Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade soroban-client from 1.0.0-beta.2 to 1.0.1 #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade soroban-client from 1.0.0-beta.2 to 1.0.1 #5

wants to merge 1 commit into from

Conversation

kalbroni7
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade soroban-client from 1.0.0-beta.2 to 1.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.

  • The recommended version was released on 6 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AXIOS-6144788		 125 No Known Exploit
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 125 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 125 Proof of Concept
Release notes
Package name: soroban-client
  • 1.0.1 - 2024-01-03

    Warning: This library is no longer being maintained, in favor of the @ stellar/stellar-sdk package. Please read the migration guide for how to upgrade to that package. Future changes will only be made there.

    This release merely correctly marks the package as deprecated.

  • 1.0.0 - 2023-12-08

    Warning: This library is no longer being maintained, in favor of the @ stellar/stellar-sdk package. Please read the migration guide for how to upgrade to that package. Future changes will only be made there.

    v1.0.0: Protocol 20, Soroban!

    This is the stable Protocol 20 release. The following is a list of changes since the previous beta:

    Breaking Changes

    • See the new deprecation warning at the top of this document and in the README.
    • XDR has been upgraded to the latest stellar-base release, supporting the current stable XDR for Protocol 20 (#167).

    Fixed

    • The Server.getEvents method now correctly parses responses without a contractId field set: the events[i].contractId field on an event will be omitted if there was no ID in the event (e.g. for system events; (#172)).
    • The Server.getEvents() method will correctly parse the event value as an xdr.ScVal rather than an xdr.DiagnosticEvent (#172).
    • The Server.getEvents() method will correctly set startLedger to be a number rather than a string (#174).

    Full Changelog: v0.11.2...v1.0.0

  • 1.0.0-beta.4 - 2023-11-03

    Note: This version is currently only compatible with Stellar networks running the Protocol 20 release candidate such as the current Testnet and Futurenet (using stellar/stellar-xdr@9ac0264).

    This is a patch release: please refer to v1.0.0-beta.0 or the link below for a complete changelog.

    v1.0.0-beta.4

    Fixed

    • The stellar-base dependency has been upgraded to v10.0.0-beta.4 which fixes a bug with large sequence numbers (#170).

    Full Changelog: v0.11.2...v1.0.0-beta.4

  • 1.0.0-beta.3 - 2023-10-13

    Note: This version is currently only compatible with Stellar networks running the Protocol 20 release candidate such as the current Testnet (using stellar/stellar-xdr@9ac0264).

    This is a patch release: please refer to v1.0.0-beta.0 for a complete changelog.

    v1.0.0-beta.3

    Added

    • Responses for Server.getContractData and Server.getLedgerEntries now include an expirationLedgerSeq attribute on ledger data entries that have expiry information (#153).
    • The new Server._simulateTransaction method will return the raw response directly from the RPC server rather than parsing XDR fields (#160).

    Breaking Changes

    • The stellar-base dependency has been upgraded to v10.0.0-beta.3 which contains breaking changes related to auth helpers and some bugfixes (#158).
    • All endpoints will now automatically decode XDR structures whenever possible. In particular,
      • For the Server.getLedgerEntries response (#154), we parse:
        • entries is now guaranteed to exist, but it may be empty
        • entries[i].key is an instance of xdr.LedgerKey
        • the entries[i].xdr field is now val, instead
        • entries[i].val is an instance of xdr.LedgerEntryData
      • For the Server.sendTransaction response (#157), we parse:
        • errorResultXdr is renamed to errorResult
        • If it's present, it's an instance of xdr.TransactionResult
      • For the Server.getEvents response (#156), we parse:
        • events[i].contractId is now an instance of Contract
        • events[i].topic is now a list of decoded xdr.ScVal instances
        • events[i].value.xdr is now remapped directly to events.value
        • events[i].value is a decoded xdr.ScVal instance
      • For the Server.sendTransaction response (#157), we parse:
        • errorResultXdr is now errorResult, a parsed instance of xdr.TransactionResult
    • If you want to continue to use the raw RPC responses, you can use the _-prefixed methods which will return the response directly:
      • Server._getLedgerEntries
      • Server._sendTransaction
      • Server._getEvents
      • Server._simulateTransaction
      • Server._getTransaction

    Full Changelog: v0.11.2...v1.0.0-beta.3

  • 1.0.0-beta.2 - 2023-09-14

    Note: This version is currently only compatible with Stellar networks running the Protocol 20 release candidate such as the current Testnet (using stellar/stellar-xdr@9ac0264).

    This is a patch release: please refer to v1.0.0-beta.0 for a complete changelog.

    Fixed

    • The variations of responses from simulateTransaction were not always being parsed correctly (#146).

    Full Changelog: v0.11.2...v1.0.0-beta.2

from soroban-client GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade soroban-client from 1.0.0-beta.2 to 1.0.1
86244c8 
Snyk has created this PR to upgrade soroban-client from 1.0.0-beta.2 to 1.0.1.

See this package in npm:
soroban-client

See this project in Snyk:
https://app.snyk.io/org/kalbroni7/project/00daa26b-7a1d-4540-9d32-a8f2b14c500a?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel Vercel
Copy link

vercel bot commented Jul 15, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
polkadot-wiki ❌ Failed (Inspect) Jul 15, 2024 0:06am

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] Transitive: environment, filesystem, network +22 11.5 MB stellar-npm-ci

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kalbroni7 @snyk-bot