[Snyk] Upgrade @solidity-parser/parser from 0.13.2 to 0.18.0 #16

satoshinakamoto007 · 2024-05-07T14:39:40Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @solidity-parser/parser from 0.13.2 to 0.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 16 versions ahead of your current version.
The recommended version was released 4 months ago, on 2024-01-17.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @solidity-parser/parser

0.18.0 - 2024-01-17
This version adds 2 new features.
- Parser function now has an option to return comments as part of the parsed result. (#105)
- We now export umd instead of iife format for browser compatibility. (#106)
0.17.0 - 2023-12-21
This version changes the associativity of the exponentiation and ternary operators. In most cases this shouldn't affect anyone, but it's technically a breaking change.
- Using the official typescript target for antlr4. (#103)
- Exponentiation is now right associative. a ** (b ** c) (#99)
- Conditional expression is now right associative. a ? (b ? c : d) : (e ? f : g) (#99)
0.16.2 - 2023-11-08
This version adds support for top-level event definitions, a feature introduced in solc v0.8.22.
0.16.1 - 2023-07-12
This version fixes a bug where variables named global couldn't be parsed (thanks @ arjun-io!)
0.16.0 - 2023-02-27
This version adds support for user-defined operators.

The UsingForDeclaration node now has a new operators property. This is an array with the same length as the functions array. Each item is either a string or null: if an operator is defined, then the string is the operator; if an operator is not defined, the item is null.

For example, using { add as +, sub } for Fixed18 global will result in this node:
```
{
  "type": "UsingForDeclaration",
  "isGlobal": true,
  "typeName": {
    "type": "UserDefinedTypeName",
    "namePath": "Fixed18"
  },
  "libraryName": null,
  "functions": ["add", "sub"],
  "operators": ["+", null]
}
```
0.15.0 - 2023-02-01
This release adds support for named parameters in mapping types, introduced in solc 0.8.18.
0.14.5 - 2022-10-25
This release:
- Fixes assembly assignment to multiple variables (thanks @ potomak!)
- Adds support for boolean literals in assembly (thanks @ tim-becker!)
0.14.4 - 2022-10-25
Add support for using address as a property.
0.14.3 - 2022-07-11
0.14.3
0.14.2 - 2022-06-16
0.14.2-beta.1 - 2022-05-20
0.14.2-beta.0 - 2022-05-20
0.14.1 - 2022-02-10
0.14.0 - 2021-10-19
This release adds support for user defined value types. Thanks to @ 0xbribe for the initial work on this!
0.13.3-rc.1 - 2021-06-02
0.13.3-rc.0 - 2021-06-02
0.13.2 - 2021-05-29

from @solidity-parser/parser GitHub release notes

Commit messages

Package name: @solidity-parser/parser

05d78c0 Update changelog
30f6afb 0.18.0
ca17e79 update CHANGELOG.md
ae36c9b Merge pull request Quick bugfix for Compiler Version replacement - remove space naddison36/sol2uml#106 from solidity-parser/umd
34736cc Update scripts/build-browser.js
74e4ab6 Merge branch 'master' into umd
538013b Merge pull request Fix typos in readme naddison36/sol2uml#107 from solidity-parser/updating-dependencies
883c502 updating prettier, since `[email protected]`, `tsconfig.json` is formatted using `jsonc`
09fab6c updating dependencies and fixing the lint
7322b55 Based on the output of webpack's umd2 I created a minimal implementation for umd
63b13dd Merge pull request feat: flatten sets pragma solidity from the compiler version of the verified contract. naddison36/sol2uml#105 from solidity-parser/comments
0004405 Update src/ast-types.ts
95bcea2 Update src/tokens.ts
7f1b564 adding change to the changelog
9a15c2e updating dependencies
54896e2 If requested, the parser will populate the comments as well
f2da1c8 Merge pull request feature request: have flatten utilize the Compiler Version from etherscan-like sites naddison36/sol2uml#104 from solidity-parser/unknown-binary-operators
65827e3 I'm not aware of these operators and they don't appear in the grammar either
bb79aae Bump to 0.17.0
d4c6a86 Merge pull request Fix broken dependencies when import in file has no other classes naddison36/sol2uml#103 from solidity-parser/ditching_antlr4ts
54116a8 reversing for now the update on esbuild since there was a bug in the build on prettier-plugin-solidity
cda844f removing `antlr.sh` and reawaken the `CHANGELOG.md`
70bf40a removing unneeded package
7e59274 adding browserlist to add only the polyfills actually needed