[Snyk] Security upgrade ethereumjs-devp2p from 2.5.1 to 3.0.3

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ethereumjs-devp2p

The new version differs by 89 commits.

• a4393ac Merge pull request #90 from ethereumjs/new-release
• a2bb48d Bumped version to v3.0.3, added CHANGELOG entry
• 6e9d0ca Merge pull request #89 from ethereumjs/new-release
• 34578a1 Bumped version to v3.0.2, added CHANGELOG entry
• 751e252 Merge pull request #88 from ethereumjs/fix-typescript-type-exports
• 6861315 Bumped k-bucket dependency to v5.0.0, added types, fixed esModuleInterop type export issue
• 826a06b Merge pull request #81 from ethereumjs/add-update-diagram-instructions
• 263a116 add instructions for updating diagram
• eff0ede Merge pull request #80 from ethereumjs/digitize-diagram
• 810f112 digitize diagram
• 8a25282 Merge pull request #78 from ethereumjs/new-release
• cc183f7 Bumped version to v3.0.1, added CHANGELOG entry
• 711062f Merge pull request #77 from ethereumjs/some-refactoring
• d9b8abc Refactored Peer class
• d77a3f9 Merge pull request #75 from ethereumjs/logger-improvements
• 58b8211 Merge branch 'master' into logger-improvements
• c8cdb44 Merge pull request #76 from ethereumjs/add-diagram
• a5a0f30 Added devp2p diagram with the high-level structure, loggers, events and an exemplary peer communication flow
• bf26e67 Added debug message for DISCONNECT reason from peer
• b5a36a7 Moved debug output in BanList.add() after the set operation to get the correct size output
• fd3c92c Replaced try/catch logic for EIP-8 auth check to avoid side-effects and get rid of misleading wrong-ecies-header debug output
• 6bf6a64 Added number of peers to refillConnections() debug message
• 5664ef6 Merge pull request Bump dottie from 2.0.1 to 2.0.4 INFURA/devp2p-network#73 from ethereumjs/improve-debug-output
• 4061955 Internalize util logger, pass logger to util.assertEq function

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)