[Snyk] Upgrade prettier-plugin-solidity from 1.0.0-beta.19 to 1.1.3

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade prettier-plugin-solidity from 1.0.0-beta.19 to 1.1.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2023-03-01.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-Y18N-1021887	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Authentication Bypass SNYK-JS-HTTPAUTH-471683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: prettier-plugin-solidity

• 1.1.3 - 2023-03-01
  

  This version adds support for user-defined operators, a feature introduced in Solidity 0.8.19.

• 1.1.2 - 2023-02-06
  

  This version adds support for named parameters in mappings, introduced in Solidity 0.8.18. This means you can add names to your mappings parameters:

  mapping(address account => uint balance) balanceOf; 

  and Prettier Solidity will format it correctly.

  Thanks to @ zemse for working on this!

• 1.1.1 - 2022-12-29
  

  With this version we started supporting prettier V3 which at the moment it's in their 3.0.0-alpha.4 version. (#757)

  Some internal tweaks and removed some dependencies that were no longer used. (thanks to @ frangio for noticing #780)

• 1.1.0 - 2022-12-13
  

  With this version, we are releasing a standalone build (#727).
  It follows the same patterns Prettier uses for their internal plugins such as UMD.
  Hopefully this will make integration for projects based on the browser easy and will be automatically shipped on each release to http://unpkg.com/prettier-plugin-solidity@latest.

  We also took care of a small bug that would print an extra line when formatting solidity code within a markdown code block (#765).

• 1.0.0 - 2022-11-17
  

  We are happy to release the first stable version of Prettier Solidity! 🎉 🎉

  What does this mean for you as a user? Semantic versioning doesn't make a lot of sense for a formatter, so it's hard to give hard rules about what will be the meaning of future versions. But we'll try to follow these guidelines:

  • We won't make big formatting changes within the same major version. For example, you shouldn't get all your function signatures changed just because you upgraded to, say, v1.1.0.
  • We won't remove any option within the same major version.
  • We'll use patch versions (e.g., moving from 1.2.3 to 1.2.4) for bug fixes and very minor formatting changes.
  • We'll use minor versions (e.g., moving from 1.2.3 to 1.3.0) for new language constructs, new options (if any) and somewhat bigger formatting changes.

  What separates a "very minor formatting change" from a "bigger one" is hard to define precisely, of course, so some of these decisions will be very subjective, but we'll try to do our best.

  Thanks for using our plugin and remember to star the repo! ⭐

• 1.0.0-rc.1 - 2022-11-02
  

  This is our first release candidate for a stable v1.0.0!

  This version includes some significant changes:

  • We removed the explicitTypes option, since we believe that this belongs to a linter. The behavior now is the same one that you would get if using explicitTypes: "preserve", meaning that we'll never convert an uint to an uint256 or vice versa.
  • In previous versions, the parameters of a function definition would always be split if there were more than two of them. Starting now, we only split them if the line doesn't fit in line-width. Plus, the way this works is that first the parameters are split, then the modifiers (if they also don't fit in a single line), and finally the return parameters (also only if they don't fit).
  • The exponentiation operator (**) now has spaces around it. This is more consistent with other operators, and it looks better for long variable names (that is, base ** decimals is better than base**decimals). We do know that this is not as nice for some cases (2 ** 10), but we are erring on the side of consistency and a better worst-case scenario.

  As an example, a function like this:

  contract Foo {
    function f(uint x, uint y, uint z) mod1 mod2 { x**y**z; }
  }

  would be formatted in the previous version like this:

  contract Foo {
      function f(
          uint256 x,
          uint256 y,
          uint256 z
      ) mod1 mod2 {
          x**y**z;
      }
  }

  and now it will be formatted like this:

  contract Foo {
      function f(uint x, uint y, uint z) mod1 mod2 {
          x ** y ** z;
      }
  }

  Please upgrade to the latest version and let us if you find any issues!

• 1.0.0-dev.24 - 2022-10-19
• 1.0.0-dev.23 - 2022-07-15
• 1.0.0-dev.22 - 2022-07-11
  

  This new release provides some bug fixes and new formatting added by solidity.

  #643
  #683
  #685
  #693
  #694

• 1.0.0-dev.21 - 2022-02-10
• 1.0.0-beta.24 - 2022-08-06
  

  Bump to beta.24

• 1.0.0-beta.20 - 2022-02-10
• 1.0.0-beta.19 - 2021-11-11
  

  Changes in this version:

  • 🔧 node 12 is no longer supported. #598 thanks @ mattiaerre
  • 🐛 fixed bug for pragma statements containing multiple versions. #583 thanks @ fvictorio
  • ✨ added support for user defined types. #607 thanks @ zemse

from prettier-plugin-solidity GitHub release notes

Commit messages

Package name: prettier-plugin-solidity

• 910d89d 1.1.3
• a63b0b7 Merge pull request Inflationary Token OpenZeppelin/openzeppelin-contracts#814 from prettier-solidity/user-defined-operators
• 838e1d9 Add support for user-defined operators
• 7875618 Upgrade parser
• 136b30b Merge pull request Fast Enumerating ERC721s OpenZeppelin/openzeppelin-contracts#801 from prettier-solidity/fix-empty-structs
• 67c76ad 1.1.2
• ae6d1e1 Merge pull request ERC721 full implementation OpenZeppelin/openzeppelin-contracts#803 from zemse/mapping-named-parameters
• 7368dbf Add support for named parameters in mappings
• 6a99cdc Update parser version
• bc1b8d7 Format empty structs correctly
• a8cf709 Merge pull request add case when to is equal to 0 an have a previos approve OpenZeppelin/openzeppelin-contracts#798 from prettier-solidity/dependabot/npm_and_yarn/eslint-8.33.0
• 80956dd Bump eslint from 8.32.0 to 8.33.0
• fbd274c Merge pull request Feature/edge case remove token OpenZeppelin/openzeppelin-contracts#797 from prettier-solidity/dependabot/npm_and_yarn/jest-29.4.1
• 03e8b43 Bump jest from 29.4.0 to 29.4.1
• 17c18f7 Bump jest from 29.3.1 to 29.4.0 (Implement ControlledToken, contract owner can burn/mint tokens at will OpenZeppelin/openzeppelin-contracts#796)
• 7b52a4d Bump jest-watch-typeahead from 2.2.1 to 2.2.2 (Token upgrade proposal OpenZeppelin/openzeppelin-contracts#795)
• 8e04054 Bump eslint-plugin-import from 2.27.4 to 2.27.5 (Fix version error for truffle-flattener. OpenZeppelin/openzeppelin-contracts#794)
• 887e969 Bump eslint from 8.31.0 to 8.32.0 (Tiny indentation fix in MintedCrowdsale OpenZeppelin/openzeppelin-contracts#792)
• 069a4ea Bump prettier from 2.8.2 to 2.8.3 (Fixed typo in Crowdsale contract comment OpenZeppelin/openzeppelin-contracts#793)
• 088de00 Bump eslint-plugin-import from 2.27.2 to 2.27.4 (is there any example for crowdsale of non-mintabletoken? OpenZeppelin/openzeppelin-contracts#791)
• 7e20509 Bump eslint-plugin-import from 2.26.0 to 2.27.2 (Token transfer fail OpenZeppelin/openzeppelin-contracts#790)
• 2d844f8 Bump prettier from 2.8.1 to 2.8.2 (TaxedToken implementation that charges a fee for token transfers.  OpenZeppelin/openzeppelin-contracts#788)
• 2cac286 Bump eslint-config-prettier from 8.5.0 to 8.6.0 (📈 Make BurnableToken consistent w/ MintableToken (i.e. onlyOwner and burnFrom configurable) OpenZeppelin/openzeppelin-contracts#785)
• af7d1de Merge pull request make BurnableToken consistent w/ MintableToken OpenZeppelin/openzeppelin-contracts#786 from prettier-solidity/refactor

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: fa294d2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR