[Snyk] Fix for 6 vulnerabilities

[kelvinwijaya]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	574/1000 Why? Has a fix available, CVSS 7.2	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ethereumjs-tx

The new version differs by 153 commits.

• a8da65a Merge pull request Bump highlight.js from 9.12.0 to 10.4.1 OpenZeppelin/ethernaut#190 from ethereumjs/update-common-and-new-release
• 6f8f14a Bumped version to v2.1.2, added CHANGELOG entry, updated README
• 3da414e Updated ethereumjs-common to v1.5.0 (MuirGlacier support)
• ba4ef9a Merge pull request MetaMask deprecation messages OpenZeppelin/ethernaut#188 from ryanio/fixTests
• 0b0606e fix test runner by putting tx rlp toBuffer call in try catch block to catch malformed data error
• 2df0cf3 Merge pull request Bump highlight.js from 9.12.0 to 10.1.2 OpenZeppelin/ethernaut#187 from ethereumjs/runActionsOnPR
• 5642c73 run gh actions on pr
• 0892118 Merge pull request Upgrade to Solidity 06 OpenZeppelin/ethernaut#186 from ethereumjs/github-actions
• 8bf127f use firefox headless
• 3363b72 Merge branch 'master' into github-actions
• 5ffc8ad Merge pull request rinkeby messaging OpenZeppelin/ethernaut#185 from ryanio/fixTestUtil
• 3c1dd20 fix lint
• 3f22980 fix failing test
• 8264d53 add github actions
• f4cd11f Merge pull request Fix issue170 for solidity04 OpenZeppelin/ethernaut#173 from ethereumjs/new-release-v211
• 8880d6b Bumped version to v2.1.1, added CHANGELOG and README entry
• ad75b65 Merge pull request Fix issue170 OpenZeppelin/ethernaut#171 from ethereumjs/istanbul/eip-2028
• acce166 Merge branch 'master' into istanbul/eip-2028
• b7c782a Merge pull request Fix issue170 for solidity04 OpenZeppelin/ethernaut#172 from ethereumjs/travis-xvfb
• 0b43165 Fix travis xvfb service
• e0fe03d Add support for EIP-2028 for Istanbul
• 9a6324f Merge pull request Bump websocket-extensions from 0.1.3 to 0.1.4 OpenZeppelin/ethernaut#168 from ethereumjs/new-release-2.1.0
• c33ff1f Add pacakge-lock.json to .gitignore
• 1f61d33 Remove package-lock.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Use of Weak Hash
🦉 Regular Expression Denial of Service (ReDoS)

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
Critical	pkg:npm/truffle-deployer@3.0.32 upgrade to: > 3.0.32

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.