[Snyk] Security upgrade @truffle/decoder from 3.0.16 to 4.0.0

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • static/node/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/decoder

The new version differs by 250 commits.

• a962a99 Publish
• 065cf1a Update yarn.lock
• 6725894 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#2590 from trufflesuite/next
• 1a61727 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#2589 from trufflesuite/harry-docs-review
• 94b02fb Merge branch 'develop' of github.com:trufflesuite/truffle into next
• 8eedda1 Briefly review decoder docs
• 921c2c0 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#2588 from trufflesuite/decoder-122
• 2584ae4 Remove typeRoot for @ types/web3
• 5d22500 Fix incorrect block access in decoder test
• 654b8c0 Fix default blocks for events()
• e1c1e08 Update decoder to web3 1.2.2
• d3dd947 Merge pull request System Error when running Ganache 2.5.4 on darwin trufflesuite/ganache-ui#2584 from trufflesuite/rmSolLoader
• 75e67ce Remove unused typings from decoder
• f78642c Update codec's web3-utils to 1.2.2
• 68097be Merge pull request Decoding Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#2587 from trufflesuite/typetype
• 3881a0d Fix misnamed type (sorry!)
• e528714 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#2586 from trufflesuite/splittree
• bcbdbe0 Add basic handling for type type
• 89e5bc3 Add TypeType, TypeValue, etc
• 644edc5 Split AstConstant from Ast
• ca88dca update .nycrc
• 8c0e761 updated yarn.lock
• a17eeb7 Merge pull request System Error when running Ganache 2.4.0 on linux trufflesuite/ganache-ui#2091 from trufflesuite/ens
• d479751 DEPRECATED ⚠️ - WARNING: This package is no longer used by Truffle and is not being maintained. (solidity-loader)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of Weak Hash

[secure-code-warrior-for-github]

Micro-Learning Topic: Weak algorithm (Detected by phrase)

Matched on "Weak Hash"

What is this? (2min video)

As computing power and availability increases, cryptographic algorithms are periodically updated to ensure that these increases do not allow brute force attacks to succeed. Furthermore, ongoing cryptography research will often identify flaws in existing algorithms that weaken their security. Use of weak or outdated algorithms to protect sensitive data places it at risk because encryption weaknesses, hashing or signature algorithms can result in the protection being undone.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Using a broken or risky cryptographic algorithm article - OWASP community page with comprehensive information about using broken or risky cryptographic algorithms, and links to various OWASP resources to help detect or prevent it.
• OWASP Password Storage Cheat Sheet - This cheat sheet provides guidance on the recommended algorithms related to storing passwords.
• OWASP Transport Layer Protection Cheat Sheet - This cheat sheet provides guidance on how to implement transport layer protection for an application using Transport Layer Security (TLS), including recommendations on cipher and key exchange algorithms.
• OWASP Cryptographic Storage Cheat Sheet - This article provides a simple model to follow when implementing solutions to protect data at rest, including recommended cryptographic algorithms.