Patch 2 #9
Open
Patch 2 #9
+109,863
−16,120
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dargon789
commented
Mar 12, 2025
•
Dargon789
commented
- Because this PR includes a bug fix, relevant tests have been included.
- Because this PR includes a new feature, the change was previously discussed on an Issue or with someone from the team.
- I didn't do anything of this.
Snyk has created this PR to upgrade io-ts from 1.10.4 to 2.2.22. See this package in npm: io-ts See this project in Snyk: https://app.snyk.io/org/dargon789/project/60c09014-60eb-40c8-82d4-eb105dab9674?utm_source=github&utm_medium=referral&page=upgrade-pr (#47) * "hardhat": patch Added a notification when a new Hardhat version is available * Added support for Typed objects "@nomicfoundation/hardhat-chai-matchers": patch * Create SECURITY.md SECURITY Supported Versions Use this section to tell people about which versions of your project are currently being supported with security updates. Version Supported 5.1.x ✅ 5.0.x ❌ 4.0.x ✅ < 4.0 ❌ Reporting a Vulnerability * Bump the npm_and_yarn group across 3 directories with 11 updates Bumps the npm_and_yarn group with 10 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [next](https://github.com/vercel/next.js) | `12.3.4` | `13.5.1` | | [undici](https://github.com/nodejs/undici) | `5.26.2` | `5.28.4` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.3` | `7.24.1` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [express](https://github.com/expressjs/express) | `4.17.3` | `4.19.2` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [tar](https://github.com/isaacs/node-tar) | `6.1.11` | `6.2.1` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.0.0` | `4.1.3` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-truffle4 directory: [web3](https://github.com/ChainSafe/web3.js). Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-web3-legacy directory: [web3](https://github.com/ChainSafe/web3.js). Updates `next` from 12.3.4 to 13.5.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v12.3.4...v13.5.1) Updates `undici` from 5.26.2 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.26.2...v5.28.4) Updates `@babel/traverse` from 7.17.3 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `express` from 4.17.3 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.3...4.19.2) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `tar` from 6.1.11 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `tough-cookie` from 4.0.0 to 4.1.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.0.0...v4.1.3) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `web3` from 0.20.7 to 4.7.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v4.7.0) Updates `web3` from 0.20.7 to 4.7.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v4.7.0) --- updated-dependencies: - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: web3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: web3 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> * Delete SECURITY.md * Bump the npm_and_yarn group across 1 directory with 2 updates Bumps the npm_and_yarn group with 2 updates in the /docs directory: [next](https://github.com/vercel/next.js) and [ws](https://github.com/websockets/ws). Updates `next` from 13.5.1 to 14.1.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.1...v14.1.1) Updates `ws` from 7.5.7 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.7...7.5.10) --- updated-dependencies: - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> * Create SECURITY.md # Security Policy * Create jekyll-gh-pages.yml deploy GitHub-pages * Create codeql.yml tool fix codeql * Create apisec-scan.yml APIsec scan test running * Create eslint.yml ESLint provided. * azure-pipelines nodejs # Node.js # Build a general Node.js project with npm. # Add steps that analyze code, save build artifacts, deploy, and more: # https://docs.microsoft.com/azure/devops/pipelines/languages/javascript * azure-pipelines # Node.js # Build a general Node.js project with npm. # Add steps that analyze code, save build artifacts, deploy, and more: # https://docs.microsoft.com/azure/devops/pipelines/languages/javascript * Bump webpack in /docs in the npm_and_yarn group across 1 directory (#8) Bumps the npm_and_yarn group with 1 update in the /docs directory: [webpack](https://github.com/webpack/webpack). Updates `webpack` from 4.46.0 to 4.47.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v4.46.0...v4.47.0) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump the npm_and_yarn group across 1 directory with 6 updates (#9) Bumps the npm_and_yarn group with 3 updates in the /docs directory: [next](https://github.com/vercel/next.js), [express](https://github.com/expressjs/express) and [markdown-to-jsx](https://github.com/quantizor/markdown-to-jsx). Updates `next` from 14.1.1 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.1...v14.2.10) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `markdown-to-jsx` from 7.1.6 to 7.5.0 - [Release notes](https://github.com/quantizor/markdown-to-jsx/releases) - [Changelog](https://github.com/quantizor/markdown-to-jsx/blob/main/CHANGELOG.md) - [Commits](quantizor/markdown-to-jsx@7.1.6...v7.5.0) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) --- updated-dependencies: - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-to-jsx dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump body-parser in /docs in the npm_and_yarn group across 1 directory (#11) Bumps the npm_and_yarn group with 1 update in the /docs directory: [body-parser](https://github.com/expressjs/body-parser). Updates `body-parser` from 1.20.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.0...1.20.3) --- updated-dependencies: - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix code scanning alert no. 21: Incomplete multi-character sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update issue templates * Fix code scanning alert no. 21: Incomplete multi-character sanitization (#10) Signed-off-by: Legion's <[email protected]> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Create defender-for-devops.yml Signed-off-by: Legion's <[email protected]> * Create sonarcloud.yml Signed-off-by: Legion's <[email protected]> * Bump elliptic in /docs in the npm_and_yarn group across 1 directory (#13) Bumps the npm_and_yarn group with 1 update in the /docs directory: [elliptic](https://github.com/indutny/elliptic). Updates `elliptic` from 6.5.4 to 6.6.0 - [Commits](indutny/elliptic@v6.5.4...v6.6.0) --- updated-dependencies: - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: upgrade io-ts from 1.10.4 to 2.2.22 Snyk has created this PR to upgrade io-ts from 1.10.4 to 2.2.22. See this package in npm: io-ts See this project in Snyk: https://app.snyk.io/org/dargon789/project/60c09014-60eb-40c8-82d4-eb105dab9674?utm_source=github&utm_medium=referral&page=upgrade-pr --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Legion's <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: snyk-bot <[email protected]>
Bumps the npm_and_yarn group with 9 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [next](https://github.com/vercel/next.js) | `14.2.10` | `14.2.21` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.28.5` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.24.1` | `7.26.9` | | [elliptic](https://github.com/indutny/elliptic) | `6.6.0` | `6.6.1` | | [express](https://github.com/expressjs/express) | `4.21.1` | `4.21.2` | | [markdown-to-jsx](https://github.com/quantizor/markdown-to-jsx) | `7.5.0` | `7.7.4` | | [nanoid](https://github.com/ai/nanoid) | `3.3.1` | `3.3.9` | | [store2](https://github.com/nbubna/store) | `2.13.1` | `2.14.4` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.3` | `4.1.4` | Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-truffle4 directory: [web3](https://github.com/ChainSafe/web3.js). Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-web3-legacy directory: [web3](https://github.com/ChainSafe/web3.js). Updates `next` from 14.2.10 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.10...v14.2.21) Updates `undici` from 5.28.4 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) Updates `@babel/traverse` from 7.24.1 to 7.26.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.9/packages/babel-traverse) Updates `elliptic` from 6.6.0 to 6.6.1 - [Commits](indutny/elliptic@v6.6.0...v6.6.1) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.1...4.21.2) Updates `markdown-to-jsx` from 7.5.0 to 7.7.4 - [Release notes](https://github.com/quantizor/markdown-to-jsx/releases) - [Changelog](https://github.com/quantizor/markdown-to-jsx/blob/main/CHANGELOG.md) - [Commits](quantizor/markdown-to-jsx@v7.5.0...v7.7.4) Updates `nanoid` from 3.3.1 to 3.3.9 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.1...3.3.9) Updates `store2` from 2.13.1 to 2.14.4 - [Commits](nbubna/store@2.13.1...2.14.4) Updates `tough-cookie` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.3...v4.1.4) Updates `web3` from 0.20.0 to 1.5.3 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v1.5.3) Updates `web3` from 0.20.0 to 1.5.3 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v1.5.3) --- updated-dependencies: - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-to-jsx dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: store2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: web3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: web3 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.