[Snyk-dev] Fix for 5 vulnerabilities

[lili2311]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/contractkit/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	738/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @0x/subproviders

The new version differs by 250 commits.

• aad2bd4 Publish
• ae6753a Updated CHANGELOGS & MD docs
• 91344c0 Bump CirciCI to nodejs16 ([Snyk-dev] Security upgrade firebase-admin from 7.4.0 to 11.1.0 #68)
• ae232fa Bump CI to node16
• b89d468 Cannot run installation against specific package ([Snyk] Security upgrade firebase-admin from 7.4.0 to 11.1.0 #67)
• e003034 fix: Update deps fix ([Snyk-dev] Fix for 17 vulnerabilities #65)
• 14e5370 empty
• 27955e3 chore: Update deps ([Snyk] Security upgrade next from 8.0.3 to 10.0.2 #64)
• 7e7e6dc fix: Fix subprovider tests
• dbd0dc0 bump ts
• 094c081 Bump subprovider deps
• 3c0bb9e Update @ ethereumjs/common
• 9d28e7d Unpin merkle-patricia-tree
• b543924 Add repository to @ 0x/subproviders
• 0787b82 Publish
• c9009bd Updated CHANGELOGS & MD docs
• 136b9dd Merge pull request [Snyk] Security upgrade jest from 24.9.0 to 26.0.0 #62 from 0xProject/fix/ethereum-types-linkReferences
• c44fb80 make compiler output artifact `linkReferences` optional (for 0.8)
• 41976dd Publish
• e7e2055 Updated CHANGELOGS & MD docs
• 33ae44c Update publish.yml
• 343b40d Merge pull request [Snyk] Security upgrade @celo/contractkit from 0.0.1 to 0.1.0 #61 from 0xProject/fix/solc-compiler-0.8-support
• b80738e update sol-tracing-utils deps
• 7f28191 appease prettier

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (Increase throughput celo-org/celo-monorepo#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (Soloseng/celo-minting-schedule celo-org/celo-monorepo#10995)
• 4fa3a0b feat: custom haste (feat(foundry): publish L2 state in @celo/devchain-anvil celo-org/celo-monorepo#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (Current Celo cli cannot approve until 1.3.0.0 Governance.sol is deployed celo-org/celo-monorepo#9924)
• db643a1 Link to Jest config (forge test should be all green and exclude e2e tests that require a devchain celo-org/celo-monorepo#11106)
• b16082c Fix locale issue Figure out what to do with ASv1 related code celo-org/celo-monorepo#10014 (#11412)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption
🦉 Prototype Pollution