chore(deps): bump lodash, @0x/subproviders and recharts in /solidity-v1/dashboard

[dependabot]

Bumps lodash to 4.18.1 and updates ancestor dependencies lodash, @0x/subproviders and recharts. These dependencies need to be updated together.

Updates lodash from 4.17.15 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates @0x/subproviders from 6.1.0 to 8.0.1

Release notes

Sourced from @​0x/subproviders's releases.

tools - c33f74a

No release notes provided.

tools - 8c79268

No release notes provided.

tools - 38f717a

No release notes provided.

tools - aad2bd4

@​0x/base-contract@​7.0.0

• Update downstream dependencies to latest versions (#64)

@​0x/dev-utils@​5.0.0

• Update Ganache to 7.x (#64)

@​0x/subproviders@​7.0.0

• Update Ganache to 7.x (#64)
• Change to Ledger TransportWebUSB over TransportU2F (#64)

@​0x/utils@​7.0.0

• Updated to Ganache 7.x modifying the support for Ganache revert errors (#65)

@​0x/web3-wrapper@​8.0.0

• Remove ganache specific eth_signTypedData as JSON string (#65)
• Detect new structure for Ganache errors (#65)

tools - 0787b82

@​0x/abi-gen@​5.8.0

• Handle potentially missing linkReferences in 0.8 (#62)

@​0x/base-contract@​6.5.0

• Handle potentially missing linkReferences in generated artifacts (#62)

ethereum-types@3.7.0

• Make compiler artifact linkReferences optional (#62)

tools - 41976dd

@​0x/sol-compiler@​4.8.0

• Fix 0.8 support (#61)

@​0x/sol-tracing-utils@​7.3.0

• Update deps (#61)

... (truncated)

Changelog

Sourced from @​0x/subproviders's changelog.

v8.0.1 - April 7, 2023

* Dependencies updated

v8.0.0 - Invalid date

* Remove subproviders except for private key, empty wallet, ganache, mnemonic, and RPC

v7.0.1 - January 26, 2023

* Dependencies updated

v7.0.0 - August 18, 2022

* Update Ganache to 7.x ([#64](https://github.com/0xProject/tools/tree/HEAD/subproviders/issues/64))
* Change to Ledger `TransportWebUSB` over `TransportU2F` ([#64](https://github.com/0xProject/tools/tree/HEAD/subproviders/issues/64))

v6.6.5 - March 16, 2022

* Dependencies updated

v6.6.4 - March 16, 2022

* Dependencies updated

v6.6.3 - February 26, 2022

* Dependencies updated

v6.6.2 - January 19, 2022

* Dependencies updated

v6.6.1 - September 23, 2021

* Dependencies updated

v6.6.0 - August 25, 2021

* Add fee market (1559) support to private key and mnemonic wallet ([#45](https://github.com/0xProject/tools/tree/HEAD/subproviders/issues/45))

v6.5.4 - June 28, 2021

* Dependencies updated

v6.5.3 - April 28, 2021

* Dependencies updated

v6.5.2 - April 26, 2021

... (truncated)

Commits

• c33f74a Publish
• d0fe875 Updated CHANGELOGS & MD docs
• 8d21ec1 chore: update subproviders version to 8.0.0
• bf9aaea chore: clean unused code from @​0x/subproviders
• 8c79268 Publish
• d6e3f73 Updated CHANGELOGS & MD docs
• 2dbb546 Bump sinon from 4.5.0 to 15.0.0
• aad2bd4 Publish
• ae6753a Updated CHANGELOGS & MD docs
• e003034 fix: Update deps fix (#65)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tobernguyen, a new releaser for @​0x/subproviders since your current version.

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.

Updates recharts from 1.8.5 to 3.8.1

Release notes

Sourced from recharts's releases.

v3.8.1

What's Changed

Bugfixes!

• fix(z-index): prevent elements from disappearing during dynamic zIndex transitions by @​VIDHITTS in recharts/recharts#7006
• fix: prevent tooltip flicker in syncMethod="value" with mismatched data arrays by @​roy7 in recharts/recharts#7020
• docs: add missing SVG props documentation to PolarGrid #3400 by @​ramanverse in recharts/recharts#6987
• fix: add cursor prop type to BaseChartProps by @​mixelburg in recharts/recharts#7065
• fix: restore arrow key navigation when active index is outside zoomed… by @​AbishekRaj2007 in recharts/recharts#7086
• Add test for ticks spacing by @​VIDHITTS in recharts/recharts#7082
• fix(Pie): skip minAngle redistribution when no segment needs it by @​Harikrushn9118 in recharts/recharts#7097
• fix(DefaultLegendContent): use entry.value for aria-label when formatter returns React element by @​mixelburg in recharts/recharts#7109
• fix(PolarRadiusAxis): update ticks prop type by @​PavelVanecek in recharts/recharts#7112
• fix: PieChart double padding gap when a data item has value 0 by @​Copilot in recharts/recharts#7113
• Add boxplot example by @​PavelVanecek in recharts/recharts#7130
• [fix] Update ticks calculator and domain extension by @​PavelVanecek in recharts/recharts#7146
• fix: guard against non-function d3-scale exports in getD3ScaleFromType by @​tdebarochez in recharts/recharts#7123
• fix: stackOffset expand should not override numerical XAxis domain by @​SeaL773 in recharts/recharts#7152
• fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) by @​olagokemills in recharts/recharts#7140
• fix(Tooltip): prevent crash on sparse or undefined payload entries by @​Om-Mishra09 in recharts/recharts#7149
• fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update by @​Om-Mishra09 in recharts/recharts#7161

New Contributors

• @​AbishekRaj2007 made their first contribution in recharts/recharts#7086
• @​tdebarochez made their first contribution in recharts/recharts#7123
• @​SeaL773 made their first contribution in recharts/recharts#7152
• @​olagokemills made their first contribution in recharts/recharts#7140

Full Changelog: recharts/recharts@v3.8.0...v3.8.1

v3.8.0

What's Changed

We added generics to our data and dataKey props and now you can have your charts validated by TypeScript. See the full guide here: https://recharts.github.io/en-US/guide/typescript/

We are releasing new helper functions and hooks that will allow you to precisely target mouse interactions, and convert coordinates. See the guide here: https://recharts.github.io/en-US/guide/coordinateSystems/

And new functions and hooks:

getRelativeCoordinate - converts mouse events to pixel positions

Convert Data → Pixels:

useXAxisScale - returns a function to convert X data values to pixel positions useYAxisScale - returns a function to convert Y data values to pixel positions useCartesianScale - convenience hook for converting both at once

Pixels → Data:

... (truncated)

Changelog

Sourced from recharts's changelog.

⚠️ Next versions change notes are available only on the GitHub Releases page ⚠️

2.2.0 (Dec 8, 2022)

feat

• Support keyboard navigation in pie chart (#2923)
• Allow reversing the tooltip direction (#3056)

fix

• fix rounding leading to hairline gaps (#3075)
• fix: do not override zero brush end index (#3076)
• fix: allow dragging brush when the mouse is outside (#3072)
• fix: add label type to line props (#3068)
• Ensure LabelList generic extends Data interface (#2954)

2.1.16 (Oct 29, 2022)

fix

• Fix incorrect date in CHAGELOG (#3016)
• Let formatter function run even when value is falsy (#3026)
• Fix(Sankey): update tooltip active state by trigger type(hover/click) (#3021)
• Fix Area's baseValue prop (#3013)

2.1.15 (Oct 12, 2022)

fix

• Fix scroll on hover
• DefaultTooltipContent.tsx Solving type error for entry.value and entry.name

chore

• Revert D3 version

2.1.14 (Sep 7, 2022)

fix

• Add inactiveShape prop to Pie component (#2900)
• Revert "chore: move type deps into devDependencies (#2843)" (#2942)
• Fix typing of default tooltip formatter (#2924)
• Take letter-spacing and font-size into consideration while rendering ticks (#2898)
• Add formatter function type to tooltip props (#2916)
• doc: Update CHANGELOG.md about d3 7.x (#2919)

2.1.13 (Jul 26, 2022)

... (truncated)

Commits

• 5b10788 chore(deps-dev): bump diff from 8.0.3 to 8.0.4 (#7156)
• 222396f chore(deps): bump react-router-dom from 7.13.1 to 7.13.2 (#7164)
• c2642da chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#7166)
• b186929 fix(RechartsWrapper): prevent ResizeObserver memory leak on ref update (#7161)
• 738f71f fix(Tooltip): prevent crash on sparse or undefined payload entries (#7149)
• 00daf0b chore(deps-dev): bump rollup from 4.59.0 to 4.60.0 (#7158)
• eba4f2a chore(deps-dev): bump marked from 17.0.4 to 17.0.5 (#7157)
• 201d060 fix: resolve keyboard navigation and tooltip issues for Pie charts (#6921) (#...
• 670d092 chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#7150)
• 86ca8de fix: stackOffset expand should not override numerical XAxis domain (#7152)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by corkscreewe, a new releaser for recharts since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.