[Snyk] Fix for 1 vulnerabilities

[Brandylee24]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/web3-onboard-demo/package.json
  • examples/web3-onboard-demo/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @coinbase/wallet-sdk

The new version differs by 39 commits.

• 17589c1 [WALL-18868] Fix RCE issue on notification github action ([WALL-18868] Fix RCE issue on notification github action coinbase/coinbase-wallet-sdk#831)
• 3d52c09 notification template as env var (notification template as env var coinbase/coinbase-wallet-sdk#828)
• d0088ca Notify new issues with permission check (Notify new issues with permission check coinbase/coinbase-wallet-sdk#824)
• d8b7a4c Notify new issues (Notify new issues coinbase/coinbase-wallet-sdk#822)
• a2cff75 [Version update] v3.6.4 ([Version update] v3.6.4 coinbase/coinbase-wallet-sdk#815)
• 1c5ee7c Update eth-json-rpc-filters (Update eth-json-rpc-filters coinbase/coinbase-wallet-sdk#816)
• 9d24e3f address dependabot alerts - testing codeflow mirroring (address dependabot alerts coinbase/coinbase-wallet-sdk#813)
• 5990cb4 [trivial] set up codeflow ([trivial] set up codeflow coinbase/coinbase-wallet-sdk#811)
• 2f5a89a Bump ua-parser-js from 0.7.32 to 0.7.33 in /packages/wallet-sdk (Bump ua-parser-js from 0.7.32 to 0.7.33 in /packages/wallet-sdk coinbase/coinbase-wallet-sdk#809)
• 9b9a7f4 Bump cookiejar from 2.1.3 to 2.1.4 in /examples/web3-onboard-demo (Bump cookiejar from 2.1.3 to 2.1.4 in /examples/web3-onboard-demo coinbase/coinbase-wallet-sdk#807)
• 8fc05a6 Bump cookiejar from 2.1.3 to 2.1.4 in /examples/web3modal-demo (Bump cookiejar from 2.1.3 to 2.1.4 in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#808)
• bbe4273 fix: pass reloadOnDisconnect to WalletSDKRelay (fix: pass reloadOnDisconnect to WalletSDKRelay coinbase/coinbase-wallet-sdk#574)
• dec550b Update demo apps' configs to address dependabot alerts (Update demo apps' configs to address dependabot alerts coinbase/coinbase-wallet-sdk#798)
• 0ae1b48 Add sample apps (Add sample apps coinbase/coinbase-wallet-sdk#796)
• 0f235fa Remove unused RxJS calls (Remove unused RxJS calls coinbase/coinbase-wallet-sdk#779)
• 1e6b0bd AES256GCM decrypt: replace Observable with Promise (AES256GCM decrypt: replace Observable with Promise coinbase/coinbase-wallet-sdk#778)
• 91ba2c7 upgrade vulnerable dependencies (upgrade vulnerable dependencies coinbase/coinbase-wallet-sdk#787)
• 0b3a9b4 Bump loader-utils from 2.0.2 to 2.0.4 in /examples/web3modal-demo (Bump loader-utils from 2.0.2 to 2.0.4 in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#792)
• 501a8d0 Bump minimatch and recursive-readdir in /examples/web3modal-demo (Bump minimatch and recursive-readdir in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#791)
• 2873dd2 Bump terser from 5.14.0 to 5.16.1 in /examples/web3modal-demo (Bump terser from 5.14.0 to 5.16.1 in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#790)
• cae5dca Bump decode-uri-component in /examples/web3modal-demo (Bump decode-uri-component from 0.2.0 to 0.2.2 in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#789)
• 7c4572d Bump json5 from 1.0.1 to 1.0.2 in /examples/web3modal-demo (Bump json5 from 1.0.1 to 1.0.2 in /examples/web3modal-demo coinbase/coinbase-wallet-sdk#788)
• d91775c Add web3modal demo (Add Web3Modal demo coinbase/coinbase-wallet-sdk#568)
• 0f320f3 Bump node-fetch from 2.6.6 to 2.6.7 in /packages/wallet-sdk (Bump node-fetch from 2.6.6 to 2.6.7 in /packages/wallet-sdk coinbase/coinbase-wallet-sdk#583)

See the full diff

Package name: @web3-onboard/coinbase

The new version differs by 250 commits.

• a9e91d2 Merge pull request #1830 from blocknative/release/2.24.4
• 862669f Merge branch 'develop' into release/2.24.4
• 9388959 Merge in latest develop
• cc4b8b0 Bump fast-xml-parser from 4.2.4 to 4.2.5 in /docs (#1828)
• 05c7853 Merge in latest develop and test
• 8ce7e6f Update to latest vite and test
• c2a8de8 Bump semver from 6.3.0 to 6.3.1 in /examples/with-ledger (#1827)
• 452d942 Bump @ antfu/utils from 0.7.2 to 0.7.4 in /docs (#1753)
• 24f2d5c Bump vite from 4.3.5 to 4.3.9 in /docs (#1757)
• 92da953 Bump fast-xml-parser from 4.2.2 to 4.2.4 in /docs (#1761)
• 63ca515 Bump semver from 6.3.0 to 6.3.1 in /examples/with-vuejs-v2 (#1826)
• bcc4be3 Bump semver from 6.3.0 to 6.3.1 in /examples/with-nextjs (#1825)
• 667b753 feat: update dappauth lib for compatibility (#1781)
• 009fcd3 Merge branch 'docs' into release/2.24.4
• f1640bc Merge branch 'main' into release/2.24.4
• 637db65 Update docs for WC implementation
• 4e8f66c Update Wallet Connect V2 for vite example (#1802)
• 7cc952f Fix: Add WC validation for props, add prop to handle MetaMask usage through WC, Bump Coinbase sdk version (#1822)
• aef4362 Merge pull request #1814 from blocknative/release/2.24.3
• b2fa704 Merge pull request #1812 from blocknative/release/2.24.3
• 31583e3 Merge pull request #1813 from blocknative/release/2.24.3
• 8fd2751 Merge branch 'docs' into release/2.24.3
• 2302d67 Merge branch 'main' into release/2.24.3
• 83fe1f6 Remove alpha flags from docs and demo

See the full diff

Package name: @web3-onboard/core

The new version differs by 250 commits.

• 0ea0fed Merge pull request #2214 from blocknative/release/2.26.0
• 419e8bc Remove unuse dimport
• dc7993a Merge in develop
• 820fb38 Fix upstream handling of number chain Ids by adding a check to the chainChanged listener (#2216)
• b01537a Remove log
• 1778aa0 Update docs versions
• 152960e Update versions for release
• de391b5 Merge branch 'docs' into release/2.26.0
• 8785823 Merge branch 'main' into release/2.26.0
• baf9120 Remove alpha.1 flags
• d68c0ed Update hw-wallet packages for type alignment (#2211)
• 89cd237 Fix - Core import of wagmi module version (#2210)
• e00ef35 Update wagmi usage docs (#2207)
• 4bcdc19 Add sunset warnings to tx preview (#2205)
• 3fcee26 Fix wagmi versioning (#2206)
• 0fdd0ac Feature - Replace internal Ethers functionality with Viem - Add WAGMI support module (#2203)
• 15af477 Merge pull request #2202 from blocknative/wc/bump_deps
• b0f69e4 Update WC versions
• d8dd346 Merge pull request #2201 from blocknative/release/2.25.7
• 0fe8cb4 Merge pull request #2199 from blocknative/release/2.25.7
• 9b780b9 Merge pull request #2200 from blocknative/release/2.25.7
• 3ed7965 commit MM fix and yarn docs
• 9f69fce Merge in docs
• 2c6153b Update versions for release

See the full diff

Package name: @web3-onboard/walletconnect

The new version differs by 250 commits.

• 0ea0fed Merge pull request #2214 from blocknative/release/2.26.0
• 419e8bc Remove unuse dimport
• dc7993a Merge in develop
• 820fb38 Fix upstream handling of number chain Ids by adding a check to the chainChanged listener (#2216)
• b01537a Remove log
• 1778aa0 Update docs versions
• 152960e Update versions for release
• de391b5 Merge branch 'docs' into release/2.26.0
• 8785823 Merge branch 'main' into release/2.26.0
• baf9120 Remove alpha.1 flags
• d68c0ed Update hw-wallet packages for type alignment (#2211)
• 89cd237 Fix - Core import of wagmi module version (#2210)
• e00ef35 Update wagmi usage docs (#2207)
• 4bcdc19 Add sunset warnings to tx preview (#2205)
• 3fcee26 Fix wagmi versioning (#2206)
• 0fdd0ac Feature - Replace internal Ethers functionality with Viem - Add WAGMI support module (#2203)
• 15af477 Merge pull request #2202 from blocknative/wc/bump_deps
• b0f69e4 Update WC versions
• d8dd346 Merge pull request #2201 from blocknative/release/2.25.7
• 0fe8cb4 Merge pull request #2199 from blocknative/release/2.25.7
• 9b780b9 Merge pull request #2200 from blocknative/release/2.25.7
• 3ed7965 commit MM fix and yarn docs
• 9f69fce Merge in docs
• 2c6153b Update versions for release

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.