Bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
web3	1.2.5	1.5.3
ansi-regex	3.0.0	5.0.1
ansi-regex	4.1.0	5.0.1
ansi-regex	5.0.0	5.0.1
acorn	6.4.0	7.4.1
eth-crypto	1.5.2	1.9.0
ajv	6.12.0	6.12.6
bl	1.2.2	1.2.3
glob-parent	5.1.0	5.1.2
es5-ext	0.10.53	0.10.64
npm-registry-fetch	4.0.3	4.0.7
pathval	1.1.0	1.1.1
shelljs	0.8.3	0.8.5
simple-get	2.8.1	2.8.2
ssri	6.0.1	6.0.2

Updates web3 from 1.2.5 to 1.5.3

Release notes

Sourced from web3's releases.

[email protected]

Initial alpha release

Install with yarn add [email protected]

[email protected]

Initial alpha release

Install with yarn add [email protected]

[email protected]

Initial alpha release

Install with yarn add [email protected]

[email protected]

Changed

• Update version to 1.0.0-alpha.1 for web3-providers-base
• Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

[email protected]

Initial alpha release

Install with yarn add [email protected]

[email protected]

Initial alpha release

Install with yarn add [email protected]

Changelog

Sourced from web3's changelog.

[1.2.5]

Added

• eth_requestAccounts as requestAccounts added to web3-eth package (#3219)
• sha3Raw and soliditySha3Raw added to web3-utils package (#3226)
• eth_getProof as getProof added to web3-eth package (#3220)
• BN and BigNumber objects are now supported by the abi.encodeParameter(s) method (#3238)
• getPendingTransactions added to web3-eth package (#3239)
• Revert instruction handling added which can get activated with the handleRevert module property (#3248)
• The receipt does now exist as property on the error object for transaction related errors (#3259)
• internalType added to AbiInput TS interface in web3-utils (#3279)
• Agent option added to the HttpProvider options (#2980)

Changed

• eth-lib dependency updated (0.2.7 => ^0.2.8) (#3242)

Fixed

• Fix crash when decoding events with identical signatures, differently indexed args (#3272)
• Fix user supplied callback not fired in eth.accounts.signTransaction (#3283)
• Fix minified bundle (#3256)
• defaultBlock property handling fixed (#3247)
• clearSubscriptions does no longer throw an error if no running subscriptions do exist (#3246)
• callback type definition for Accounts.signTransaction fixed (#3280)
• fix: export bloom functions on the index.js
• Prefer receipt status to code availability on contract deployment (#3298)

[1.2.6]

Added

• Görli testnet ENS registry added to the known registries (#3338)

Changed

• ENS registry addresses updated (#3353, https://medium.com/the-ethereum-name-service/ens-registry-migration-bug-fix-new-features-64379193a5a)

[1.2.7]

Added

• Add revert reason support to sendSignedTransaction (#3345)
• ENS module extended with the possibility to add a custom registry (#3301)
• Missing ENS Registry methods and Resolver.supportsInterface method added (#3325)
• Add optional gas type to AbiItem typescript definitions (for ABIs generated by Vyper) (#3437)
• Add görli testnet ENS registry to the known registries (#3252)
• Add auto-reconnect option for Websockets (#3092, #1085, #1391, #1558, #1852, #1646)

... (truncated)

Commits

• c82db7a npm i and build for v1.5.3
• 7f525d8 v1.5.3
• 7fcb2ff v1.5.3-rc.0
• ac9aafd Build for 1.5.3-rc.0
• a58173b Update CHANGELOG for 1.5.3 release
• 3f5cb38 signTransaction fix (#4295)
• c70722b EIP-1559 Fix Issue #4258 (#4277)
• 1547b18 Bump maxPriorityFeePerGas to 2.5 Gwei - Closes #4283 (#4284)
• 8e8785e Junaid/1xlibsfix (#4231)
• 44b72f8 Release 1.5.2 (#4242)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by spacesailor, a new releaser for web3 since your current version.

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates acorn from 6.4.0 to 7.4.1

Commits

• 88c2669 Mark version 7.4.1
• 9c9142a Fix potentially-exponential regular expression in use-strict-scanning
• 54efb62 Mark version 7.4.0
• 856b720 Remove link to plugin that's part of the repository now
• e376a66 add numeric separators
• d20ade2 update test262
• fe7b3f1 add logical assignment operators
• 459fa1e update test262
• 4e2c0e2 Also add license header to other packages
• 31d3b1c Add "MIT License" at the top of acorn License file
• Additional commits viewable in compare view

Updates eth-crypto from 1.5.2 to 1.9.0

Release notes

Sourced from eth-crypto's releases.

1.9.0

Updated dependency versions.

Commits

• See full diff in compare view

Updates ajv from 6.12.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates bl from 1.2.2 to 1.2.3

Commits

• d69edfd 1.2.3
• 847473a test all branches
• 0bd87ec Fix unintialized memory access
• dc097f3 test newer versions of Node
• See full diff in compare view

Updates glob-parent from 5.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

• eliminate ReDoS (#36) (f923116)

v5.1.1

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

Commits

• eb2c439 chore: update changelog
• 12bcb6c chore: release 5.1.2
• f923116 fix: eliminate ReDoS (#36)
• 0b014a7 chore: add JSDoc returns information (#33)
• 2b24ebd chore: generate initial changelog
• 9b6e874 chore: release 5.1.1
• 749c35e ci: try wrapping the JOB_ID in a string
• 5d39def ci: attempt to switch to published coveralls
• 0b5b37f ci: put the npm step back in for only Windows
• 473f5d8 ci: update azure build images
• Additional commits viewable in compare view

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates npm-registry-fetch from 4.0.3 to 4.0.7

Changelog

Sourced from npm-registry-fetch's changelog.

4.0.7 (2020-08-17)

Bug Fixes

• correct password redaction (110032b)

4.0.6 (2020-08-14)

Bug Fixes

• import URL from url module (cd35987)

4.0.5 (2020-06-30)

4.0.4 (2020-04-28)

Commits

• d8df0b1 chore(release): 4.0.7
• 110032b fix: correct password redaction
• 2275f55 chore(release): 4.0.6
• cd35987 fix: import URL from url module
• 62ce833 chore(release): 4.0.5
• 43a5d84 chore: remove basic auth data from logs
• 71ab0e7 chore(release): 4.0.4
• fc5d94c Put default timeout back to zero
• See full diff in compare view

Updates pathval from 1.1.0 to 1.1.1

Release notes

Sourced from pathval's releases.

v1.1.1

Fixes a security issue around prototype pollution.

Commits

• db6c3e3 chore: v1.1.1
• 7859e0e Merge pull request #60 from deleonio/fix/vulnerability-prototype-pollution
• 49ce1f4 style: correct rule in package.json
• c77b9d2 fix: prototype pollution vulnerability + working tests
• 49031e4 chore: remove very old nodejs
• 57730a9 chore: update deps and tool configuration
• a123018 Merge pull request #55 from chaijs/remove-lgtm
• 07eb4a8 Delete MAINTAINERS
• a0147cd Merge pull request #54 from astorije/patch-1
• aebb278 Center repo name on README
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by chai, a new releaser for pathval since your current version.

Updates shelljs from 0.8.3 to 0.8.5

Release notes

Sourced from shelljs's releases.

v0.8.5

This was a small security fix for #1058.

v0.8.4

Small patch release to fix a circular dependency warning in node v14. See #973.

Changelog

Sourced from shelljs's changelog.

Change Log

Unreleased

Full Changelog

Closed issues:

• find returns empty array even though directory has files #922
• exec() should support node v10 (maxbuffer change) #915
• grep exit status and extra newlines #900
• Travis CI currently broken #893
• Drop node v4 support #873
• cp -Ru respects the -R but not the -u #808

Merged pull requests:

• feat(options): initial support for long options #926 (nfischer)
• test(touch): add coverage for -d option #925 (nfischer)
• chore(node): add v10 and v11 to CI #921 (nfischer)
• chore(test): no coverage by default #920 (nfischer)
• fix(exec): consistent error message for maxBuffer #919 (nfischer)
• chore(node): drop node v4 and v5 #917 (nfischer)
• chore: script to bump supported node versions #913 (nfischer)
• chore(npm): remove lockfile #911 (nfischer)
• ci: change language to node_js and remove obsolete scripts #910 (DanielRuf)
• chore: remove gitter integration #907 (nfischer)
• fix: Exit 1 with empty string if no match #901 (wyardley)
• feat(cp): support update flag when recursing #889 (joshi-sh)

Commits

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• See full diff in compare view

Updates simple-get from 2.8.1 to 2.8.2

Commits

• 4e156b6 2.8.2
• 43c272d Bug fix: Thirdparty cookie leak
• See full diff in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for simple-get since your current version.

Updates ssri from 6.0.1 to 6.0.2

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

• backport regex change from 8.0.1 (b30dfdb), closes #19

Commits

• b7c8c7c chore(release): 6.0.2
• b30dfdb fix: backport regex change from 8.0.1
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.