[Snyk] Fix for 1 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • web3.js/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mockttp

The new version differs by 112 commits.

• 7ef9365 3.4.0
• 7b5d0c4 Omit invalid upstream response headers during proxying
• cfce946 Allow providing a CA in proxy config, to configure HTTPS proxy CA trust
• 1c816a0 Fix bug where including auth params in a proxy URL broke all connections
• fe308ab More clearly abort refused connections downstream
• 8fad51a Add JSON-RPC matcher & handler methods
• 9b3cca6 Relicense as Apache-2.0 for consistency with other projects
• 04c5320 Correctly use regex flags in regex path matching
• a1d9231 Update parse-multipart-data to avoid sourcemap warning & assorted bugs
• fa5bd2b 3.3.1
• ae41416 Share 'no fail on server issues' logic from JA3 tests with lintcert tests
• bc1c129 Update user agent in TLS JA3 test
• dace568 Don't replace body when using matchReplaceBody if there were no matches
• 3fe388c Automatically handle invalid _ DNS via wildcards for TLS certs
• c1f7cd3 Make JA3 test stable despite test server fragility
• 8ca1cd7 Pin portfinder dep to avoid recent TS breakage
• 2d75a34 3.3.0
• 332085f Stop forwarding the proxy-connection header, to avoid traffic blocking
• f7c6dc9 Run CI against the new server preferred Node.js version
• 118189c Improve TLS fingerprint behaviour for upstream connections
• 909c2a9 3.2.3
• 8ce44c0 Include the session id in mock-session-{started,stopped} events
• a1e2404 3.2.2
• 19bfe71 Fix bug in MockttpClient admin client lifecycle event subscriptions

See the full diff

Package name: semantic-release

The new version differs by 238 commits.

• 11788ed Merge pull request Remove tick counting from broadcast service solana-labs/solana#2934 from semantic-release/beta
• b93bef4 feat(node-versions): raised the minimum supported node version w/in the v20 range to v20.6.1
• 6604153 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• e623cc6 feat(node-versions): raised the minimum node v20 requirement to v20.6
• 42f7b82 chore(deps): update dependency testdouble to v3.19.0 (Squash test to test parent bank after squash solana-labs/solana#2961)
• 1017e1a fix(deps): update dependency aggregate-error to v5 (Update the RPC bank on fullnode rotation solana-labs/solana#2956)
• a23b718 fix(deps): upgraded to the latest version of the npm plugin with npm v10
• fb850ff Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• b9f294d feat(node-versions): raised the minimum required node version to v18.17 and dropped v19 support
• 03a687b fix(deps): updated to the latest beta of the commit analyzer plugin
• 86a639d ci(action): update github/codeql-action action to v2.21.7 (Make stake sorting more deterministic for data plane solana-labs/solana#2958)
• da56201 chore(deps): update dependency sinon to v16 (Fix flaky gossip weighted tests solana-labs/solana#2954)
• 89d51e7 ci(action): update github/codeql-action action to v2.21.6 (pull leader_scheduler out of process_entries() solana-labs/solana#2953)
• de8e4e0 fix(deps): updated to the latest betas of the commit-analyzer and release-notes-generator plugins
• 0fd3bb8 chore(deps): lock file maintenance (Fix leader scheduling in replay stage solana-labs/solana#2948)
• c39513f ci(action): update actions/upload-artifact action to v3.1.3 (merge_parents() => squash() solana-labs/solana#2943)
• 6a5d961 docs(plugins): add @ terrestris/maven-semantic-release (Only install rust-bpf if rust-bpf version changes solana-labs/solana#2939)
• 19c0965 ci(action): update actions/checkout action to v4 (Avoid possible simplified lowering of passed struct solana-labs/solana#2938)
• 32a2480 chore(deps): lock file maintenance (Pull BPF enabled rustc and sysroot into SDK solana-labs/solana#2936)
• 72ab317 feat: defined exports for the package
• 07a79ea feat(conventional-changelog-presets): supported new preset format
• 0d92579 chore(deps): update dependency prettier to v3.0.3 (Bank's don't know their id, don't freeze() their parents, or freeze() on merge, which is necessary for #2884 solana-labs/solana#2930)
• cb6613e ci(action): update github/codeql-action action to v2.21.5 (Blocktree now only loads complete blocks (err, slots) solana-labs/solana#2928)
• 9e10e44 chore(deps): lock file maintenance (Persistent accounts solana-labs/solana#2923)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.