[Snyk] Fix for 53 vulnerabilities

[harshalmadnani]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTS-3339525	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTS-3339527	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTS-5425051	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JS-OPENZEPPELINCONTRACTS-5425827	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Missing Authorization SNYK-JS-OPENZEPPELINCONTRACTS-5672116	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTS-5711902	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Encoding or Escaping of Output SNYK-JS-OPENZEPPELINCONTRACTS-5838352	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Out-of-bounds Read SNYK-JS-OPENZEPPELINCONTRACTS-6346765	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-3339524	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-3339526	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-5425052	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-5425826	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Missing Authorization SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-5672117	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-5711903	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Encoding or Escaping of Output SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-5838353	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Out-of-bounds Read SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-6346764	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	551/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.6	CRLF Injection SNYK-JS-UNDICI-3323844	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	Yes	Proof of Concept
	409/1000 Why? Has a fix available, CVSS 3.9	Information Exposure SNYK-JS-UNDICI-5962466	Yes	No Known Exploit
	409/1000 Why? Has a fix available, CVSS 3.9	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	Yes	No Known Exploit
	379/1000 Why? Has a fix available, CVSS 3.3	Insecure Credential Storage SNYK-JS-WEB3-174533	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: web3

The new version differs by 250 commits.

• 5b5bf87 changelog updates
• 45d55c3 version update
• 4358140 Release/4.0.1 rc.2 (#6152)
• cdc2835 fix canary auth (#6151)
• 55a4de1 add util polyfill (#6150)
• 45edf3d Canary releases (#6143)
• 01ce365 Proposal for rearranging docs (#6141)
• 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
• d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
• 88ac791 Correct and enhance documentation for subscribing to events (#6129)
• daaaff7 Autotype for contract methods (#6137)
• ab80131 support ESM builds (#6131)
• 6202d1e min build whitelisting (#6132)
• 7a924db migration guide update (#6130)
• 4f423fc Fix validation of nested tuples (#6125)
• 408332d fix!: remove non read-only ens methods (#6084)
• 8c5ea34 Providers Tutorial (#6095)
• f2abd6a Eth turorial (#6120)
• 210455a transaction integration tests (#6071)
• fe959a1 Contract options fix (#6118)
• bf1311f update docs so web is imported by default (#6112)
• 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
• 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
• edc7a84 `defaultTransactionTypeParser` Refactor (#6102)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Prototype Pollution
🦉 Cross-site Request Forgery (CSRF)
🦉 More lessons are available in Snyk Learn