[Snyk] Fix for 5 vulnerabilities

[matthewjablack]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/hdwallet-provider

The new version differs by 250 commits.

• 4468ee2 Publish
• e9efaa0 Merge pull request #3203 from trufflesuite/patch-init
• 3976147 Ensure test dir is tracked by git and fix path error
• a8baab2 Merge pull request #3201 from trufflesuite/provider-check-backoff
• ee07f94 Merge pull request #3199 from trufflesuite/prune-method
• be5ae9a Merge pull request #2987 from trufflesuite/swap-library
• ee13758 execute async func within setTimeout
• 2a1dcf9 implement provider check w/ exponential backoff using recursive setTimeout pattern
• 20adc2f Update some tests
• e91bd3d Move url normalization into box
• 5032e6a Promisify call to download repo
• fed162f Remove unused method getCommitFromVersion
• 6964fa4 Merge pull request #3197 from trufflesuite/bind-hijacker
• 007a80c Add more test cases for unbox tests
• 55a7e93 Add one more supported format for unbox test
• e4b2d5d Handle rewriting full urls in format for download-git-repo and delete some obsolete tests
• ddbb894 Add destination argument to the help for unbox and init
• b07e7b6 Get rid of : syntax for unboxing to a destination
• 6c62952 Correct capitalization error in subscriber
• 4d2da62 Update parsing method, update a test, and regenerate yarn.lock
• 31fa5ea Add some methods for sanitizing/validating the url and implement new github downloading library
• 5728daa Swap out github download library for another
• f2d4c7e Merge pull request #3196 from trufflesuite/prettier-defaults
• 1781014 Bind rejectHijacker to the PromiEvent

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Cryptographic Issues