[Snyk] Security upgrade @truffle/hdwallet-provider from 1.7.0 to 2.1.15

[zpsaras7]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/hdwallet-provider

The new version differs by 250 commits.

• 033fc64 Publish
• 8c81e30 Merge pull request #6187 from trufflesuite/decapitate
• 7591024 Remove gitHead field that snuck its way in
• 4c80841 Merge pull request #6180 from legobeat/node-version
• 25f02d2 Merge pull request #6185 from legobeat/devdeps-dedupe-babel
• d235365 Merge pull request #6186 from legobeat/ci-node-20.5
• 48a2052 chore: yarn dedupe @ babel/ packages
• d355b79 chore(ci): pin node 20 to 20.5 due to regression in 20.6
• d0d0c89 Merge pull request #6178 from legobeat/achrinza-node-ipc
• a9d543f Merge pull request #6177 from legobeat/deps-semver
• 1c79efe chore(deps): unpin semver
• 5ae76e9 deps(codec-components): bump @ microsoft/api-extractor to fix semver CVE
• cb8bf8b yarn dedupe browserslist@^4.x
• a830ff5 deps: dedupe core-js-compat to remove [email protected]
• c31707c update yarn.lock
• b349c1c deps: semver@^7.5.2->^7.5.4
• 53fcef0 update yarn.lock
• 005ebb9 deps: [email protected]>7.5.4
• 4ff7c58 update yarn.lock
• cfde067 devDeps(spinners): remove unused @ types/semver
• 6af2e11 devDeps: @ types/semver->7.5.1
• b1810cc deps: [email protected]>7.5.4
• b7bc4c1 deps(core): [email protected]>7.5.4
• 9c581ec compile-solidity: type-assertion due to incompletely typed @ types/semver

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[openzeppelin-code]

[Snyk] Security upgrade @truffle/hdwallet-provider from 1.7.0 to 2.1.15

Generated at commit: 304b6add1bfbb44544fd435f190ab7efbf2248cf

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	1 0 0 4 18 23
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector