Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

Release 16.0.6 #449

Merged
merged 3 commits into from
Oct 12, 2023
Merged

Release 16.0.6 #449

merged 3 commits into from
Oct 12, 2023

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented Oct 11, 2023
edited
Loading

Fixed

  • Replace vulnerable dependency request with patched @cypress/request (#441)
  • Update ws from ^5.1.1 to ^7.5.9 (#446)

@legobeat legobeat marked this pull request as ready for review October 11, 2023 23:38
@legobeat legobeat requested a review from a team as a code owner October 11, 2023 23:38
@socket-security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@cypress/request 3.0.0 environment +9 743 kB cypress-npm-publisher

🚮 Removed packages: web3-provider-engine@16.0.5

@socket-security
Copy link

socket-security bot commented Oct 11, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: querystringify@2.2.0, http-signature@1.3.6

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@legobeat
Copy link
Contributor Author 

@SocketSecurity ignore querystringify@2.2.0
@SocketSecurity ignore http-signature@1.3.6

Leftover from #441

@legobeat legobeat mentioned this pull request Oct 11, 2023
Merged
6 tasks
mcmire
mcmire reviewed Oct 12, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@legobeat legobeat requested review from mcmire and a team October 12, 2023 01:32
mcmire
mcmire reviewed Oct 12, 2023
View reviewed changes
yarn.lock Outdated Show resolved Hide resolved
@legobeat legobeat requested a review from mcmire October 12, 2023 21:07
mcmire
mcmire approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@legobeat legobeat merged commit 06ac733 into main Oct 12, 2023
7 checks passed
@legobeat legobeat deleted the release/16.0.6 branch October 12, 2023 23:42
@legobeat
Copy link
Contributor Author

https://github.com/MetaMask/web3-provider-engine/releases/tag/v16.0.6

npm notice package: web3-provider-engine@16.0.6
npm notice === Tarball Contents ===
npm notice 1.1kB   LICENSE
npm notice 291B    .eslintrc.js
npm notice 144B    dist/es5/util/assert.js
npm notice 138B    util/assert.js
npm notice 1.8kB   dist/es5/util/async.js
npm notice 1.7kB   util/async.js
npm notice 4.4kB   dist/es5/subproviders/cache.js
npm notice 376B    subproviders/cache.js
npm notice 281B    dist/es5/util/create-payload.js
npm notice 270B    util/create-payload.js
npm notice 559B    dist/es5/subproviders/default-fixture.js
npm notice 545B    subproviders/default-fixture.js
npm notice 595B    dist/es5/util/estimate-gas.js
npm notice 584B    util/estimate-gas.js
npm notice 7.3kB   dist/es5/subproviders/etherscan.js
npm notice 7.2kB   subproviders/etherscan.js
npm notice 4.4kB   dist/es5/subproviders/fetch.js
npm notice 356B    subproviders/fetch.js
npm notice 4.4kB   dist/es5/subproviders/filters.js
npm notice 363B    subproviders/filters.js
npm notice 857B    dist/es5/subproviders/fixture.js
npm notice 807B    subproviders/fixture.js
npm notice 2.4kB   dist/es5/subproviders/gasprice.js
npm notice 2.3kB   subproviders/gasprice.js
npm notice 2.6kB   dist/es5/subproviders/hooked-wallet-ethtx.js
npm notice 2.5kB   subproviders/hooked-wallet-ethtx.js
npm notice 23.8kB  dist/es5/subproviders/hooked-wallet.js
npm notice 22.8kB  subproviders/hooked-wallet.js
npm notice 7.5kB   dist/es5/index.js
npm notice 7.4kB   index.js
npm notice 4.4kB   dist/es5/subproviders/inflight-cache.js
npm notice 342B    subproviders/inflight-cache.js
npm notice 4.4kB   dist/es5/subproviders/infura.js
npm notice 324B    subproviders/infura.js
npm notice 1.6kB   dist/es5/subproviders/ipc.js
npm notice 1.6kB   subproviders/ipc.js
npm notice 6.2kB   dist/es5/subproviders/json-rpc-engine-middleware.js
npm notice 1.9kB   subproviders/json-rpc-engine-middleware.js
npm notice 2.7kB   dist/es5/subproviders/nonce-tracker.js
npm notice 2.6kB   subproviders/nonce-tracker.js
npm notice 788B    dist/es5/subproviders/provider.js
npm notice 765B    subproviders/provider.js
npm notice 865.0kB dist/ProviderEngine.js
npm notice 154B    dist/es5/util/random-id.js
npm notice 140B    util/random-id.js
npm notice 4.0kB   dist/es5/util/rpc-cache-utils.js
npm notice 3.9kB   util/rpc-cache-utils.js
npm notice 1.4kB   dist/es5/util/rpc-hex-encoding.js
npm notice 1.4kB   util/rpc-hex-encoding.js
npm notice 2.4kB   dist/es5/subproviders/rpc.js
npm notice 2.3kB   subproviders/rpc.js
npm notice 1.9kB   dist/es5/subproviders/sanitizer.js
npm notice 1.6kB   subproviders/sanitizer.js
npm notice 637B    dist/es5/util/stoplight.js
npm notice 612B    util/stoplight.js
npm notice 1.7kB   dist/es5/subproviders/stream.js
npm notice 1.6kB   subproviders/stream.js
npm notice 908B    dist/es5/subproviders/subprovider.js
npm notice 886B    subproviders/subprovider.js
npm notice 4.9kB   dist/es5/subproviders/subscriptions.js
npm notice 642B    subproviders/subscriptions.js
npm notice 5.9kB   dist/es5/subproviders/vm.js
npm notice 6.0kB   subproviders/vm.js
npm notice 595B    dist/es5/subproviders/wallet.js
npm notice 598B    subproviders/wallet.js
npm notice 11.2kB  dist/es5/subproviders/websocket.js
npm notice 4.4kB   subproviders/websocket.js
npm notice 1.1kB   dist/es5/subproviders/whitelist.js
npm notice 1.2kB   subproviders/whitelist.js
npm notice 3.9kB   dist/es5/zero.js
npm notice 3.6kB   zero.js
npm notice 1.5MB   dist/ZeroClientProvider.js
npm notice 2.2kB   package.json
npm notice 4.1kB   CHANGELOG.md
npm notice 3.9kB   README.md
npm notice === Tarball Details ===
npm notice name:          web3-provider-engine
npm notice version:       16.0.6
npm notice package size:  594.7 kB
npm notice unpacked size: 2.6 MB
npm notice shasum:        7c5c392c21f090e4a75cae7e57b1ea90769d5d08
npm notice integrity:     sha512-tQ5w3USNZx2AC[...]wg6KEW3Qwn/9Q==
npm notice total files:   75

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mcmire mcmire mcmire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legobeat @mcmire