[Snyk] Security upgrade web3 from 1.7.3 to 4.0.1

[filiptronicek]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-WEB3UTILS-6229337	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[github-actions]

yarn.lock changes

Summary

Status	Count
	15
	19
	3
	166

Click to toggle table visibility

Name	Status	Previous	Current
@adraffy/ens-normalize		-	1.10.1
@ethereumjs/common		2.6.0	-
@ethereumjs/rlp		-	4.0.1
@ethereumjs/tx		3.4.0	-
@noble/curves		-	1.3.0
@noble/hashes		-	1.3.3
@scure/base		-	1.1.6
@scure/bip32		-	1.3.3
@scure/bip39		-	1.2.2
@sindresorhus/is		0.14.0	-
@szmarczak/http-timer		1.1.2	-
@types/bn.js		5.1.0	4.11.6
@types/ws		-	8.5.3
abitype		-	0.7.1
accepts		1.3.7	-
array-flatten		1.1.1	-
asn1		0.2.6	-
asn1.js		5.4.1	-
assert-plus		1.0.0	-
async-limiter		1.0.1	-
aws-sign2		0.7.0	-
aws4		1.11.0	-
bcrypt-pbkdf		1.0.2	-
bignumber.js		9.0.2	-
bluebird		3.7.2	-
body-parser		1.19.1	-
browserify-cipher		1.0.1	-
browserify-des		1.0.2	-
browserify-rsa		4.1.0	-
browserify-sign		4.2.1	-
buffer-to-arraybuffer		0.0.5	-
bytes		3.1.1	-
cacheable-request		6.1.0	-
caseless		0.12.0	-
cids		0.7.5	-
clone-response		1.0.2	-
content-disposition		0.5.4	-
content-hash		2.5.2	-
content-type		1.0.4	-
cookie-signature		1.0.6	-
cookiejar		2.1.3	-
core-util-is		1.0.2	1.0.3
cors		2.8.5	-
crc-32		1.2.0	1.2.2
create-ecdh		4.0.4	-
cross-fetch		3.1.5	4.0.0
crypto-browserify		3.12.0	-
d		1.0.1	-
dashdash		1.14.1	-
decode-uri-component		0.2.0	-
defer-to-connect		1.1.3	-
depd		1.1.2	-
des.js		1.0.1	-
destroy		1.0.4	-
diffie-hellman		5.0.3	-
dom-walk		0.1.2	-
duplexer3		0.1.4	-
ecc-jsbn		0.1.2	-
ee-first		1.1.1	-
encodeurl		1.0.2	-
es5-ext		0.10.53	-
es6-iterator		2.0.3	-
es6-symbol		3.1.3	-
etag		1.8.1	-
eth-ens-namehash		2.0.8	-
eth-lib		0.2.8	-
ethereum-bloom-filters		1.0.10	-
ethereum-cryptography		0.1.3	2.1.3
ethereumjs-util		7.1.3	6.2.1
ethjs-unit		0.1.6	-
eventemitter3		4.0.4	5.0.1
exit-on-epipe		1.0.1	-
express		4.17.2	-
ext		1.6.0	-
extend		3.0.2	-
extsprintf		1.3.0	-
finalhandler		1.1.2	-
forever-agent		0.6.1	-
forwarded		0.2.0	-
fresh		0.5.2	-
fs-minipass		1.2.7	-
getpass		0.1.7	-
global		4.4.0	-
got		9.6.0	-
har-schema		2.0.0	-
har-validator		5.1.5	-
has-symbol-support-x		1.4.2	-
has-to-string-tag-x		1.4.1	-
http-cache-semantics		4.1.0	-
http-errors		1.8.1	-
http-https		1.0.0	-
http-signature		1.2.0	-
idna-uts46-hx		2.3.1	-
is-function		1.0.2	-
is-object		1.0.2	-
is-retry-allowed		1.2.0	-
is-typedarray		1.0.0	-
isomorphic-ws		-	5.0.0
isstream		0.1.2	-
isurl		1.0.0	-
jsbn		0.1.1	-
json-buffer		3.0.0	-
json-stringify-safe		5.0.1	-
jsprim		1.4.2	-
keyv		3.1.0	-
lowercase-keys		2.0.0	-
media-typer		0.3.0	-
merge-descriptors		1.0.1	-
methods		1.1.2	-
miller-rabin		4.0.1	-
min-document		2.19.0	-
minipass		2.9.0	-
minizlib		1.3.3	-
mkdirp		0.5.5	-
mkdirp-promise		5.0.1	-
mock-fs		4.14.0	-
ms		2.1.3	2.1.2
multibase		0.7.0	-
multicodec		1.0.4	-
multihashes		0.4.21	-
nano-json-stream-parser		0.1.2	-
negotiator		0.6.2	-
next-tick		1.0.0	-
normalize-url		4.5.1	-
number-to-bn		1.7.0	-
oauth-sign		0.9.0	-
oboe		2.1.5	-
on-finished		2.3.0	-
p-cancelable		1.1.0	-
p-finally		1.0.0	-
p-timeout		1.2.1	-
parse-asn1		5.1.6	-
parse-headers		2.0.4	-
parseurl		1.3.3	-
path-to-regexp		0.1.7	-
performance-now		2.1.0	-
prepend-http		2.0.0	-
printj		1.1.2	-
process		0.11.10	-
proxy-addr		2.0.7	-
public-encrypt		4.0.3	-
qs		6.9.6	-
query-string		5.1.1	-
randomfill		1.0.4	-
raw-body		2.4.2	-
request		2.88.2	-
responselike		1.0.2	-
send		0.17.2	-
serve-static		1.14.2	-
servify		0.1.12	-
setprototypeof		1.2.0	-
sshpk		1.17.0	-
statuses		1.5.0	-
strict-uri-encode		1.1.0	-
swarm-js		0.1.40	-
tar		4.4.19	-
timed-out		4.0.1	-
to-readable-stream		1.0.0	-
toidentifier		1.0.1	-
type		2.5.0	-
type-is		1.6.18	-
typedarray-to-buffer		3.1.5	-
ultron		1.1.1	-
unpipe		1.0.0	-
url-parse-lax		3.0.0	-
url-set-query		1.0.0	-
url-to-options		1.0.1	-
utf8		3.0.0	-
utils-merge		1.0.1	-
vary		1.1.2	-
verror		1.10.0	-
web3		1.7.3	4.6.0
web3-bzz		1.7.3	-
web3-core		1.7.3	4.3.2
web3-core-helpers		1.7.3	-
web3-core-method		1.7.3	-
web3-core-promievent		1.7.3	-
web3-core-requestmanager		1.7.3	-
web3-core-subscriptions		1.7.3	-
web3-errors		-	1.1.4
web3-eth		1.7.3	4.5.0
web3-eth-abi		1.7.3	4.2.0
web3-eth-accounts		1.7.3	4.1.1
web3-eth-contract		1.7.3	4.2.0
web3-eth-ens		1.7.3	4.1.0
web3-eth-iban		1.7.3	4.0.7
web3-eth-personal		1.7.3	4.0.8
web3-net		1.7.3	4.0.7
web3-providers-http		1.7.3	4.1.0
web3-providers-ipc		1.7.3	4.0.7
web3-providers-ws		1.7.3	4.0.7
web3-rpc-methods		-	1.2.0
web3-shh		1.7.3	-
web3-types		-	1.5.0
web3-utils		1.7.3	4.2.1
web3-validator		-	2.0.4
websocket		1.0.34	-
xhr		2.6.0	-
xhr-request		1.1.0	-
xhr-request-promise		0.1.3	-
xhr2-cookies		1.1.0	-
yaeti		0.0.6	-
zod		-	3.22.4