Skip to content

chore(deps): update dependency @solana/web3.js to v1.66.6 [security] #624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency @solana/web3.js to v1.66.6 [security] #624

wants to merge 1 commit into from

Conversation

@bg-renovate-bot
Copy link
Contributor

@bg-renovate-bot bg-renovate-bot bot commented Oct 20, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@solana/web3.js (source) 1.66.1 -> 1.66.6 age adoption passing confidence

💡 bg-renovate-bot Commands and Options

You can trigger bg-renovate-bot actions by commenting on this PR:

  • to rebase this single PR, add a comment @bg-renovate-bot rebase

  • to rebase more than one PR, add a label 'rebase' and then add a comment @bg-renovate-bot rebase to any one PR you added the label to

  • to close this PR, add a comment @bg-renovate-bot close to stop bg-renovate-bot from recreating it. You can achieve the same result by closing it manually

You can also trigger bg-renovate-bot actions by checking the tickboxes in 'Dependency Dashboard' under the Issues tab

GitHub Vulnerability Alerts

CVE-2024-30253

Using particular inputs with @solana/web3.js will result in memory exhaustion (OOM).

If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a loss of availability.

Release Notes

solana-foundation/solana-web3.js (@​solana/web3.js)

v1.66.5

Compare Source

Bug Fixes
  • verify commitment level when confirming transactions with one-shot fetch (#​28969) (a206ab6)

v1.66.4

Compare Source

Bug Fixes

v1.66.3

Compare Source

Bug Fixes
  • add confirmation status to ConfirmedSignatureInfo web3.js response (#​28555) (f6fd2cf)
  • web3.js transaction confirmation now double-checks for already-confirmed txs (#​28290) (772c788)

v1.66.2

Compare Source

Bug Fixes

This is generated by Build. Runbook can be found on Confluence.

@bg-renovate-bot bg-renovate-bot bot added dependencies Used by dependabot for dependency updates renovate security labels Oct 20, 2025
@bg-renovate-bot bg-renovate-bot bot requested review from a team as code owners October 20, 2025 02:19
@bg-renovate-bot
Copy link
Contributor Author

bg-renovate-bot bot commented Oct 21, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

OttoAllmendinger
OttoAllmendinger approved these changes Oct 31, 2025
View reviewed changes
Copy link
Contributor

@OttoAllmendinger OttoAllmendinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖review-a-bot🤖: this PR has a passing status check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OttoAllmendinger OttoAllmendinger OttoAllmendinger approved these changes

Assignees

No one assigned

Labels

dependencies Used by dependabot for dependency updates renovate security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@OttoAllmendinger