[Snyk] Fix for 8 vulnerabilities

[rmourey26]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @web3-react/authereum-connector

The new version differs by 28 commits.

• 6737868 v6.2.0
• 0393a87 pre-release tweaks
• 67dd9a7 Update WalletLink to 2.1.0 (#189)
• 675ee0a Bump ssri from 6.0.1 to 6.0.2 (#190)
• b752b40 Allow to use wallet connect with any network (#185)
• 5e46bf5 Update the authereum package version to ^0.1.14 (#172)
• 3cbc355 Add EthBlockArt to list of projects (#181)
• 74acfef Bump y18n from 3.2.1 to 3.2.2 in /example (#178)
• b97bd23 Fix link to top-level README (#168)
• d0b038c Add Eth2 Launchpad to projects (#166)
• fe26e67 v6.1.9
• 2f539fd bump example
• 6b67b5c upgrade children
• 780b670 yarn upgrade
• d8633c1 Remove å (#132)
• e72b627 Bump ini from 1.3.5 to 1.3.8 in /example (#142)
• 8866867 Bump ini from 1.3.5 to 1.3.8 (#156)
• 4feaa46 Add Aave to projects using web3-react (#161)
• cfb2b63 update walletconnect provider version (#164)
• 3a4fbf5 Adds lattice-connector to README and example app (#157)
• 0e19f7f v6.1.8
• 29fd4a7 update yarn.lock
• a034294 Adds `lattice-connector` module, which is used with the GridPlus Lattice hardware wallet (#135)
• 7390390 rotate infura key

See the full diff

Package name: @web3-react/squarelink-connector

The new version differs by 18 commits.

• fe26e67 v6.1.9
• 2f539fd bump example
• 6b67b5c upgrade children
• 780b670 yarn upgrade
• d8633c1 Remove å (#132)
• e72b627 Bump ini from 1.3.5 to 1.3.8 in /example (#142)
• 8866867 Bump ini from 1.3.5 to 1.3.8 (#156)
• 4feaa46 Add Aave to projects using web3-react (#161)
• cfb2b63 update walletconnect provider version (#164)
• 3a4fbf5 Adds lattice-connector to README and example app (#157)
• 0e19f7f v6.1.8
• 29fd4a7 update yarn.lock
• a034294 Adds `lattice-connector` module, which is used with the GridPlus Lattice hardware wallet (#135)
• 7390390 rotate infura key
• bb39007 v6.1.7
• f57dbcb Missing package breaking example project (#118)
• 883160f Add Union & Async as projects for web3-react (#120)
• 73065af Deactivate behavior change for torus connector (#122)

See the full diff

Package name: web3

The new version differs by 250 commits.

• 5b5bf87 changelog updates
• 45d55c3 version update
• 4358140 Release/4.0.1 rc.2 (#6152)
• cdc2835 fix canary auth (#6151)
• 55a4de1 add util polyfill (#6150)
• 45edf3d Canary releases (#6143)
• 01ce365 Proposal for rearranging docs (#6141)
• 86082bc skip '### Breaking Changes' section from unreleasedSection array (#6138)
• d60c285 Fix plugin example tests with `4.0.1-rc.1` (#6134)
• 88ac791 Correct and enhance documentation for subscribing to events (#6129)
• daaaff7 Autotype for contract methods (#6137)
• ab80131 support ESM builds (#6131)
• 6202d1e min build whitelisting (#6132)
• 7a924db migration guide update (#6130)
• 4f423fc Fix validation of nested tuples (#6125)
• 408332d fix!: remove non read-only ens methods (#6084)
• 8c5ea34 Providers Tutorial (#6095)
• f2abd6a Eth turorial (#6120)
• 210455a transaction integration tests (#6071)
• fe959a1 Contract options fix (#6118)
• bf1311f update docs so web is imported by default (#6112)
• 3b95b5e fix estimateGas to accept hex data without 0x prefix (#6103)
• 8c3a17b Add a tutorial for smart contract basic interaction (#6089)
• edc7a84 `defaultTransactionTypeParser` Refactor (#6102)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)