[Snyk] Fix for 22 vulnerabilities

[leojoy95]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/contractkit/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @0x/subproviders

The new version differs by 250 commits.

• aad2bd4 Publish
• ae6753a Updated CHANGELOGS & MD docs
• 91344c0 Bump CirciCI to nodejs16 ([Snyk] Fix for 1 vulnerabilities #68)
• ae232fa Bump CI to node16
• b89d468 Cannot run installation against specific package ([Snyk] Fix for 1 vulnerabilities #67)
• e003034 fix: Update deps fix ([Snyk] Fix for 1 vulnerabilities #65)
• 14e5370 empty
• 27955e3 chore: Update deps ([Snyk] Fix for 3 vulnerabilities #64)
• 7e7e6dc fix: Fix subprovider tests
• dbd0dc0 bump ts
• 094c081 Bump subprovider deps
• 3c0bb9e Update @ ethereumjs/common
• 9d28e7d Unpin merkle-patricia-tree
• b543924 Add repository to @ 0x/subproviders
• 0787b82 Publish
• c9009bd Updated CHANGELOGS & MD docs
• 136b9dd Merge pull request [Snyk] Security upgrade web3 from 1.0.0-beta.37 to 1.6.0 #62 from 0xProject/fix/ethereum-types-linkReferences
• c44fb80 make compiler output artifact `linkReferences` optional (for 0.8)
• 41976dd Publish
• e7e2055 Updated CHANGELOGS & MD docs
• 33ae44c Update publish.yml
• 343b40d Merge pull request [Snyk] Fix for 4 vulnerabilities #61 from 0xProject/fix/solc-compiler-0.8-support
• b80738e update sol-tracing-utils deps
• 7f28191 appease prettier

See the full diff

Package name: babel-jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (Increase throughput celo-org/celo-monorepo#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (Soloseng/celo-minting-schedule celo-org/celo-monorepo#10995)
• 4fa3a0b feat: custom haste (feat(foundry): publish L2 state in @celo/devchain-anvil celo-org/celo-monorepo#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (Current Celo cli cannot approve until 1.3.0.0 Governance.sol is deployed celo-org/celo-monorepo#9924)
• db643a1 Link to Jest config (forge test should be all green and exclude e2e tests that require a devchain celo-org/celo-monorepo#11106)
• b16082c Fix locale issue Figure out what to do with ASv1 related code celo-org/celo-monorepo#10014 (#11412)

See the full diff

Package name: jest

The new version differs by 250 commits.

• 8f9b812 v28.0.0
• f424551 feat: Jest 28 blog post (#12732)
• c79f8d6 feat: roll v28 docs (#12733)
• e9f6610 Remove `core.autocrlf` config on CI (#12731)
• 9342a23 docs: add mention of expect breaking change to upgrade guide (#12730)
• e1f2515 chore: add missing `throw`
• 039f43e chore: combine all v27 docs into a single one (#12729)
• 256c1af chore(website): add some admonitions to 25.x (#12565)
• fc85b8f fix: replace hash routine md5 with sha256 (#12722)
• c1a57cb chore(deps): bump isbinaryfile dependency to ^5.0.0 (#12726)
• 9ebfe0a chorer: add note about babel config to upgrade guide (#12724)
• 4ec4b98 chore: cache yarn deps on netlify (#12725)
• 62afb83 chore: revert #12718 and simply do not bundle type declarations of `@ jest/globals` (#12721)
• 4f1d199 Add Yarn dedupe CI check (#12717)
• 7a8c9cf Lock source-map-support verion to 0.5.13 (#12720)
• 811228d Support error logging before jest retry (#12201)
• a28db24 chore: do not bundle type definitions for packages which have only one `.d.ts` file (#12718)
• 49ee158 update dependency @ microsoft/api-extractor to 7.23.0 (#12716)
• e72c52f feat(jest-runner): export `TestRunner` interface types and reexport types from other packages (#12715)
• 3c6f14b feat(jest-resolve): expose `PackageFilter`, `PathFilter` and `PackageJSON` types (#12712)
• a293b75 refactor(jest-transform): rename TransformerConfig (#12708)
• 625e0bc show that setupFilesAfterEnv scripts can define beforeAll (#12702)
• 0208815 feat(jest-resolve): expose `JestResolver`, `AsyncResolver` and `SyncResolver` types (#12707)
• 75c7c40 docs: use admonitions in ExpectAPI.md (#12679)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cryptographic Issues
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn