[Snyk] Upgrade web3-provider-engine from 15.0.0 to 15.0.12

[knanjukutty-polymath]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade web3-provider-engine from 15.0.0 to 15.0.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released 4 years ago, on 2020-05-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1023, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: web3-provider-engine

• 15.0.12 - 2020-05-28
• 15.0.11 - 2020-05-28
• 15.0.10 - 2020-05-28
• 15.0.9 - 2020-05-26
• 15.0.8 - 2020-05-26
• 15.0.7 - 2020-04-15
  
  • Support eth_signedTypedData v3 & v4
  • Use yarn
• 15.0.6 - 2020-02-24
• 15.0.5 - 2020-02-24
• 15.0.4 - 2019-10-29
• 15.0.3 - 2019-08-20
• 15.0.2 - 2019-08-20
• 15.0.1 - 2019-08-20
• 15.0.0 - 2019-03-29

from web3-provider-engine GitHub release notes

Commit messages

Package name: web3-provider-engine

• 15bc747 15.0.12
• bd9ff60 subp/rpc - sanitize payload to remove skipCache
• 1d6b778 15.0.11
• f911f68 Fix deps (Increase coverage #342)
• eccdf18 15.0.10
• d15fbf8 subp/hooked-wallet-ethtx/bugfix - fix ethereumjs tx import
• 45262e9 15.0.9
• eebcb6f deps - update ethereumjs-{tx,util}
• 651116a 15.0.8
• ff84935 simply random-id
• d944085 Add nvmrc, yarn install (Update dependencies to enable Greenkeeper 🌴 #339)
• 4048d34 yarn upgrade to resolve security issues (Voting Module  #338)
• 235040e Update package description (added WVCF #337)
• 06b443b Delete bower.json (Revert "Voting module" #336)
• d77d4e1 v15.0.7 (Cli permissions manager #335)
• 9bcc36a Migrate to yarn (Ignored OpenZeppelin in GreenKeeper #334)
• 58f5a0e Add support for eth_signTypedData v3 & v4 (Faucet fix #333)
• 55b882b Bump acorn from 5.7.3 to 7.1.1 (Improved deploy info #330)
• 02d8a56 15.0.6
• ebfc871 Merge pull request Solidity Coverage Fix #328 from MetaMask/error-fix
• d90857b deps - update eth-json-rpc-errors + interface
• a9c8b24 15.0.5
• fae46dd Merge pull request Add a ScheduledCheckpoint PoC Module #327 from MetaMask/retry-getting-block-bodies
• caaf92b add _getBlockByNumberWithRetry to be less fragile against infura

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs