[Snyk] Upgrade truffle from 5.3.4 to 5.5.1

[snyk-bot]

Snyk has created this PR to upgrade truffle from 5.3.4 to 5.5.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 68 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2022-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-XSS-1584355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Inadequate Encryption Strength SNYK-JS-KEYPAIR-1730326	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-APOLLOSERVER-1912891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Uninitialized Memory Exposure npm:concat-stream:20160901	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-APOLLOCLIENT-1085706	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-101-1292345	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: truffle

• 5.5.1 - 2022-02-22
• 5.5.0 - 2022-02-17
• 5.5.0-tezos.4 - 2020-07-27
• 5.5.0-tezos.3 - 2020-07-23
• 5.5.0-tezos.2 - 2020-07-23
• 5.5.0-tezos.1 - 2020-07-22
• 5.5.0-tezos.0 - 2020-07-15
• 5.4.33 - 2022-02-11
• 5.4.32 - 2022-02-03
• 5.4.32-dashboard.1 - 2022-02-01
• 5.4.31 - 2022-01-29
• 5.4.30 - 2022-01-20
• 5.4.29 - 2022-01-13
• 5.4.28 - 2022-01-09
• 5.4.27 - 2022-01-06
• 5.4.26 - 2021-12-23
• 5.4.25 - 2021-12-16
• 5.4.24 - 2021-12-10
• 5.4.23 - 2021-12-02
• 5.4.22 - 2021-11-24
• 5.4.21 - 2021-11-19
• 5.4.20 - 2021-11-19
• 5.4.19 - 2021-11-11
• 5.4.18 - 2021-11-05
• 5.4.17 - 2021-10-29
• 5.4.16 - 2021-10-21
• 5.4.15 - 2021-10-14
• 5.4.14 - 2021-10-07
• 5.4.14-fc.0 - 2021-10-04
• 5.4.13 - 2021-09-30
• 5.4.13-decoder-beta.0 - 2021-09-29
• 5.4.13-alpha.0 - 2021-09-28
• 5.4.12 - 2021-09-24
• 5.4.11 - 2021-09-17
• 5.4.10 - 2021-09-11
• 5.4.10-alpha.1 - 2021-09-13
• 5.4.10-alpha.0 - 2021-09-08
• 5.4.9 - 2021-09-02
• 5.4.8 - 2021-08-27
• 5.4.7 - 2021-08-22
• 5.4.6 - 2021-08-12
• 5.4.5 - 2021-08-06
• 5.4.4 - 2021-08-06
• 5.4.3 - 2021-07-30
• 5.4.2 - 2021-07-24
• 5.4.1 - 2021-07-15
• 5.4.0 - 2021-07-09
• 5.4.0-tezos.7 - 2020-06-24
• 5.4.0-tezos.6 - 2020-06-23
• 5.4.0-tezos.5 - 2020-06-16
• 5.4.0-tezos.4 - 2020-06-15
• 5.4.0-tezos.3 - 2020-06-15
• 5.4.0-tezos.2 - 2020-06-12
• 5.4.0-tezos.1 - 2020-06-05
• 5.4.0-tezos.0 - 2020-06-02
• 5.3.14 - 2021-07-01
• 5.3.13 - 2021-06-28
• 5.3.12 - 2021-06-25
• 5.3.11 - 2021-06-18
• 5.3.10 - 2021-06-12
• 5.3.10-decoder-no-web3.0 - 2021-06-09
• 5.3.10-cheerios.1 - 2021-06-10
• 5.3.10-cheerios.0 - 2021-06-09
• 5.3.9 - 2021-06-04
• 5.3.8 - 2021-05-28
• 5.3.7 - 2021-05-20
• 5.3.6 - 2021-05-11
• 5.3.5 - 2021-05-07
• 5.3.4 - 2021-04-30

from truffle GitHub release notes

Commit messages

Package name: truffle

• ff5e098 Publish
• 542c92d Merge pull request #4759 from trufflesuite/migrationOutput
• a4bcf77 events: remove unnesscary logs
• 6116dee events: don't log blockSpinner message
• 42b98e6 events: print transaction hash before blockSpinner
• 9e36563 Publish
• 6824c7f Merge pull request #4750 from trufflesuite/dependabot/npm_and_yarn/url-parse-1.5.7
• 7449b35 Bump url-parse from 1.5.4 to 1.5.7
• f91cdaf Merge pull request #4748 from trufflesuite/prepare/dashboard-package-versions
• c394163 Merge pull request #4749 from trufflesuite/fix/box-rejects
• f73f9ce box: await assert.rejects in tests
• bb3d47f box: fix no-undef lint error
• 3bc71e2 Merge pull request #4744 from trufflesuite/fix/assert-rejects
• d4c47a2 Merge pull request #4746 from trufflesuite/yul-immutables
• f4be898 Prepare versions of new packages for release
• 7b6017f Merge pull request #4734 from trufflesuite/migrationOutput
• 37c50ee contract: use idiomatic JS to test for undefined or null
• 5c49c1c Add test of Yul context recognition
• 981b765 Allow non-numeric immutable keys in contract-schema
• eb9f7b0 contract-tests: fix detetNetwork test
• 4e7159a Merge pull request #4743 from trufflesuite/highlighting-0812
• e03ef83 Update highlightjs-solidity to ^2.0.4
• 881a5e8 Merge pull request #4737 from trufflesuite/oops-no-homepage
• 9fbf87d Remove homepage from dashboard package.json because it affects build

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs