Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @aave/core-v3 from 1.16.2 to 1.19.3 #119

Closed

Conversation

tobistudio
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade @aave/core-v3 from 1.16.2 to 1.19.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 9 versions ahead of your current version.

  • The recommended version was released on 7 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123
479 No Known Exploit
medium severity Improper Encoding or Escaping of Output
SNYK-JS-OPENZEPPELINCONTRACTS-5838352
479 No Known Exploit
medium severity Out-of-bounds Read
SNYK-JS-OPENZEPPELINCONTRACTS-6346765
479 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
479 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
479 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5711902
479 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-OPENZEPPELINCONTRACTS-5425051
479 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
479 Proof of Concept
low severity Denial of Service (DoS)
SNYK-JS-OPENZEPPELINCONTRACTS-5425827
479 No Known Exploit
low severity Missing Authorization
SNYK-JS-OPENZEPPELINCONTRACTS-5672116
479 No Known Exploit
Release notes
Package name: @aave/core-v3
  • 1.19.3 - 2024-03-07

    1.19.3 (2024-03-07)

    Bug Fixes

  • 1.19.2 - 2024-02-27

    1.19.2 (2023-10-17)

    Bug Fixes

  • 1.19.2-beta.1 - 2024-02-28
  • 1.19.1 - 2024-02-27

    1.19.1 (2023-07-04)

    Bug Fixes

  • 1.19.0 - 2023-07-04

    1.19.0 (2023-07-04)

    Features

    • add OpenZeppelin SafeERC20 and Address dependencies (#859) (493bb4d)

    Bug Fixes

    • add natspec docs to flags of reserve configuration map (#854) (792c23e)
    • remove initial config of fee params in pool initialize function (#846) (3bb960b)
    • Soften solidity version of FlashLoanBase contracts (#861) (364a779)
  • 1.18.0 - 2023-07-04

    1.18.0 (2023-06-26)

    Features

    Bug Fixes

    • communicate correct premium in case of debt-bearing flashloan (#822) (7b2a284)
    • Fix collateral behavior of zero-ltv assets (#820) (ea48670)
    • Fix event checks in test cases (#824) (29ff9b9)
    • linting (#837) (97cb6ea)
    • Return final withdraw amount in L2Pool withdraw fn (#831) (37b4d1f)
  • 1.17.2 - 2023-02-01

    1.17.2 (2023-01-31)

    Bug Fixes

    • expose error list and types at npm package (#809) (0334bf2)
  • 1.17.1 - 2023-01-11

    1.17.1 (2023-01-10)

    Bug Fixes

  • 1.17.0 - 2022-12-28

    1.17.0 (2022-12-28)

    Features

    • add additional flashloan scenario (8888093)
    • add unit test for reserve configuration (49d0f4e)
    • bump to beta version (348ce20)
    • enable and disable flashloans (bb62572)
    • remove borrow enabled requirement (8b9221b)
    • switch bit used for flashloan enabled (748818f)
    • updated price oracle sentinel interface (0457e71)
    • updates and tests (8d12d79)

    Bug Fixes

    • Add license to L2Pool contract (#765) (56fd7ba)
    • add validation to simpleFlashLoan (bf652c2)
    • Avoid emitting events when balanceIncrease is zero (#745) (43f34c9)
    • Capitalize license name of contracts (fba69f0)
    • CEI to fix reentrancy risk with reentrant tokens (eg ERC777) (#704) (7fbdc6e)
    • check revert msg and event emission (284b492)
    • Complete interfaces of IReserveInterestRateStrategy and IPoolDataProvider (#766) (a00dda8)
    • Fix condition of full liquidation of collateral (#753) (56bcf5d)
    • Fix docs param in burnScaled (6b504d4)
    • Fix param of IAToken function (1cb9ba1)
    • Fix test of inaccuracy when liquidationProtocolFee is on (7d8b7bf)
    • Fix typo in docs (#752) (9ccb1ab)
    • Install the last package of periphery for the rewards contract update (066259a)
    • make InterestRateStrategy contract inheritable (d06f8f2)
    • make InterestRateStrategy contract inheritable (0311475)
    • Make transferOnLiq() virtual (6968062)
    • Minimize the IAaveIncentivesController with only the handleAction (a33f931)
    • modify interface versions to support all minor 0.8.x vers (9e95439)
    • Optimize logic for atoken self-transfers (6c3154e)
    • reentrancy in liquidationCall (cd508a7)
    • Reformat code (84b900c)
    • remove formatting conflicts (4c2cda0)
    • remove gitignore update (d7aa26a)
    • remove unrelated change (a5ce86a)
    • solution to fix liquidation failed case. (623730b)
    • streamline test (516e0e8)
    • typo (#717) (9666e99)
    • typos (#715) (7dd869f)
    • update comment for setReserveFlashLoaning (9d84549)
    • update deploy and periphery dependencies (078fa28)
    • update hardhat dependencies and fix test-suite error codes (#739) (a54692a)
  • 1.16.2 - 2022-09-02

    1.16.2 (2022-07-28)

    Features

    • bump ci node.js to 16 (82a11d2)
    • set to hardhat 2.10.0 and ethers to 5.6.9 (9b50898)

    Bug Fixes

    • dependencies (f844a45)
    • load market test data correctly, fix atoken/debt token names (72d1264)
    • remove npm ci cache, bump gas reporter to fixed version 1.0.8 set ethers to fixed version 5.6.1 (bbb2dfd)
    • upgrade periphery and deploy library to latest version (902b48a)
    • use ethers 5.5.3 to prevent different @ ethersproject/bignumber version (5411930)

    Miscellaneous Chores

from @aave/core-v3 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @aave/core-v3 from 1.16.2 to 1.19.3.

See this package in npm:
@aave/core-v3

See this project in Snyk:
https://app.snyk.io/org/dawnsee0823/project/a7063ebf-eb1f-4a43-a397-68540aab5222?utm_source=github&utm_medium=referral&page=upgrade-pr
@tobistudio tobistudio closed this Oct 2, 2024
@tobistudio tobistudio deleted the snyk-upgrade-62f5d8a79f56926fc49b2565da4a2ff8 branch October 2, 2024 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants