Skip to content

Update dependency @solana/web3.js to v1.50.2 [SECURITY]#1052

Open
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-solana-web3.js-vulnerability
Open

Update dependency @solana/web3.js to v1.50.2 [SECURITY]#1052
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/npm-solana-web3.js-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 18, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@solana/web3.js (source) 1.50.11.50.2 age confidence

Handling untrusted input can result in a crash, leading to loss of availability / denial of service

CVE-2024-30253 / GHSA-8m45-2rjm-j347

More information

Details

Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM).

If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of availability.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update dependency @solana/web3.js to v1.50.2 [SECURITY] Update dependency @solana/web3.js to v1.50.2 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-solana-web3.js-vulnerability branch March 27, 2026 05:01
@renovate renovate Bot changed the title Update dependency @solana/web3.js to v1.50.2 [SECURITY] - autoclosed Update dependency @solana/web3.js to v1.50.2 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-solana-web3.js-vulnerability branch 2 times, most recently from a09b983 to 30e664d Compare March 30, 2026 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bradleySuira bradleySuira Awaiting requested review from bradleySuira bradleySuira is a code owner

@tima-t tima-t Awaiting requested review from tima-t tima-t is a code owner

@AndonMitev AndonMitev Awaiting requested review from AndonMitev AndonMitev is a code owner

@Jennievon Jennievon Awaiting requested review from Jennievon Jennievon is a code owner

@skeremidchiev skeremidchiev Awaiting requested review from skeremidchiev skeremidchiev is a code owner

@kraikov kraikov Awaiting requested review from kraikov kraikov is a code owner

@beemi beemi Awaiting requested review from beemi beemi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants