[Snyk] Upgrade web3 from 1.0.0-beta.35 to 1.2.4

[snyk-bot]

Snyk has created this PR to upgrade web3 from 1.0.0-beta.35 to 1.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2019-11-15.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No Known Exploit

Release notes

Package name: web3

• 1.2.4 - 2019-11-15
  

  This release is a hotfix for the scrypt-shim and websocket dependency.

  Fixed

  • Fix npm installation error for scrypt-shim and websocket (#3210)
• 1.2.3 - 2019-11-14
  

  We have improved with this release the TypeScript type definitions, we applied a fix for the OOG (out-of-gas) error issue, and we added a missing polyfill to the web3.min.js file.

  Fixed

  • Fix perfect gas usage causes tx to error (#3175)
  • Fix regenerator runtime error in web3.min.js (#3155)
  • Fix TS types for eth.subscribe syncing, newBlockHeaders, pendingTransactions (#3159)
  • Improve web3-eth-abi decodeParameters error message (#3134)
• 1.2.2 - 2019-10-23
  

  TypeScript

  We have back-ported all the types from 2.x to 1.x and do now provide the type definitions directly from the web3 repository. (Docs)

  Thanks Josh Stevens for back-porting them for us!

  Signing

  We have improved the signing process and updated it to the latest version of ethereumjs-tx. This update brought up some newly required configuration properties for custom chains.

  • chain
  • hardfork
  • common

  These new TransactionConfig config properties do also have the related default properties on the web3-eth and web3-eth-contract module:

  • defaultChain
  • defaultHardfork
  • defaultCommon

  Transaction Confirmation Workflow

  We updated the confirmation workflow for the HttpProvider. A confirmation will now only get triggered if a new block is existing and not each second.

  Additionally is it now possible to configure the confirmation workflow with the following default properties on the web3-eth and web3-eth-contract module:

  • transactionPollingTimeout
  • transactionConfirmationBlocks
  • transactionBlockTimeout

  New JSON-RPC Method

  We added the JSON-RPC method eth_chainId as getChainId method on the web3-eth module.
  The documentation for this method can be found here.

  New utility Functions: Bloom-Filters

  What are bloom filters?

  A Bloom filter is a probabilistic, space-efficient data structure used for fast checks of set membership. That probably doesn’t mean much to you yet, and so let’s explore how bloom filters might be used.

  Imagine that we have some large set of data, and we want to be able to quickly test if some element is currently in that set. The naive way of checking might be to query the set to see if our element is in there. That’s probably fine if our data set is relatively small. Unfortunately, if our data set is really big, this search might take a while. Luckily, we have tricks to speed things up in the Ethereum world!

  A bloom-filter is one of these tricks. The basic idea behind the Bloom filter is to hash each new element that goes into the data set, take certain bits from this hash, and then use those bits to fill in parts of a fixed-size bit array (e.g. set certain bits to 1). This bit array is called a bloom filter.

  Later, when we want to check if an element is in the set, we simply hash the element and check that the right bits are in the bloom filter. If at least one of the bits is 0, then the element definitely isn’t in our data set! If all of the bits are 1, then the element might be in the data set, but we need to actually query the database to be sure. So we might have false positives, but we’ll never have false negatives. This can greatly reduce the number of database queries we have to make.

  Bloom filters benefits with a real-life example

  An Ethereum real-life example in where this is useful is if you want to update a user's balance on every new block so it stays as close to real-time as possible. Without using a bloom filter on every new block you would have to force the balances even if that user may not have had any activity within that block. But if you use the logBlooms from the block you can test the bloom filter against the users Ethereum address before you do any more slow operations, this will dramatically decrease the number of calls you do as you will only be doing those extra operations if that Ethereum address is within that block (minus the false positives outcome which will be negligible). This will be highly performant for your app.

  Added Functions:

  • isBloom
  • isUserEthereumAddressInBloom
  • isContractAddressInBloom
  • isTopic
  • isTopicInBloom
  • isInBloom

  Thanks Josh Stevens for adding these functions!

  Subscription Events

  We extended the subscription events with a connected event. The connected event will emit the subscription ID as a hex value when the subscription got established. This applies to Contract events as well.

  Example:

  var subscription = web3.eth.subscribe(
    'logs', 
    {
      address: '0x123456..',
      topics: ['0x12345...']
    }
  )
  .on('connected', console.log);
  > '0x9ce59a13059e417087c02d3236a0b1cc'

  Providers

  We extend the provider interface with the method supportsSubscription. This will help the DApp developers to detect if the currentProvider does support subscriptions.

  Changelog

  Added

  • localStorage support detection added (#3031)
  • getNetworkType method extended with Görli testnet (#3095)
  • supportsSubscriptions method added to providers (#3116)
  • Add eth.getChainId method (#3113)
  • Minified file added to web3 package (#3131)
  • The transaction confirmation workflow can now be configured (#3130)
  • Additional parameters for accounts.signTransaction added (docs) (#3141)
  • Emit connected event on subscription creation (#3028)
  • TypeScript type definitions added for all modules (#3132)
  • Bloom filters added to web3.utils (#3137)

  Fixed

  • Fix allow 0 as a valid fromBlock or toBlock filter param (#1100)
  • Fix randomHex returning inconsistent string lengths (#1490)
  • Fix make isBN minification safe (#1777)
  • Fix incorrect references to BigNumber in utils.fromWei and utils.toWei error messages (#2468)
  • Fix error incorrectly thrown when receipt.status is null (#2183)
  • Fix incorrectly populating chainId param with net_version when signing txs (#2378)
  • regeneratorRuntime error fixed (#3058)
  • Fix accessing event.name where event is undefined (#3014)
  • fixed Web3Utils toHex() for Buffer input (#3021)
  • Fix bubbling up tx signing errors (#2063, #3105)
  • HttpProvider: CORS issue with Firefox and Safari (#2978)
  • Ensure the immutability of the tx object passed to function signTransaction (#2190)
  • Gas check fixed (#2381)
  • Signing issues #1998, #2033, and #1074 fixed (#3125)
  • Fix hexToNumber and hexToNumberString prefix validation (#3086)
  • The receipt will now returned on a EVM error (this got removed on beta.18) (#3129)
  • Fixes transaction confirmations with the HttpProvider (#3140)
• 1.2.1 - 2019-08-06
  

  This release contains several stability improvements.

  Fixed

  • websocket dependency fixed (#2971, #2976)
  • requestOptions added to WebsocketProvider (#2979)
  • Node >= v8.0.0 support (#2938)

  Thanks for providing these fixes @michaelsbradleyjr.

• 1.2.0 - 2019-07-23
  

  We decided jointly with the open-source community to release the older architecture (1.0.0-beta.37) as 1.x version of web3.js. Further details are explained in the following Medium blog post.

• 1.0.0-beta2 - 2017-07-20
• 1.0.0-beta1 - 2017-07-20
• 1.0.0-beta.55 - 2019-05-09
  

  Documentation

  We have added some new examples to the Module API documentation.

  Feel free to open a GitHub issue with your feedback about the new Module API.

  web3-bzz

  The web3-bzz module got removed because the used swarm-js dependency is no longer maintained and outdated. We recommend using erebos as alternative.

  Issues

  • #2792
  • #1490
  • #1777
  • #1905
  • #2667
  • #2781
  • #2385
• 1.0.0-beta.54 - 2019-05-02
  

  Web3 Module API Documentation

  The Module API gives you the possibility to create your own custom Web3 Module with JSON-RPC methods, subscriptions, or contracts.

  The Web3 standard modules are a good example of the API the core does provide.

  Fixed Issues

  • #2763

  Other Improvements

  I've updated the error handling of the underlying socket connections for the IpcProvider and the WebsocketProvider.

• 1.0.0-beta.53 - 2019-04-30
  

  This release contains several bug fixes and some new modules and methods.

  Compare view beta.52 - beta.53

  We have currently an open discussion about the coming stable release of Web3.js.
  Feel free to join the discussion here.

  New Modules

  Thanks for adding the Management API modules Minner, TxPool, Admin, and Debug @princesinha19. The newly added modules are standalone modules which means you have to install and import them separately.

  Please read the documentation for further details.

  New Methods

  • web3.eth.getPendingTransactions()
  • web3.eth.getProof()

  Fixed Issues

  • #2689
  • #2687
  • #2670
  • #2661
  • #2468
  • #2707
  • #2733
  • #2731
  • #2744
• 1.0.0-beta.52 - 2019-04-04
• 1.0.0-beta.51 - 2019-03-28
• 1.0.0-beta.50 - 2019-03-20
• 1.0.0-beta.49 - 2019-03-19
• 1.0.0-beta.48 - 2019-03-05
• 1.0.0-beta.47 - 2019-03-01
• 1.0.0-beta.46 - 2019-02-09
• 1.0.0-beta.44 - 2019-02-08
• 1.0.0-beta.43 - 2019-02-06
• 1.0.0-beta.42 - 2019-02-06
• 1.0.0-beta.41 - 2019-01-28
• 1.0.0-beta.40 - 2019-01-28
• 1.0.0-beta.39 - 2019-01-27
• 1.0.0-beta.38 - 2019-01-25
• 1.0.0-beta.37 - 2018-12-08
• 1.0.0-beta.36 - 2018-09-04
• 1.0.0-beta.35 - 2018-07-25

from web3 GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs