Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Brandylee24
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/web3-onboard-demo/package.json
    • examples/web3-onboard-demo/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 170/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5
Improper Validation of Integrity Check Value
SNYK-JS-SECP256K1-8237220
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @coinbase/wallet-sdk The new version differs by 39 commits.

See the full diff

Package name: @web3-onboard/coinbase The new version differs by 250 commits.
  • a9e91d2 Merge pull request #1830 from blocknative/release/2.24.4
  • 862669f Merge branch 'develop' into release/2.24.4
  • 9388959 Merge in latest develop
  • cc4b8b0 Bump fast-xml-parser from 4.2.4 to 4.2.5 in /docs (#1828)
  • 05c7853 Merge in latest develop and test
  • 8ce7e6f Update to latest vite and test
  • c2a8de8 Bump semver from 6.3.0 to 6.3.1 in /examples/with-ledger (#1827)
  • 452d942 Bump @ antfu/utils from 0.7.2 to 0.7.4 in /docs (#1753)
  • 24f2d5c Bump vite from 4.3.5 to 4.3.9 in /docs (#1757)
  • 92da953 Bump fast-xml-parser from 4.2.2 to 4.2.4 in /docs (#1761)
  • 63ca515 Bump semver from 6.3.0 to 6.3.1 in /examples/with-vuejs-v2 (#1826)
  • bcc4be3 Bump semver from 6.3.0 to 6.3.1 in /examples/with-nextjs (#1825)
  • 667b753 feat: update dappauth lib for compatibility (#1781)
  • 009fcd3 Merge branch 'docs' into release/2.24.4
  • f1640bc Merge branch 'main' into release/2.24.4
  • 637db65 Update docs for WC implementation
  • 4e8f66c Update Wallet Connect V2 for vite example (#1802)
  • 7cc952f Fix: Add WC validation for props, add prop to handle MetaMask usage through WC, Bump Coinbase sdk version (#1822)
  • aef4362 Merge pull request #1814 from blocknative/release/2.24.3
  • b2fa704 Merge pull request #1812 from blocknative/release/2.24.3
  • 31583e3 Merge pull request #1813 from blocknative/release/2.24.3
  • 8fd2751 Merge branch 'docs' into release/2.24.3
  • 2302d67 Merge branch 'main' into release/2.24.3
  • 83fe1f6 Remove alpha flags from docs and demo

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

…demo/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants