[Snyk] Fix for 14 vulnerabilities

[Laurry-gee]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	Yes	Proof of Concept
	776/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.1	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	Yes	Proof of Concept
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	524/1000 Why? Has a fix available, CVSS 6.2	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Restriction of Operations within the Bounds of a Memory Buffer SNYK-JS-SOLANAWEB3JS-6647564	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-WS-7266574	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @metamask/eth-sig-util

The new version differs by 13 commits.

• f62368d 5.0.1 (Rename package.json to kongckage.json trustwallet/trust-web3-provider#279)
• e66882f Update README (Update eth-sig-util to latest trustwallet/trust-web3-provider#277)
• 74e5572 Update GitHub actions to latest from module template (### Describe the bug trustwallet/trust-web3-provider#276)
• d1f01ba update tests with additional tests and snapshots using v4 (No token files found. If you try to add/modify a token, check the name and location of your files! Logo file must be named exactly 'logo.png'. If you are not adding a token, ignore this message. trustwallet/trust-web3-provider#274)
• 68aac96 fix bytes encoding (iOS signTransaction trustwallet/trust-web3-provider#271)
• 8a47065 README cleanup (Check result is null trustwallet/trust-web3-provider#272)
• 17ca412 5.0.0 (ERC trustwallet/trust-web3-provider#268)
• 5e2039e bump @ ethereumjs/util from 8.0.0-beta to 8.0.0 (ERC trustwallet/trust-web3-provider#267)
• 97e211c Migrate to Yarn 3 (Dna trustwallet/trust-web3-provider#264)
• 9f01c9d Replace heavy crypto packages for lighter noble implementations via upgrading `ethereumjs-util` to latest (now called `@ ethereumjs/util`) (Nice good trustwallet/trust-web3-provider#260)
• e33457f Bump Node to v14 (Transfer failed trustwallet/trust-web3-provider#263)
• e293ea9 Update to latest `typedoc` version (Bump minimist from 1.2.5 to 1.2.6 in /src trustwallet/trust-web3-provider#249)
• cde38f7 Fix lint rules for tests (Trustwallet  trustwallet/trust-web3-provider#245)

See the full diff

Package name: @solana/web3.js

The new version differs by 250 commits.

• 8ea5794 fix: apply default `memcmp` encoding (`base58`) when not supplied (#2945)
• 98d6c6e chore: bump vite from 5.3.3 to 5.3.4 (#2949)
• a84a003 chore: bump eslint-config-turbo from 2.0.6 to 2.0.7 (#2948)
• 3c4123b chore: bump turbo from 2.0.6 to 2.0.7 (#2947)
• 153ae50 chore: re-enable legacy web3.js tests
• 5a1473c chore: bump @ babel/core from 7.24.8 to 7.24.9 (#2942)
• 3b0e04a chore: bump mockttp from 3.14.0 to 3.15.0 (#2943)
• 41881b2 chore: bump prettier from 3.3.1 to 3.3.3 (#2940)
• f9f8865 chore: bump @ types/ws from 8.5.10 to 8.5.11 (#2939)
• 682aa9c Use fewer than all of the processors when running Turborepo (#2938)
• c1c2172 Added Sign In With Solana to the example app (#2929)
• 91dd416 chore: bump @ babel/core from 7.24.7 to 7.24.8 (#2935)
• bac3747 A `useSignIn()` hook for accessing the Sign In With Solana feature (#2928)
• efca992 chore: bump @ babel/preset-env from 7.24.7 to 7.24.8 (#2936)
• e7b3dac chore: bump @ babel/runtime from 7.24.7 to 7.24.8 (#2937)
• eedcf33 Prevent the balance component's Suspense fallback from, itself, suspending (#2934)
• e9372c8 chore: bump mockttp from 3.13.0 to 3.14.0 (#2932)
• 05a6741 chore: bump typedoc from 0.26.3 to 0.26.4 (#2930)
• 3fc6bb5 Reset errors when changing account/chain (#2923)
• 643de08 chore: bump eslint-plugin-react-refresh from 0.4.7 to 0.4.8 (#2931)
• 190a5de chore: bump rimraf from 5.0.8 to 6.0.1 (#2927)
• 98f0c2d chore: bump jayson from 4.1.0 to 4.1.1 (#2925)
• 54248ec chore: bump rollup from 4.18.0 to 4.18.1 (#2926)
• 548ba65 Bust Turborepo cache when the test validator version changes (#2911)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about `name` field in flat config (#18252)
• 1765c24 docs: add Troubleshooting page (#18181)
• e80b60c chore: remove code for testing version selectors (#18266)
• 96607d0 docs: version selectors synchronization (#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235)
• a129acb fix: flat config name on ignores object (#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
• 12f5746 docs: add info about dot files and dir in flat config (#18239)
• b93f408 docs: update shared settings example (#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
• 7747097 docs: Update PR review process (#18233)

See the full diff

Package name: jest

The new version differs by 250 commits.

• fb7d95c v29.6.3
• b657415 chore: update changelog for release
• d9710a1 chore: add `invariant` and `notEmpty` to `jest-util` (#14366)
• 58e8491 fix: isolate esm async import bug (#14397)
• 8426b5d Marks Reporter's hooks as optional (#14433)
• 085f063 Revert breaking changes to mocks (restoreAllMocks, spy changes) since 29.3.0 (#14429)
• eb61702 Archive docs versions 29.3 and below (#14425)
• 9c8fdbb fix: symbol key could not be enum (#14414)
• a5cdc86 fix(deps): update dependency clsx to v2 (#14364)
• a515a16 fix(jest-core): don't use workers in watch mode if runInBand specified (#14085)
• dde57f7 docs: incorrect specification to the method jest.replaceProperty (#14388)
• 0cbe04d fix(expect): remove @ types/node from dependencies (#14385)
• 49bacb9 chore: update jest repo organisation in urls (#14413)
• 25a8785 fix: update `istanbul-lib-instrument` to v6 (#14401)
• 0fd5b1c v29.6.2
• 77fb774 chore: update changelog for release
• 821ae6e chore: roll 29.6 version of docs
• 2092927 fix: Error if `prettier@3` is used for inline snapshots (#14367)
• e7d991c Fix runGlobalHook error when message is unwritable (#14113)
• 23cc165 chore: upgrade react-native in example (#14361)
• 86d41cf chore: update babel deps (#14359)
• e9125e3 chore: refresh lockfile (#14356)
• 8f519f4 chore: update api-extractor for new semver version
• bb45768 chore: refresh lockfiles of integration tests (#14355)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption
🦉 Prototype Pollution