Skip to content

Bump yauzl, ganache-core and web3#17

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-fe25b7a5c5
Open

Bump yauzl, ganache-core and web3#17
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-fe25b7a5c5

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Removes yauzl. It's no longer used after updating ancestor dependencies yauzl, ganache-core and web3. These dependencies need to be updated together.

Removes yauzl

Updates ganache-core from 2.5.4 to 2.13.2

Release notes

Sourced from ganache-core's releases.

v2.13.2 – Taco Tuesday 🌮

We're moving to a betalatest release pipeline, where all non-hotfix changes are first released in a beta before being promoted to a stable release.

We'd love it if you'd start using the latest betas and let us know early and often if you find any bugs or regressions!

Highlights

v2.13.2 – Taco Tuesday 🌮

It's Tuesday. And you know what that means, don't you? Tacos! And tacos are delicious. And do you know what else is delicious? This release! It's got a couple of new bug fixes you'll want to check out, especially if you use the forking feature.

Bon appetit!

How to Upgrade

Upgrade to the latest version of ganache-core by running:

npm

npm uninstall ganache-core
npm install ganache-core@latest

yarn

yarn remove ganache-core
yarn add ganache-core@latest

Changelog

... (truncated)

Commits
  • ff312f6 2.13.2
  • a0d3354 chore: update eth-sig-util to v3.0.0 (#711)
  • 210c832 fix: handle failure to retrieve net_version when forking (#676)
  • 2de990f fix: storage value encoding in forked trie. (#658)
  • 1177fe8 Add removed field to Log JSON (#651)
  • 685b1d9 2.13.1
  • a74efce don't bundle web3-provider-engine
  • ce5d4d3 2.13.1-beta.1
  • d918080 update shrinkwrap after npm v7 update
  • 413bfc8 chore: ensure the shrinkwrap includes the right eth-sig-util version
  • Additional commits viewable in compare view

Updates web3 from 1.0.0-beta.37 to 1.10.4

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[1.10.4]

Security

  • Updated dependencies (#6731)

[Unreleased]

Commits
Maintainer changes

This version was pushed to npm by jdevcs, a new releaser for web3 since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump yauzl, ganache-core and web3
c6fe3a3 
Removes [yauzl](https://github.com/thejoshwolfe/yauzl). It's no longer used after updating ancestor dependencies [yauzl](https://github.com/thejoshwolfe/yauzl), [ganache-core](https://github.com/trufflesuite/ganache-core) and [web3](https://github.com/ChainSafe/web3.js). These dependencies need to be updated together.


Removes `yauzl`

Updates `ganache-core` from 2.5.4 to 2.13.2
- [Release notes](https://github.com/trufflesuite/ganache-core/releases)
- [Commits](ConsenSys-archive/ganache@v2.5.4...v2.13.2)

Updates `web3` from 1.0.0-beta.37 to 1.10.4
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/v1.10.4/CHANGELOG.md)
- [Commits](web3/web3.js@1.0.0-beta.37...v1.10.4)

---
updated-dependencies:
- dependency-name: yauzl
  dependency-version: 
  dependency-type: indirect
- dependency-name: ganache-core
  dependency-version: 2.13.2
  dependency-type: direct:production
- dependency-name: web3
  dependency-version: 1.10.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants