[Snyk] Upgrade web3 from 0.20.7 to 4.16.0

[Boomtokn]

Snyk has created this PR to upgrade web3 from 0.20.7 to 4.16.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 523 versions ahead of your current version.

• The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	300	No Known Exploit

Release notes

Package name: web3

• 4.16.0 - 2024-12-03
  

  What's Changed

  • fix: correctly close ws connection in web3-eth-contract integration tests by @ krzysu in #7338
  • fix: export Web3Account, Wallet and signature related types by @ krzysu in #7374
  • fix: CI workflow cache issues by @ krzysu in #7384
  • fix: return type of sendTransaction in docs by @ krzysu in #7386
  • chore: update CI actions by @ krzysu in #7385
  • Bump express from 4.19.2 to 4.21.1 in /docs by @ dependabot in #7388
  • Bump ws from 7.4.6 to 8.18.0 by @ dependabot in #7171
  • Bump micromatch from 4.0.7 to 4.0.8 in /docs by @ dependabot in #7225
  • [Snyk] Upgrade prism-react-renderer from 2.3.1 to 2.4.0 by @ Muhammad-Altabba in #7367
  • Bump express from 4.18.1 to 4.20.0 by @ dependabot in #7258
  • chore: update deps to fix vulnerabilities by @ krzysu in #7389
  • chore: fix 0 kwei bug by @ whitemoshui in #7387
  • [Snyk] Upgrade docusaurus-lunr-search from 3.4.0 to 3.5.0 by @ Muhammad-Altabba in #7396
  • Bump cross-spawn from 7.0.3 to 7.0.6 in /docs by @ dependabot in #7399
  • [Snyk] Upgrade @ mdx-js/react from 3.0.1 to 3.1.0 by @ Muhammad-Altabba in #7395
  • fix: remove force exit from blackbox tests by @ krzysu in #7397
  • Replaces #7390, #7391, & #7400 by @ danforbes in #7401
  • [Snyk] Upgrade @ cookbookdev/docsbot from 4.24.0 to 4.24.4 by @ avkos in #7403
  • chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @ dependabot in #7404
  • update typescript version to 5 by @ Muhammad-Altabba in #7272
  • chore(deps-dev): bump http-proxy-middleware from 2.0.6 to 2.0.7 by @ dependabot in #7407
• 4.15.1-dev.e79ace2.0 - 2024-11-19
• 4.15.1-dev.bde1316.0 - 2024-11-14
• 4.15.1-dev.b3ee417.0 - 2024-12-03
• 4.15.1-dev.acdb0c7.0 - 2024-12-03
• 4.15.1-dev.9aab5cd.0 - 2024-11-14
• 4.15.1-dev.984cb7c.0 - 2024-11-22
• 4.15.1-dev.926044b.0 - 2024-11-26
• 4.15.1-dev.8c55cb0.0 - 2024-11-14
• 4.15.1-dev.7a8df69.0 - 2024-11-25
• 4.15.1-dev.7109fb2.0 - 2024-11-21
• 4.15.1-dev.6af068f.0 - 2024-11-13
• 4.15.1-dev.6ad1ca9.0 - 2024-11-14
• 4.15.1-dev.6379aa8.0 - 2024-11-19
• 4.15.1-dev.6229f4d.0 - 2024-11-19
• 4.15.1-dev.5eeb2d6.0 - 2024-11-19
• 4.15.1-dev.56d4aec.0 - 2024-11-19
• 4.15.1-dev.5437fbc.0 - 2024-11-19
• 4.15.1-dev.4c55d98.0 - 2024-11-21
• 4.15.1-dev.471c12b.0 - 2024-11-14
• 4.15.1-dev.3b122a2.0 - 2024-11-21
• 4.15.1-dev.1b367e6.0 - 2024-11-14
• 4.15.1-dev.1724f35.0 - 2024-11-11
• 4.15.1-dev.0cbc23d.0 - 2024-11-21
• 4.15.1-dev.098ee6d.0 - 2024-11-06
• 4.15.1-dev.0915cf4.0 - 2024-11-13
• 4.15.1-dev.079c558.0 - 2024-11-19
• 4.15.1-dev.2011192.0 - 2024-11-13
• 4.15.0 - 2024-11-06
  

  What's Changed

  • Intermediate dApp Guide by @ danforbes in #7334
  • fix: ensure contractInstance.subscriptionManager.subscribe is not throwing by @ Muhammad-Altabba in #7327
  • 7202 account abstraction by @ jdevcs in #7311
  • make decodeFunctionCall and decodeFunctionReturn available at web3-eth-abi by @ Muhammad-Altabba in #7345
  • Add rpc provider public node by @ avkos in #7322
  • Update Intermediate dApp Guide by @ danforbes in #7349
  • CODEOWNERS update by @ jdevcs in #7350
  • Fix Contract methods input param type any[] by @ avkos in #7340
  • [Snyk] Upgrade @ cookbookdev/docsbot from 4.21.1 to 4.21.23 by @ Muhammad-Altabba in #7357
  • allowing to specify percentage-based factors (like 1.125 for 112.5%) by @ TemirlanBasitov in #7332
  • Fix Link to SocketConstructorOpts Type by @ danforbes in #7363
  • [Snyk] Upgrade @ docusaurus/core from 3.4.0 to 3.5.2 by @ Muhammad-Altabba in #7365
  • Add accout.signRaw function to sign a message without prefix by @ blackmoshui in #7346
  • Lightweight dApp Development Guide by @ danforbes in #7364
  • newPendingTransactionFilter by @ jdevcs in #7353
  • Bump http-proxy-middleware from 2.0.6 to 2.0.7 in /docs by @ dependabot in #7356

  New Contributors

  • @ TemirlanBasitov made their first contribution in #7332
  • @ blackmoshui made their first contribution in #7346

  Full Changelog: v4.5.0...v4.15.0

• 4.14.1-dev.fab66e9.0 - 2024-10-21
• 4.14.1-dev.efac906.0 - 2024-10-28
• 4.14.1-dev.ed85cce.0 - 2024-10-21
• 4.14.1-dev.d446838.0 - 2024-11-04
• 4.14.1-dev.d3baae6.0 - 2024-10-24
• 4.14.1-dev.9fa32c9.0 - 2024-11-05
• 4.14.1-dev.95b4bab.0 - 2024-10-30
• 4.14.1-dev.70352cd.0 - 2024-10-23
• 4.14.1-dev.69d83e7.0 - 2024-10-30
• 4.14.1-dev.4ca66af.0 - 2024-10-23
• 4.14.1-dev.4aaf915.0 - 2024-11-04
• 4.14.1-dev.376f192.0 - 2024-10-21
• 4.14.1-dev.331aa9c.0 - 2024-10-22
• 4.14.1-dev.07993c2.0 - 2024-11-05
• 4.14.1-dev.0681f97.0 - 2024-10-24
• 4.14.1-dev.3687070.0 - 2024-10-22
• 4.14.1-dev.3283431.0 - 2024-10-31
• 4.14.0 - 2024-10-21
  

  What's Changed

  • Fix CHANGELOG for PR 7239 by @ danforbes in #7271
  • Fix Typos in Docs by @ danforbes in #7283
  • Revert CHANGELOG Changes from #7271 by @ danforbes in #7274
  • Add Note About create-hardhat-web3 to Hardhat Guide by @ danforbes in #7281
  • fix padRight validation failure on large uint by @ Muhammad-Altabba in #7265
  • Ok/6984 update e2e network tests by @ avkos in #7276
  • feat: make getEthereumjsTxDataFromTransaction not trim extra fields by @ nicolasbrugneaux in #7282
  • 7136 decodeparams update by @ jdevcs in #7288
  • Update FUNDING.json by @ Redoudou in #7304
  • Fix e2e test error "project ID request rate exceeded" by @ avkos in #7290
  • fix: correct type and documentation for baseFeePerGas at web3.eth.getFeeHistory by @ Muhammad-Altabba in #7291
  • Restructure Docs by @ danforbes in #7298
  • Add Support for Nethermind and Besu 'syncing' Subscription Payload Format by @ chebykin in #7306
  • Fix Typos by @ danforbes in #7310
  • Export EIP-6963 Types by @ danforbes in #7270
  • Add Gas Estimation Guide by @ danforbes in #7319
  • add migration websocket doc changes by @ luu-alex in #7318
  • add ignoregaspricing config by @ luu-alex in #7320

  New Contributors

  • @ Redoudou made their first contribution in #7304
  • @ chebykin made their first contribution in #7306

  Full Changelog: v4.13.0...v4.14.0

• 4.13.1-dev.facc2e6.0 - 2024-10-08
• 4.13.1-dev.f701406.0 - 2024-10-09
• 4.13.1-dev.dcd9d6a.0 - 2024-10-02
• 4.13.1-dev.d6baee6.0 - 2024-09-23
• 4.13.1-dev.d45b712.0 - 2024-09-24
• 4.13.1-dev.cc99825.0 - 2024-09-26
• 4.13.1-dev.c602fc6.0 - 2024-09-24
• 4.13.1-dev.bbde6ea.0 - 2024-10-11
• 4.13.1-dev.adf483f.0 - 2024-10-04
• 4.13.1-dev.aa471e7.0 - 2024-09-24
• 4.13.1-dev.9edb183.0 - 2024-10-07
• 4.13.1-dev.822f8c1.0 - 2024-10-16
• 4.13.1-dev.7c207b8.0 - 2024-10-05
• 4.13.1-dev.76c468a.0 - 2024-10-04
• 4.13.1-dev.7008e5c.0 - 2024-10-15
• 4.13.1-dev.6f9a485.0 - 2024-09-19
• 4.13.1-dev.69187c5.0 - 2024-10-16
• 4.13.1-dev.61babcc.0 - 2024-09-24
• 4.13.1-dev.5a7e302.0 - 2024-09-18
• 4.13.1-dev.496ed93.0 - 2024-10-07
• 4.13.1-dev.32c8cc8.0 - 2024-09-26
• 4.13.1-dev.04da324.0 - 2024-09-26
• 4.13.0 - 2024-09-18
  

  What's Changed

  • unit tests update by @ jdevcs in #7221
  • Handle common cases for smart contract errors according to EIP 838 by @ Muhammad-Altabba in #7155
  • feat(docs): upgrade-bn by @ danforbes in #7232
  • feat(requestEIP6963Providers): return-type by @ danforbes in #7239
  • feat(docs): extend by @ danforbes in #7233
  • fix(onNewProviderDiscovered): callback-parameter by @ danforbes in #7242
  • Format repo, add new rules by @ luu-alex in #7226
  • Document Formatting by @ danforbes in #7222
  • feat: add custom transaction schema to formatTransaction by @ nicolasbrugneaux in #7227

  New Contributors

  • @ nicolasbrugneaux made their first contribution in #7227
• 4.12.2-dev.f351e00.0 - 2024-08-23
• 4.12.2-dev.b86d8ca.0 - 2024-09-09
• 4.12.2-dev.b3cb1b7.0 - 2024-09-13
• 4.12.2-dev.a21078b.0 - 2024-09-17
• 4.12.2-dev.9b32205.0 - 2024-08-28
• 4.12.2-dev.973ee80.0 - 2024-09-09
• 4.12.2-dev.7a6e492.0 - 2024-09-05
• 4.12.2-dev.75df267.0 - 2024-09-09
• 4.12.2-dev.2f24244.0 - 2024-09-09
• 4.12.2-dev.27155ea.0 - 2024-09-09
• 4.12.1 - 2024-08-23
  

  Hot fix

  [4.12.1]

  Fixed

  web3-eth-accounts

  • Revert TransactionFactory.registerTransactionType if there is a version mistatch between web3-eth and web3-eth-accounts and fix nextjs problem. (#7216)

  What's Changed

  • fix yml by @ avkos in #6803
• 4.12.1-dev.e746566.0 - 2024-08-22
• 4.12.1-dev.0b75589.0 - 2024-08-23
• 4.12.0 - 2024-08-22
  

  [4.12.0]

  Fixed

  web3-core

  • setConfig() fix for setMaxListenerWarningThreshold fix (#5079)

  web3-eth-accounts

  • Fix TransactionFactory.registerTransactionType not working, if there is a version mistatch between web3-eth and web3-eth-accounts by saving extraTxTypes at globals. (#7197)

  Added

  web3-eth-accounts

  • Added public function signMessageWithPrivateKey (#7174)

  web3-eth-contract

  • Added populateTransaction to the contract.deploy(...) properties. (#7197)

  web3-providers-http

  • Added statusCode of response in ResponseError, statusCode is optional property in ResponseError.

  web3-rpc-providers

  • Updated rate limit error of QuickNode provider for HTTP transport
  • Added optional HttpProviderOptions | SocketOptions in Web3ExternalProvider and QuickNodeProvider for provider configs

  web3-errors

  • Added optional statusCode property of response in ResponseError.

  Changed

  web3-eth-contract

  • The returnred properties of contract.deploy(...) are structured with a newly created class named DeployerMethodClass. (#7197)
  • Add a missed accepted type for the abi parameter, at dataInputEncodeMethodHelper and getSendTxParams. (#7197)

  What's Changed

  • Cookbook integration branch by @ SantiagoDevRel in #7178
  • feat(glossary): updated glossary by @ EmmanuelOluwafemi in #7168
  • fix infura tests and secrets by @ luu-alex in #7163
  • Zk sync plugin related changes by @ avkos in #7174
  • 4x tests updates by @ jdevcs in #7162
  • feat(docs): Expand web3 config guide by @ mmyyrroonn in #7131
  • Fix 7055 one of with scalar value and string by @ mmyyrroonn in #7173
  • Quicknode provider update by @ jdevcs in #7195
  • Web3 RPC Providers support of configuration of selected transport by @ jdevcs in

[Boomtokn]

⛔ Snyk checks have failed. 4 issues have been found so far.

Icon	Severity	Issues
	Critical	2
	High	2
	Medium	0
	Low	0

⛔ security/snyk check is complete. 4 issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/web3@4.16.0 🔁 npm/web3@0.20.7	None	0	3.46 MB	luu-alex

View full report↗︎