Skip to content

Commit

Permalink
Merge pull request #4439 from BitGo/DX-314-update-vulnerable-protobufjs
Browse files Browse the repository at this point in the history
fix: update protobufjs to fix critical vulnerability
  • Loading branch information
ekorenblum-simtlix authored Apr 18, 2024
2 parents 0085f8a + 7066ada commit db1cc05
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 9 deletions.
2 changes: 1 addition & 1 deletion modules/sdk-coin-hbar/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"bignumber.js": "^9.0.0",
"lodash": "^4.17.15",
"long": "^4.0.0",
"protobufjs": "7.2.4",
"protobufjs": "7.2.5",
"stellar-sdk": "^10.0.1",
"tweetnacl": "^1.0.3"
},
Expand Down
2 changes: 1 addition & 1 deletion modules/sdk-coin-islm/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
"cosmjs-types": "^0.6.1",
"ethers": "^5.7.2",
"keccak": "3.0.3",
"protobufjs": "^7.2.4"
"protobufjs": "7.2.5"
},
"devDependencies": {
"@bitgo/sdk-api": "^1.45.0",
Expand Down
2 changes: 1 addition & 1 deletion modules/sdk-coin-trx/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
"bignumber.js": "^9.0.0",
"ethers": "^5.7.2",
"lodash": "^4.17.14",
"protobufjs": "7.2.4",
"protobufjs": "7.2.5",
"secp256k1": "5.0.0",
"superagent": "^3.8.3",
"tronweb": "5.1.0"
Expand Down
1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@
"terser": "^5.14.2",
"json5": "^2.2.2",
"ua-parser-js": ">0.7.30 <0.8.0",
"protobufjs": "^7.2.4",
"socks": "2.7.3",
"web3-utils": "4.2.1"
},
Expand Down
38 changes: 33 additions & 5 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2465,7 +2465,7 @@

"@hashgraph/[email protected]":
version "1.4.6"
resolved "https://registry.npmjs.org/@hashgraph/cryptography/-/cryptography-1.4.6.tgz"
resolved "https://registry.yarnpkg.com/@hashgraph/cryptography/-/cryptography-1.4.6.tgz#abec5f0cddeb8814f5e7bc1c4de2063a8c698f96"
integrity sha512-3HmnT1Lek71l6nHxc4GOyT/hSx/LmgusyWfE7hQda2dnE5vL2umydDw5TK2wq8gqmD9S3uRSMhz/BO55wtzxRA==
dependencies:
bignumber.js "^9.1.1"
Expand All @@ -2487,7 +2487,7 @@

"@hashgraph/[email protected]":
version "2.29.0"
resolved "https://registry.npmjs.org/@hashgraph/sdk/-/sdk-2.29.0.tgz"
resolved "https://registry.yarnpkg.com/@hashgraph/sdk/-/sdk-2.29.0.tgz#aeaaea672f2564d66c98b6f7dddbc6b77c850680"
integrity sha512-dMv2q7OCa2Xyi0ooGjo4JJRFxHKzKBvMd8G/n30j4jHx1JiSfI2ckPTAOwfCbYZ/o+EMDZzevyD5+Juf9iph+A==
dependencies:
"@ethersproject/abi" "^5.7.0"
Expand Down Expand Up @@ -6523,7 +6523,7 @@ axios@^0.26.1:
dependencies:
follow-redirects "^1.14.8"

axios@^1.0.0, axios@^1.3.1, axios@^1.3.4, axios@^1.4.0:
axios@^1.0.0, axios@^1.3.4, axios@^1.4.0:
version "1.6.1"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.1.tgz#76550d644bf0a2d469a01f9244db6753208397d7"
integrity sha512-vfBmhDpKafglh0EldBEbVuoe7DyAavGSLWhuSm5ZSEKQnHhBf0xAAwybbNH1IkrJNGnS/VG4I5yxig1pCEXE4g==
Expand All @@ -6532,6 +6532,15 @@ axios@^1.0.0, axios@^1.3.1, axios@^1.3.4, axios@^1.4.0:
form-data "^4.0.0"
proxy-from-env "^1.1.0"

axios@^1.3.1:
version "1.6.8"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.8.tgz#66d294951f5d988a00e87a0ffb955316a619ea66"
integrity sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==
dependencies:
follow-redirects "^1.15.6"
form-data "^4.0.0"
proxy-from-env "^1.1.0"

axios@^1.6.0:
version "1.6.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.0.tgz#f1e5292f26b2fd5c2e66876adc5b06cdbd7d2102"
Expand Down Expand Up @@ -10700,7 +10709,7 @@ flux@^4.0.1:
fbemitter "^3.0.0"
fbjs "^3.0.1"

[email protected], follow-redirects@^1.0.0, follow-redirects@^1.14.0, follow-redirects@^1.14.7, follow-redirects@^1.14.8, follow-redirects@^1.14.9, follow-redirects@^1.15.0:
[email protected], follow-redirects@^1.0.0, follow-redirects@^1.14.0, follow-redirects@^1.14.7, follow-redirects@^1.14.8, follow-redirects@^1.14.9, follow-redirects@^1.15.0, follow-redirects@^1.15.6:
version "1.15.4"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf"
integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==
Expand Down Expand Up @@ -15844,7 +15853,7 @@ protobufjs-cli@^1.0.2:
tmp "^0.2.1"
uglify-js "^3.7.7"

[email protected].4, protobufjs@^6.8.8, protobufjs@^7.0.0, protobufjs@^7.1.2, protobufjs@^7.2.4, protobufjs@~6.11.2, protobufjs@~6.11.3:
[email protected].5, protobufjs@^7.0.0, protobufjs@^7.1.2:
version "7.2.5"
resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-7.2.5.tgz#45d5c57387a6d29a17aab6846dcc283f9b8e7f2d"
integrity sha512-gGXRSXvxQ7UiPgfw8gevrfRWcTlSbOFg+p/N+JVJEK5VhueL2miT6qTymqAmjr1Q5WbOCyJbyrk6JfWKwlFn6A==
Expand All @@ -15862,6 +15871,25 @@ [email protected], protobufjs@^6.8.8, protobufjs@^7.0.0, protobufjs@^7.1.2, proto
"@types/node" ">=13.7.0"
long "^5.0.0"

protobufjs@^6.8.8, protobufjs@~6.11.2, protobufjs@~6.11.3:
version "6.11.4"
resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.4.tgz#29a412c38bf70d89e537b6d02d904a6f448173aa"
integrity sha512-5kQWPaJHi1WoCpjTGszzQ32PG2F4+wRY6BmAT4Vfw56Q2FZ4YZzK20xUYQH4YkfehY1e6QSICrJquM6xXZNcrw==
dependencies:
"@protobufjs/aspromise" "^1.1.2"
"@protobufjs/base64" "^1.1.2"
"@protobufjs/codegen" "^2.0.4"
"@protobufjs/eventemitter" "^1.1.0"
"@protobufjs/fetch" "^1.1.0"
"@protobufjs/float" "^1.0.2"
"@protobufjs/inquire" "^1.1.0"
"@protobufjs/path" "^1.1.2"
"@protobufjs/pool" "^1.1.0"
"@protobufjs/utf8" "^1.1.0"
"@types/long" "^4.0.1"
"@types/node" ">=13.7.0"
long "^4.0.0"

protocols@^2.0.0, protocols@^2.0.1:
version "2.0.1"
resolved "https://registry.npmjs.org/protocols/-/protocols-2.0.1.tgz"
Expand Down

0 comments on commit db1cc05

Please sign in to comment.