files (#4506)
  • Correct web3.rst example in documentation (#4511)
  • Correct BlockHeader typing (receiptRoot -> receiptsRoot) (#4452)
• 1.6.1-rc.3 - 2021-11-10
  

  Fixed

  • Correct web3.rst example in documentation (#4511)
  • Correct BlockHeader typing (receiptRoot -> receiptsRoot) (#4452)
• 1.6.1-rc.2 - 2021-10-27
  

  Removed

  • @ types/bn.js as dev-dependency to additional packages (notably web3-utils) (#4437)

  Fixed

  • Fix 1.6.1 build size issue with removing static asset files (#4506)
• 1.6.1-rc.0 - 2021-10-09
  

  Added

  • Support for eth_createAccessList as both an rpc call (web3.eth.createAccessList) and property of contract method wrappers (contractInstance.methods.getValue().createAccessList) (#4332)
  • @ types/bn.js as dev-dependency to additional packages (notably web3-utils) (#4437)

  Changed

  • Not considering tx.chainId if tx.common.customChain.chainId is provided for web3.eth.accounts.signTransaction function (#4293)
  • Added missing PromiEvent handler types (#4194)
  • Updated README to include Webpack 5 angular support instructions (#4174)
  • Updated the documentation for the Web3.utils, removed context for _ (underscore lib) (#4403)
  • Emit subscription id with connect event when creating a subscription (#4300)
  • Introduced new configuration "blockHeaderTimeout" for waiting of block headers for transaction receipt (#3891)
  • Format block.baseFeePerGas to number (#4330)
  • Correct web3-eth-personal.sendTransaction example in documentation (#4409)
  • Updated README to include Webpack 5 angular support instructions (#4174)
• 1.6.0 - 2021-09-30
  

  Changed

  • Partially replace usage of eth-lib with ethereumjs-util (#4390)
• 1.6.0-rc.0 - 2021-09-26
  

  Changed

  • Partially replace usage of eth-lib with ethereumjs-util (#4390)
• 1.5.3 - 2021-09-22
  

  Fixed

  • Unable to send legacy transaction if network supported EIP-1559 (#4277)

  Changed

  • ethers from 5.1.4 to 5.4.4 (#4231)
  • karma from 5.2.3 to 6.3.4 (#4231)
  • lerna from 3.22.1 to 4.0.0 (#4231)
  • Dropped build tests in CI for Node v8 and v10, and added support for Node v14
  • Change default value for maxPriorityFeePerGas from 1 Gwei to 2.5 Gwei (#4284)
  • Fixed bug in signTransaction (#4295)
• 1.5.3-rc.0 - 2021-09-10
• 1.5.2 - 2021-08-15
• 1.5.2-rc.0 - 2021-08-15
• 1.5.1 - 2021-08-05
• 1.5.1-rc.1 - 2021-08-05
• 1.5.1-rc.0 - 2021-07-31
• 1.5.0 - 2021-07-28
• 1.5.0-rc.1 - 2021-07-24
• 1.5.0-rc.0 - 2021-07-21
• 1.4.0 - 2021-06-30
• 1.4.0-rc.0 - 2021-06-25
• 1.3.6 - 2021-05-14
• 1.3.6-rc.2 - 2021-05-13
• 1.3.6-rc.1 - 2021-05-09
• 1.3.5 - 2021-04-05
• 1.3.5-rc.0 - 2021-03-24
• 1.3.4 - 2021-02-03
• 1.3.4-rc.2 - 2021-01-28
• 1.3.4-rc.1 - 2021-01-26
• 1.3.3 - 2021-01-22
• 1.3.2 - 2021-01-21
• 1.3.2-rc.2 - 2021-01-21
• 1.3.1 - 2020-12-17
• 1.3.0 - 2020-09-15
• 1.3.0-rc.0 - 2020-09-02
• 1.2.11 - 2020-07-18
• 1.2.10 - 2020-07-17
• 1.2.10-rc.0 - 2020-07-09
• 1.2.9 - 2020-06-09

from web3 GitHub release notes

Commit messages

Package name: web3

• cd4b4d1 Build for v1.7.0
• d30033f v1.7.0
• c191d9a Merge branch '1.x' into release/1.7.0
• b32555c add: custom transaction polling interval (#4584) (#4672)
• 0b890b7 adding effective gas price to transactionreceipt (#4694)
• 9c9417a correction in documentation for signtransaction accounts (#4674)
• 9b19af8 added webpack 5 create-react-app instructions (#4670)
• 8783f4d Fix a typo in docs #4616 (#4640)
• bbb9cdf Manual build commit for 1.7.0-rc.0
• e76d9dc v1.7.0-rc.0
• 5878f5a npm i and update CHANGELOG for 1.7.0 release
• 44b0848 BatchRequest assumes JSON RPC requests are returned in order (#4596)
• 2bd1842 update transaction transactionconfig types 4232 (#4585)
• a1c7d71 Documentation update (#4547)
• 8b5610d v1.6.1 (#4445)
• 2812172 updating getFeeHistory input type (#4529)
• 505b833 Fix `BlockHeader` typing (#4530)
• e099d6e Update comment web3.rst (#4511)
• 7682f1a Revert #4437 (@ types/bn.js) (#4481)
• ab27807 Fix incorrectly versioned bn.js type export (#4418) (#4437)
• eb454d3 docs: create security policy (#4394)
• 2ccce7c Utils _ (underscore lib) context removed #4403 (#4417)
• ecc5c30 Update doc example for web3.eth.personal (#4397) (#4409)
• 3a3cb32 eth_createAccessList - Closes #4081 (#4332)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs