Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: critical security vulnerabilities #30

Merged
merged 8 commits into from
Nov 1, 2024
Merged

fix: critical security vulnerabilities #30

merged 8 commits into from
Nov 1, 2024

Conversation

freemanzMrojo
Copy link
Member

@freemanzMrojo freemanzMrojo commented Nov 1, 2024
edited
Loading

Upgraded dependencies that were pulling underscore, ws and babel-traverse, affected by critical vulnerabilities.

@freemanzMrojo freemanzMrojo requested a review from a team as a code owner November 1, 2024 11:24
@socket-security Socket Security
Copy link

socket-security bot commented Nov 1, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@ethereum-waffle/[email protected] None 0 473 kB ethworks
npm/@ethereum-waffle/[email protected] filesystem, network, shell +1 290 kB ethworks
npm/@ethereum-waffle/[email protected] None 0 2.41 MB ethworks
npm/@ethereum-waffle/[email protected] None 0 516 kB ethworks
npm/@ethereum-waffle/[email protected] None 0 251 kB ethworks
npm/@ethereumjs/[email protected] None +1 802 kB holgerd77
npm/@ethereumjs/[email protected] None 0 458 kB holgerd77
npm/@ethereumjs/[email protected] None +1 109 kB holgerd77
npm/@ethereumjs/[email protected] environment, eval Transitive: network +2 2.74 MB holgerd77
npm/@ganache/[email protected] None 0 26.3 kB truffle-cicd
npm/@ganache/[email protected] environment 0 132 kB truffle-cicd
npm/@ganache/[email protected] None +3 3.32 MB truffle-cicd
npm/@ganache/[email protected] None 0 58.3 kB truffle-cicd
npm/@ganache/[email protected] None +1 85.4 kB truffle-cicd
npm/@ganache/[email protected] Transitive: environment, filesystem +3 1.18 MB truffle-cicd
npm/@trufflesuite/[email protected] Transitive: environment, filesystem +1 282 kB davidmurdoch
npm/@types/[email protected] None 0 6.96 kB types
npm/@types/[email protected] None 0 3.36 kB types
npm/@types/[email protected] None 0 8.56 kB types
npm/@types/[email protected] None 0 6.27 kB types
npm/[email protected] None 0 243 kB vweevers
npm/[email protected] None 0 541 kB hargasinski
npm/[email protected] None +1 945 kB junderw
npm/[email protected] None 0 5 kB vweevers
npm/[email protected] environment, filesystem, shell 0 151 kB abetomo
npm/[email protected] None 0 36.2 kB vweevers
npm/[email protected] None 0 44.1 kB sindresorhus
npm/[email protected] None +1 266 kB vweevers
npm/[email protected] None +2 8.81 MB ethworks
npm/[email protected] environment, filesystem, network, shell +4 97.6 MB truffle-cicd
npm/[email protected] None 0 4.59 kB feross
npm/[email protected] None 0 37.3 kB sidorares
npm/[email protected] None 0 8.47 kB vweevers
npm/[email protected] None 0 26.5 kB vweevers
npm/[email protected] None 0 14.1 kB vweevers
npm/[email protected] None 0 32.8 kB vweevers
npm/[email protected] None 0 26.9 kB vweevers
npm/[email protected] None 0 34.5 kB vweevers
npm/[email protected] None 0 5.64 MB vweevers
npm/[email protected] None +2 136 kB vweevers
npm/[email protected] None +3 278 kB vweevers
npm/[email protected] None +1 762 kB holgerd77
npm/[email protected] None 0 16.2 kB mafintosh
npm/[email protected] None 0 374 kB davidbau
npm/[email protected] None 0 20.6 kB jsoendermann
npm/[email protected] filesystem Transitive: environment +2 195 kB ethereum-ts-bot
npm/[email protected] eval 0 906 kB jgonggrijp

🚮 Removed packages: npm/@ethereum-waffle/[email protected], npm/@ethereum-waffle/[email protected], npm/@ethereum-waffle/[email protected], npm/@ethereum-waffle/[email protected], npm/@ethereum-waffle/[email protected], npm/@ljharb/[email protected], npm/@yarnpkg/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@freemanzMrojo freemanzMrojo marked this pull request as draft November 1, 2024 11:33
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 1, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@freemanzMrojo freemanzMrojo marked this pull request as ready for review November 1, 2024 16:04
vanja-vechain
vanja-vechain approved these changes Nov 1, 2024
View reviewed changes
Copy link

@vanja-vechain vanja-vechain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@freemanzMrojo freemanzMrojo merged commit e90d6e1 into vechain Nov 1, 2024
9 checks passed
@freemanzMrojo freemanzMrojo deleted the fix/critical-security-alerts branch November 1, 2024 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vanja-vechain vanja-vechain vanja-vechain approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@freemanzMrojo @vanja-vechain