[Snyk] Upgrade web3 from 1.10.4 to 4.16.0 #754

Dargon789 · 2025-06-20T12:33:09Z

Snyk has created this PR to upgrade web3 from 1.10.4 to 4.16.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 386 versions ahead of your current version.
The recommended version was released 7 months ago.

Release notes

Package name: web3

4.16.0 - 2024-12-03
What's Changed
- fix: correctly close ws connection in web3-eth-contract integration tests by @ krzysu in #7338
- fix: export Web3Account, Wallet and signature related types by @ krzysu in #7374
- fix: CI workflow cache issues by @ krzysu in #7384
- fix: return type of sendTransaction in docs by @ krzysu in #7386
- chore: update CI actions by @ krzysu in #7385
- Bump express from 4.19.2 to 4.21.1 in /docs by @ dependabot in #7388
- Bump ws from 7.4.6 to 8.18.0 by @ dependabot in #7171
- Bump micromatch from 4.0.7 to 4.0.8 in /docs by @ dependabot in #7225
- [Snyk] Upgrade prism-react-renderer from 2.3.1 to 2.4.0 by @ Muhammad-Altabba in #7367
- Bump express from 4.18.1 to 4.20.0 by @ dependabot in #7258
- chore: update deps to fix vulnerabilities by @ krzysu in #7389
- chore: fix 0 kwei bug by @ whitemoshui in #7387
- [Snyk] Upgrade docusaurus-lunr-search from 3.4.0 to 3.5.0 by @ Muhammad-Altabba in #7396
- Bump cross-spawn from 7.0.3 to 7.0.6 in /docs by @ dependabot in #7399
- [Snyk] Upgrade @ mdx-js/react from 3.0.1 to 3.1.0 by @ Muhammad-Altabba in #7395
- fix: remove force exit from blackbox tests by @ krzysu in #7397
- Replaces #7390, #7391, & #7400 by @ danforbes in #7401
- [Snyk] Upgrade @ cookbookdev/docsbot from 4.24.0 to 4.24.4 by @ avkos in #7403
- chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @ dependabot in #7404
- update typescript version to 5 by @ Muhammad-Altabba in #7272
- chore(deps-dev): bump http-proxy-middleware from 2.0.6 to 2.0.7 by @ dependabot in #7407
4.15.1-dev.e79ace2.0 - 2024-11-19
4.15.1-dev.bde1316.0 - 2024-11-14
4.15.1-dev.b3ee417.0 - 2024-12-03
4.15.1-dev.acdb0c7.0 - 2024-12-03
4.15.1-dev.9aab5cd.0 - 2024-11-14
4.15.1-dev.984cb7c.0 - 2024-11-22
4.15.1-dev.926044b.0 - 2024-11-26
4.15.1-dev.8c55cb0.0 - 2024-11-14
4.15.1-dev.7a8df69.0 - 2024-11-25
4.15.1-dev.7109fb2.0 - 2024-11-21
4.15.1-dev.6af068f.0 - 2024-11-13
4.15.1-dev.6ad1ca9.0 - 2024-11-14
4.15.1-dev.6379aa8.0 - 2024-11-19
4.15.1-dev.6229f4d.0 - 2024-11-19
4.15.1-dev.5eeb2d6.0 - 2024-11-19
4.15.1-dev.56d4aec.0 - 2024-11-19
4.15.1-dev.5437fbc.0 - 2024-11-19
4.15.1-dev.4c55d98.0 - 2024-11-21
4.15.1-dev.471c12b.0 - 2024-11-14
4.15.1-dev.3b122a2.0 - 2024-11-21
4.15.1-dev.1b367e6.0 - 2024-11-14
4.15.1-dev.1724f35.0 - 2024-11-11
4.15.1-dev.0cbc23d.0 - 2024-11-21
4.15.1-dev.098ee6d.0 - 2024-11-06
4.15.1-dev.0915cf4.0 - 2024-11-13
4.15.1-dev.079c558.0 - 2024-11-19
4.15.1-dev.2011192.0 - 2024-11-13
4.15.0 - 2024-11-06
What's Changed
- Intermediate dApp Guide by @ danforbes in #7334
- fix: ensure contractInstance.subscriptionManager.subscribe is not throwing by @ Muhammad-Altabba in #7327
- 7202 account abstraction by @ jdevcs in #7311
- make decodeFunctionCall and decodeFunctionReturn available at web3-eth-abi by @ Muhammad-Altabba in #7345
- Add rpc provider public node by @ avkos in #7322
- Update Intermediate dApp Guide by @ danforbes in #7349
- CODEOWNERS update by @ jdevcs in #7350
- Fix Contract methods input param type any[] by @ avkos in #7340
- [Snyk] Upgrade @ cookbookdev/docsbot from 4.21.1 to 4.21.23 by @ Muhammad-Altabba in #7357
- allowing to specify percentage-based factors (like 1.125 for 112.5%) by @ TemirlanBasitov in #7332
- Fix Link to SocketConstructorOpts Type by @ danforbes in #7363
- [Snyk] Upgrade @ docusaurus/core from 3.4.0 to 3.5.2 by @ Muhammad-Altabba in #7365
- Add accout.signRaw function to sign a message without prefix by @ blackmoshui in #7346
- Lightweight dApp Development Guide by @ danforbes in #7364
- newPendingTransactionFilter by @ jdevcs in #7353
- Bump http-proxy-middleware from 2.0.6 to 2.0.7 in /docs by @ dependabot in #7356
New Contributors
- @ TemirlanBasitov made their first contribution in #7332
- @ blackmoshui made their first contribution in #7346
Full Changelog: v4.5.0...v4.15.0
4.14.1-dev.fab66e9.0 - 2024-10-21
4.14.1-dev.efac906.0 - 2024-10-28
4.14.1-dev.ed85cce.0 - 2024-10-21
4.14.1-dev.d446838.0 - 2024-11-04
4.14.1-dev.d3baae6.0 - 2024-10-24
4.14.1-dev.9fa32c9.0 - 2024-11-05
4.14.1-dev.95b4bab.0 - 2024-10-30
4.14.1-dev.70352cd.0 - 2024-10-23
4.14.1-dev.69d83e7.0 - 2024-10-30
4.14.1-dev.4ca66af.0 - 2024-10-23
4.14.1-dev.4aaf915.0 - 2024-11-04
4.14.1-dev.376f192.0 - 2024-10-21
4.14.1-dev.331aa9c.0 - 2024-10-22
4.14.1-dev.07993c2.0 - 2024-11-05
4.14.1-dev.0681f97.0 - 2024-10-24
4.14.1-dev.3687070.0 - 2024-10-22
4.14.1-dev.3283431.0 - 2024-10-31
4.14.0 - 2024-10-21
What's Changed
- Fix CHANGELOG for PR 7239 by @ danforbes in #7271
- Fix Typos in Docs by @ danforbes in #7283
- Revert CHANGELOG Changes from #7271 by @ danforbes in #7274
- Add Note About create-hardhat-web3 to Hardhat Guide by @ danforbes in #7281
- fix padRight validation failure on large uint by @ Muhammad-Altabba in #7265
- Ok/6984 update e2e network tests by @ avkos in #7276
- feat: make getEthereumjsTxDataFromTransaction not trim extra fields by @ nicolasbrugneaux in #7282
- 7136 decodeparams update by @ jdevcs in #7288
- Update FUNDING.json by @ Redoudou in #7304
- Fix e2e test error "project ID request rate exceeded" by @ avkos in #7290
- fix: correct type and documentation for baseFeePerGas at web3.eth.getFeeHistory by @ Muhammad-Altabba in #7291
- Restructure Docs by @ danforbes in #7298
- Add Support for Nethermind and Besu 'syncing' Subscription Payload Format by @ chebykin in #7306
- Fix Typos by @ danforbes in #7310
- Export EIP-6963 Types by @ danforbes in #7270
- Add Gas Estimation Guide by @ danforbes in #7319
- add migration websocket doc changes by @ luu-alex in #7318
- add ignoregaspricing config by @ luu-alex in #7320
New Contributors
- @ Redoudou made their first contribution in #7304
- @ chebykin made their first contribution in #7306
Full Changelog: v4.13.0...v4.14.0
4.13.1-dev.facc2e6.0 - 2024-10-08
4.13.1-dev.f701406.0 - 2024-10-09
4.13.1-dev.dcd9d6a.0 - 2024-10-02
4.13.1-dev.d6baee6.0 - 2024-09-23
4.13.1-dev.d45b712.0 - 2024-09-24
4.13.1-dev.cc99825.0 - 2024-09-26
4.13.1-dev.c602fc6.0 - 2024-09-24
4.13.1-dev.bbde6ea.0 - 2024-10-11
4.13.1-dev.adf483f.0 - 2024-10-04
4.13.1-dev.aa471e7.0 - 2024-09-24
4.13.1-dev.9edb183.0 - 2024-10-07
4.13.1-dev.822f8c1.0 - 2024-10-16
4.13.1-dev.7c207b8.0 - 2024-10-05
4.13.1-dev.76c468a.0 - 2024-10-04
4.13.1-dev.7008e5c.0 - 2024-10-15
4.13.1-dev.6f9a485.0 - 2024-09-19
4.13.1-dev.69187c5.0 - 2024-10-16
4.13.1-dev.61babcc.0 - 2024-09-24
4.13.1-dev.5a7e302.0 - 2024-09-18
4.13.1-dev.496ed93.0 - 2024-10-07
4.13.1-dev.32c8cc8.0 - 2024-09-26
4.13.1-dev.04da324.0 - 2024-09-26
4.13.0 - 2024-09-18
What's Changed
- unit tests update by @ jdevcs in #7221
- Handle common cases for smart contract errors according to EIP 838 by @ Muhammad-Altabba in #7155
- feat(docs): upgrade-bn by @ danforbes in #7232
- feat(requestEIP6963Providers): return-type by @ danforbes in #7239
- feat(docs): extend by @ danforbes in #7233
- fix(onNewProviderDiscovered): callback-parameter by @ danforbes in #7242
- Format repo, add new rules by @ luu-alex in #7226
- Document Formatting by @ danforbes in #7222
- feat: add custom transaction schema to formatTransaction by @ nicolasbrugneaux in #7227
New Contributors
- @ nicolasbrugneaux made their first contribution in #7227
4.12.2-dev.f351e00.0 - 2024-08-23
4.12.2-dev.b86d8ca.0 - 2024-09-09
4.12.2-dev.b3cb1b7.0 - 2024-09-13
4.12.2-dev.a21078b.0 - 2024-09-17
4.12.2-dev.9b32205.0 - 2024-08-28
4.12.2-dev.973ee80.0 - 2024-09-09
4.12.2-dev.7a6e492.0 - 2024-09-05
4.12.2-dev.75df267.0 - 2024-09-09
4.12.2-dev.2f24244.0 - 2024-09-09
4.12.2-dev.27155ea.0 - 2024-09-09
4.12.1 - 2024-08-23
Hot fix

[4.12.1]

Fixed

web3-eth-accounts
- Revert TransactionFactory.registerTransactionType if there is a version mistatch between web3-eth and web3-eth-accounts and fix nextjs problem. (#7216)
What's Changed
- fix yml by @ avkos in #6803
4.12.1-dev.e746566.0 - 2024-08-22
4.12.1-dev.0b75589.0 - 2024-08-23
4.12.0 - 2024-08-22
[4.12.0]

Fixed

web3-core
- setConfig() fix for setMaxListenerWarningThreshold fix (#5079)
web3-eth-accounts
- Fix TransactionFactory.registerTransactionType not working, if there is a version mistatch between web3-eth and web3-eth-accounts by saving extraTxTypes at globals. (#7197)
Added

web3-eth-accounts
- Added public function signMessageWithPrivateKey (#7174)
web3-eth-contract
- Added populateTransaction to the contract.deploy(...) properties. (#7197)
web3-providers-http
- Added statusCode of response in ResponseError, statusCode is optional property in ResponseError.
web3-rpc-providers
- Updated rate limit error of QuickNode provider for HTTP transport
- Added optional HttpProviderOptions | SocketOptions in Web3ExternalProvider and QuickNodeProvider for provider configs
web3-errors
- Added optional statusCode property of response in ResponseError.
Changed

web3-eth-contract
- The returnred properties of contract.deploy(...) are structured with a newly created class named DeployerMethodClass. (#7197)
- Add a missed accepted type for the abi parameter, at dataInputEncodeMethodHelper and getSendTxParams. (#7197)
What's Changed
- Cookbook integration branch by @ SantiagoDevRel in #7178
- feat(glossary): updated glossary by @ EmmanuelOluwafemi in #7168
- fix infura tests and secrets by @ luu-alex in #7163
- Zk sync plugin related changes by @ avkos in #7174
- 4x tests updates by @ jdevcs in #7162
- feat(docs): Expand web3 config guide by @ mmyyrroonn in #7131
- Fix 7055 one of with scalar value and string by @ mmyyrroonn in #7173
- Quicknode provider update by @ jdevcs in #7195
- Web3 RPC Providers support of configuration of selected transport by @ jdevcs in #7205
- Refactor some parts of contract and accounts packages by Summary by Sourcery
  Enhancements:
  - Bump web3 dependency from beta v1 to ^4.16.0 in packages/hardhat-truffle5/package.json

Snyk has created this PR to upgrade web3 from 1.10.4 to 4.16.0. See this package in npm: web3 See this project in Snyk: https://app.snyk.io/org/dargon789/project/2c91b4d5-8055-4239-a4a4-26da9ab76b7c?utm_source=github&utm_medium=referral&page=upgrade-pr

vercel · 2025-06-20T12:33:11Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
hardhat-project-uz7z	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 28, 2025 9:22pm

codesandbox · 2025-06-20T12:33:12Z

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

sourcery-ai · 2025-06-20T12:33:14Z

Reviewer's Guide

This PR upgrades the Web3 dependency in the Hardhat Truffle5 integration from v1.x to the latest v4.16.0 to keep dependencies current and align with the Snyk recommendation.

File-Level Changes

Change	Details	Files
Bump Web3 version	Update web3 entry in devDependencies from ^1.0.0-beta.36 to ^4.16.0	`packages/hardhat-truffle5/package.json`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

socket-security · 2025-06-20T12:33:51Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	hardhat-gas-reporter@1.0.10
	hardhat@2.22.19

View full report

github-actions · 2025-06-20T12:34:42Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/web3	^4.16.0	Unknown	Unknown

Scanned Files

packages/hardhat-truffle5/package.json

vercel bot temporarily deployed to Preview June 20, 2025 14:04 Inactive

Merge branch 'main' into snyk-upgrade-5a1db2ea354f135096d17e4b2201ff7a

2bf54ee

vercel bot temporarily deployed to Preview June 28, 2025 21:22 Inactive

Dargon789 merged commit ab057ac into main Jun 28, 2025
17 of 23 checks passed

Dargon789 deleted the snyk-upgrade-5a1db2ea354f135096d17e4b2201ff7a branch June 28, 2025 21:28

github-actions bot locked as resolved and limited conversation to collaborators Sep 27, 2025

[Snyk] Upgrade web3 from 1.10.4 to 4.16.0 #754

[Snyk] Upgrade web3 from 1.10.4 to 4.16.0 #754

Uh oh!

Conversation

Dargon789 commented Jun 20, 2025 • edited by sourcery-ai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Snyk has created this PR to upgrade web3 from 1.10.4 to 4.16.0.

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

[4.12.1]

Fixed

web3-eth-accounts

What's Changed

[4.12.0]

Fixed

web3-core

web3-eth-accounts

Added

web3-eth-accounts

web3-eth-contract

web3-providers-http

web3-rpc-providers

web3-errors

Changed

web3-eth-contract

What's Changed

Uh oh!

vercel bot commented Jun 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codesandbox bot commented Jun 20, 2025

Review or Edit in CodeSandbox

Uh oh!

sourcery-ai bot commented Jun 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviewer's Guide

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

socket-security bot commented Jun 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jun 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Dargon789 commented Jun 20, 2025 •

edited by sourcery-ai bot

Loading

vercel bot commented Jun 20, 2025 •

edited

Loading

sourcery-ai bot commented Jun 20, 2025 •

edited

Loading

socket-security bot commented Jun 20, 2025 •

edited

Loading

github-actions bot commented Jun 20, 2025 •

edited

Loading