Skip to content

Commit

Permalink
Merge pull request #4370 from BitGo/WP-1623/vuln-fix
Browse files Browse the repository at this point in the history
fix(root): web3-utils vulnerability
  • Loading branch information
andrew-scott-fischer authored Mar 26, 2024
2 parents e441e87 + 132a3bc commit b3d135f
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 27 deletions.
5 changes: 0 additions & 5 deletions .iyarc
Original file line number Diff line number Diff line change
@@ -1,5 +0,0 @@
# false positive

GHSA-8x6c-cv3v-vp6g

## https://github.com/github/advisory-database/pull/1693
3 changes: 2 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@
"json5": "^2.2.2",
"ua-parser-js": ">0.7.30 <0.8.0",
"protobufjs": "^7.2.4",
"socks": "2.7.3"
"socks": "2.7.3",
"web3-utils": "4.2.1"
},
"workspaces": [
"modules/*"
Expand Down
60 changes: 39 additions & 21 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -10031,13 +10031,6 @@ eth-lib@^0.1.26:
ws "^3.0.0"
xhr-request-promise "^0.1.2"

ethereum-bloom-filters@^1.0.6:
version "1.0.10"
resolved "https://registry.npmjs.org/ethereum-bloom-filters/-/ethereum-bloom-filters-1.0.10.tgz"
integrity sha512-rxJ5OFN3RwjQxDcFP2Z5+Q9ho4eIdEmSc2ht0fCu8Se9nbXjZ7/031uXoUYJ87KHCOdVeiUuwSnoS7hmYAGVHA==
dependencies:
js-sha3 "^0.8.0"

ethereum-cryptography@^0.1.3:
version "0.1.3"
resolved "https://registry.npmjs.org/ethereum-cryptography/-/ethereum-cryptography-0.1.3.tgz"
Expand Down Expand Up @@ -19030,9 +19023,9 @@ [email protected]:
dependencies:
inherits "2.0.1"

util@^0.12.0, util@^0.12.1, util@^0.12.4:
util@^0.12.0, util@^0.12.1, util@^0.12.4, util@^0.12.5:
version "0.12.5"
resolved "https://registry.npmjs.org/util/-/util-0.12.5.tgz"
resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc"
integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==
dependencies:
inherits "^2.0.3"
Expand Down Expand Up @@ -19289,6 +19282,13 @@ [email protected]:
web3-core-requestmanager "1.3.6"
web3-utils "1.3.6"

web3-errors@^1.1.4:
version "1.1.4"
resolved "https://registry.yarnpkg.com/web3-errors/-/web3-errors-1.1.4.tgz#5667a0a5f66fc936e101ef32032ccc1e8ca4d5a1"
integrity sha512-WahtszSqILez+83AxGecVroyZsMuuRT+KmQp4Si5P4Rnqbczno1k748PCrZTS1J4UCPmXMG2/Vt+0Bz2zwXkwQ==
dependencies:
web3-types "^1.3.1"

[email protected]:
version "1.3.6"
resolved "https://registry.npmjs.org/web3-eth-abi/-/web3-eth-abi-1.3.6.tgz"
Expand Down Expand Up @@ -19430,19 +19430,32 @@ [email protected]:
web3-core-subscriptions "1.3.6"
web3-net "1.3.6"

[email protected]:
version "1.3.6"
resolved "https://registry.npmjs.org/web3-utils/-/web3-utils-1.3.6.tgz"
integrity sha512-hHatFaQpkQgjGVER17gNx8u1qMyaXFZtM0y0XLGH1bzsjMPlkMPLRcYOrZ00rOPfTEuYFOdrpGOqZXVmGrMZRg==
web3-types@^1.3.1, web3-types@^1.5.0:
version "1.5.0"
resolved "https://registry.yarnpkg.com/web3-types/-/web3-types-1.5.0.tgz#35b5c0ab149b0d566efeaed8ddaa40db159c748e"
integrity sha512-geWuMIeegQ8AedKAO6wO4G4j1gyQ1F/AyKLMw2vud4bsfZayyzWJgCMDZtjYMm5uo2a7i8j1W3/4QFmzlSy5cw==

[email protected], [email protected]:
version "4.2.1"
resolved "https://registry.yarnpkg.com/web3-utils/-/web3-utils-4.2.1.tgz#326bc6e9e4d047f7b38ba68bee1399c4f9f621e3"
integrity sha512-Fk29BlEqD9Q9Cnw4pBkKw7czcXiRpsSco/BzEUl4ye0ZTSHANQFfjsfQmNm4t7uY11u6Ah+8F3tNjBeU4CA80A==
dependencies:
bn.js "^4.11.9"
eth-lib "0.2.8"
ethereum-bloom-filters "^1.0.6"
ethjs-unit "0.1.6"
number-to-bn "1.7.0"
randombytes "^2.1.0"
underscore "1.12.1"
utf8 "3.0.0"
ethereum-cryptography "^2.0.0"
eventemitter3 "^5.0.1"
web3-errors "^1.1.4"
web3-types "^1.5.0"
web3-validator "^2.0.4"

web3-validator@^2.0.4:
version "2.0.4"
resolved "https://registry.yarnpkg.com/web3-validator/-/web3-validator-2.0.4.tgz#66f34c94f21a3c94d0dc2a2d30deb8a379825d38"
integrity sha512-qRxVePwdW+SByOmTpDZFWHIUAa7PswvxNszrOua6BoGqAhERo5oJZBN+EbWtK/+O+ApNxt5FR3nCPmiZldiOQA==
dependencies:
ethereum-cryptography "^2.0.0"
util "^0.12.5"
web3-errors "^1.1.4"
web3-types "^1.3.1"
zod "^3.21.4"

[email protected]:
version "1.3.6"
Expand Down Expand Up @@ -20120,3 +20133,8 @@ yocto-queue@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.0.0.tgz#7f816433fb2cbc511ec8bf7d263c3b58a1a3c251"
integrity sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==

zod@^3.21.4:
version "3.22.4"
resolved "https://registry.yarnpkg.com/zod/-/zod-3.22.4.tgz#f31c3a9386f61b1f228af56faa9255e845cf3fff"
integrity sha512-iC+8Io04lddc+mVqQ9AZ7OQ2MrUKGN+oIQyq1vemgt46jwCwLfhq7/pwnBnNXXXZb8VTVLKwp9EDkx+ryxIWmg==

0 comments on commit b3d135f

Please sign in to comment.