[Snyk] Upgrade solidity-coverage from 0.7.21 to 0.8.13 #35
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade solidity-coverage from 0.7.21 to 0.8.13.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 24 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-BODYPARSER-7926860
SNYK-JS-WS-7266574
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-ES5EXT-6095076
SNYK-JS-WS-1296835
SNYK-JS-GOT-2932019
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-REQUEST-3361831
SNYK-JS-GOT-2932019
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-TAR-6476909
SNYK-JS-TOUGHCOOKIE-5672873
SNYK-JS-COOKIEJAR-3149984
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
SNYK-JS-WEB3-174533
Release notes
Package name: solidity-coverage
🐛 Bug Fixes
This release fixes a bug that caused the plugin to error when used with
hardhat-viem
in combination with a forked network.What's Changed
New Contributors
Full Changelog: v0.8.12...v0.8.13
What's Changed
hardhat-viem
plugin. If you're using viem, run the coverage task with:require
statement and the terminating semi-colonPRs
require
and terminating;
by @ cgewecke in #884extendConfig
changes in README by @ cgewecke in #885Full Changelog: v0.8.11...v0.8.12
Summary
0.8.11 fixes a(nother) bug that resulted in some line hits remaining undetected when compiling with viaIR=true
What's Changed
Full Changelog: v0.8.10...v0.8.11
Summary
0.8.10 fixes a bug that resulted in some line hits remaining undetected when compiling with
viaIR=true
What's Changed
Full Changelog: v0.8.9...v0.8.10
What's Changed
Full Changelog: v0.8.8...v0.8.9
What's Changed
Install
Full Changelog: v0.8.7...v0.8.8
What's Changed
viaIR
now allowedThis release (hopefully) fixes a long-running problem solidity-coverage had with solc's
viaIR
compilation mode - It's now possible to use it without any special configuration. (Please report any ongoing issues with this to issue #861)If you've been using
.solcover.js
options likeconfigureYulOptimizer
andsolcOptimizerDetails
as a work around, you should remove them when upgrading. (Don't forget to run the hardhat clean task after updating any coverage config stuff).--network
no longer allowedSadly the ganache client has been deprecated. The coverage plugin never worked with its latest major version and the
network
flag only existed for its sake. Going forward, thenetwork
option throws an error notifying the user that coverage only uses the HardhatEVM network.--sources
cli optionYou can now select a single file (or folder) at the command line to generate coverage for. This option should speed things up if you've been waiting for the plugin to instrument everything in a large project whenever you run the command.
(Thanks so much @ clauBv23 for adding this!)
Funding
OpenZeppelin has very generously funded recent work at solidity-coverage via DRIPS, a public goods protocol which helps you direct money to projects in your dependency tree. Thanks so much! ❤️
Links to relevant PRs
onPreCompile
stage hook by @ cgewecke in #851viaIR
compiler flag is true by @ cgewecke in #854Full Changelog: v0.8.6...v0.8.7
What's Changed
Fixes
Documentation
viaIR
optimizer config workaround by @ remedcu in #822check-coverage
cli command by @ cgewecke in #834Dependencies
Misc
New Contributors
Full Changelog: v0.8.5...v0.8.6
What's Changed
.solcoverjs
occurencies to.solcover.js
by @ joaoh9 in #777New Contributors
Full Changelog: v0.8.4...v0.8.5
What's Changed
New Contributors
Full Changelog: v0.8.2...v0.8.4
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"solidity-coverage","from":"0.7.21","to":"0.8.13"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":696,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-1296835","issue_id":"SNYK-JS-WS-1296835","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-GOT-2932019","issue_id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHTOREGEXP-7925106","issue_id":"SNYK-JS-PATHTOREGEXP-7925106","priority_score":738,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-REQUEST-3361831","issue_id":"SNYK-JS-REQUEST-3361831","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-GOT-2932019","issue_id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TOUGHCOOKIE-5672873","issue_id":"SNYK-JS-TOUGHCOOKIE-5672873","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":541,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SEND-7926862","issue_id":"SNYK-JS-SEND-7926862","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SERVESTATIC-7926865","issue_id":"SNYK-JS-SERVESTATIC-7926865","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-WEB3-174533","issue_id":"SNYK-JS-WEB3-174533","priority_score":379,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.3","score":165},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Insecure Credential Storage"}],"prId":"7d5d98f3-e574-4874-b41e-2ef063b15c30","prPublicId":"7d5d98f3-e574-4874-b41e-2ef063b15c30","packageManager":"npm","priorityScoreList":[696,696,589,696,586,484,738,646,586,646,646,586,519,541,391,391,379],"projectPublicId":"c8db6975-f9ad-4b1f-b5e8-94654e147c9d","projectUrl":"https://app.snyk.io/org/muisance/project/c8db6975-f9ad-4b1f-b5e8-94654e147c9d?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-WS-7266574","SNYK-JS-BROWSERIFYSIGN-6037026","SNYK-JS-ES5EXT-6095076","SNYK-JS-WS-1296835","SNYK-JS-GOT-2932019","SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-REQUEST-3361831","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-COOKIEJAR-3149984","SNYK-JS-EXPRESS-6474509","SNYK-JS-EXPRESS-7926867","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-WEB3-174533"],"upgradeInfo":{"versionsDiff":24,"publishedDate":"2024-08-29T04:37:55.789Z"},"vulns":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-WS-7266574","SNYK-JS-BROWSERIFYSIGN-6037026","SNYK-JS-ES5EXT-6095076","SNYK-JS-WS-1296835","SNYK-JS-GOT-2932019","SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-REQUEST-3361831","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-COOKIEJAR-3149984","SNYK-JS-EXPRESS-6474509","SNYK-JS-EXPRESS-7926867","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-WEB3-174533"]}'