[Snyk] Fix for 1 vulnerabilities

[hbenali]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/contract

The new version differs by 250 commits.

• a26df1f Publish
• 4df99df Merge pull request #6193 from legobeat/ci-yarn-deduplicate
• 39ffb36 apply lint:fix:dependencies
• d37ed52 ci: enforce deduped lockfile when linting dependencies
• b999099 chore: add yarn lockfile deduplication package scripts using yarn-deduplicate
• 6b2a081 Merge pull request #6194 from legobeat/yarn-dedupe-full-fewer
• 0f3d963 yarn refresh lockfile
• 17536c4 yarn deduplicate fewer
• 6accdbf devDeps: yarn deduplicate readable-stream
• f322892 devDeps: yarn deduplicate object.assign
• 4fac8f1 devDeps: yarn deduplicate http-cache-semantics
• 7b2d2ff devDeps: yarn deduplicate acorn,ajv
• 6a0c3bd deps: yarn deduplicate bn.js@^5
• a82c4ad devDeps: yarn deduplicate @ types/
• f28ce63 deps: yarn dedupe strip-ansi,ansi-regex
• 9b23a59 devDeps: webpack@^5.73.0->^5.88.2
• 09ebe21 deps: yarn dedupe,lockbump apollo-server packages
• a267cab yarn dedupe graphql,tslib
• 16e723d devDeps(db,db-kit): madge@^5.0.1->6.1.0
• 3344b45 Merge pull request #6192 from legobeat/deps-bump-eth-libs
• 4372ee3 update yarn.lock after rebase
• 0625db5 Merge pull request #6191 from legobeat/deps-dedupe-libs
• 0500ff7 deps: bump/dedupe web3, ethereumjs-util packages
• 4d64055 yarn dedupe ethers

See the full diff

Package name: truffle

The new version differs by 250 commits.

• 854a564 Publish
• 5483e17 Merge pull request #6050 from trufflesuite/newtable
• f193115 Merge pull request #6049 from trufflesuite/overtaken-by-events
• 6b22766 Merge pull request #6118 from trufflesuite/fix-test
• 4308cde Merge pull request #6121 from trufflesuite/dependabot/npm_and_yarn/semver-7.5.2
• a29101b Merge pull request #6120 from trufflesuite/no-test-cronos
• 2f009e9 Bump semver from 5.7.1 to 7.5.2
• 76d3687 Remove cronos testnet from etherscan fetcher
• 75c62b3 Update ENS tests to 0.8.20
• 74118cb Re-add viaIR decoding tests, now in separate directory
• 9f9ce14 Increase Solidity version in Decoder tests to 0.8.20
• d864008 Revert "Update internal function degradation test to remove more info"
• ebbcaf7 Revert "Up timeouts on decoder test setup"
• 8723fcd Revert "Set decoder tests to use 0.8.20 and viaIR"
• 3eba98a handle case when a user uses @ truffle/test without core
• f27dfd6 Merge pull request #6116 from trufflesuite/no-magic-prefix
• 3a2cc03 codec-components: Add missing injected nodes usage
• 2587fdb Merge pull request #6117 from trufflesuite/zora
• c54971f Add zora network to Sourcify fetcher
• 2a9cf32 Move magic variable prefix to tooltip
• faa8ee7 Merge pull request #6114 from trufflesuite/up-hardhat-timeout-again
• 686e569 Remove now-unnecessary scripts
• 6dca9c2 Delete unused test fixtures
• 1f1f915 Remove unnecessary test

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)