From fc4edad4b24f251f1fde7284f1712f274b3aee4c Mon Sep 17 00:00:00 2001 From: David Mattia Date: Wed, 13 Nov 2024 19:06:48 +0000 Subject: [PATCH] Bump elliptic/cookie/body-parser deps to avoid vulns --- package.json | 6 +--- yarn.lock | 100 ++++++++++++++++++++++++--------------------------- 2 files changed, 47 insertions(+), 59 deletions(-) diff --git a/package.json b/package.json index 2e9d4870..6ab4b5b4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@transcend-io/penumbra", - "version": "5.4.2", + "version": "5.4.3", "description": "Crypto streams for the browser.", "main": "dist/main.penumbra.js", "types": "ts-build/src/index.d.ts", @@ -51,10 +51,6 @@ "tsconfig.json" ], "homepage": "https://github.com/transcend-io/penumbra#readme", - "resolutions": { - "elliptic@npm:^6.5.5": "6.5.7", - "elliptic@npm:^6.5.3": "6.5.7" - }, "dependencies": { "@transcend-io/conflux": "^4.1.0", "@transcend-io/remote-web-streams": "1.0.5", diff --git a/yarn.lock b/yarn.lock index 6b62109e..e2f69809 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2985,8 +2985,8 @@ __metadata: linkType: hard "body-parser@npm:^1.19.0": - version: 1.20.2 - resolution: "body-parser@npm:1.20.2" + version: 1.20.3 + resolution: "body-parser@npm:1.20.3" dependencies: bytes: "npm:3.1.2" content-type: "npm:~1.0.5" @@ -2996,11 +2996,11 @@ __metadata: http-errors: "npm:2.0.0" iconv-lite: "npm:0.4.24" on-finished: "npm:2.4.1" - qs: "npm:6.11.0" + qs: "npm:6.13.0" raw-body: "npm:2.5.2" type-is: "npm:~1.6.18" unpipe: "npm:1.0.0" - checksum: 3cf171b82190cf91495c262b073e425fc0d9e25cc2bf4540d43f7e7bbca27d6a9eae65ca367b6ef3993eea261159d9d2ab37ce444e8979323952e12eb3df319a + checksum: 8723e3d7a672eb50854327453bed85ac48d045f4958e81e7d470c56bf111f835b97e5b73ae9f6393d0011cc9e252771f46fd281bbabc57d33d3986edf1e6aeca languageName: node linkType: hard @@ -3071,7 +3071,7 @@ __metadata: languageName: node linkType: hard -"browserify-cipher@npm:^1.0.0": +"browserify-cipher@npm:^1.0.1": version: 1.0.1 resolution: "browserify-cipher@npm:1.0.1" dependencies: @@ -3104,7 +3104,7 @@ __metadata: languageName: node linkType: hard -"browserify-sign@npm:^4.0.0": +"browserify-sign@npm:^4.2.3": version: 4.2.3 resolution: "browserify-sign@npm:4.2.3" dependencies: @@ -3747,10 +3747,10 @@ __metadata: languageName: node linkType: hard -"cookie@npm:~0.4.1": - version: 0.4.2 - resolution: "cookie@npm:0.4.2" - checksum: 2e1de9fdedca54881eab3c0477aeb067f281f3155d9cfee9d28dfb252210d09e85e9d175c0a60689661feb9e35e588515352f2456bc1f8e8db4267e05fd70137 +"cookie@npm:~0.7.2": + version: 0.7.2 + resolution: "cookie@npm:0.7.2" + checksum: 24b286c556420d4ba4e9bc09120c9d3db7d28ace2bd0f8ccee82422ce42322f73c8312441271e5eefafbead725980e5996cc02766dbb89a90ac7f5636ede608f languageName: node linkType: hard @@ -3842,7 +3842,7 @@ __metadata: languageName: node linkType: hard -"create-ecdh@npm:^4.0.0": +"create-ecdh@npm:^4.0.4": version: 4.0.4 resolution: "create-ecdh@npm:4.0.4" dependencies: @@ -3865,7 +3865,7 @@ __metadata: languageName: node linkType: hard -"create-hmac@npm:^1.1.0, create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7": +"create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7": version: 1.1.7 resolution: "create-hmac@npm:1.1.7" dependencies: @@ -3904,21 +3904,22 @@ __metadata: linkType: hard "crypto-browserify@npm:^3.11.0, crypto-browserify@npm:^3.12.0": - version: 3.12.0 - resolution: "crypto-browserify@npm:3.12.0" + version: 3.12.1 + resolution: "crypto-browserify@npm:3.12.1" dependencies: - browserify-cipher: "npm:^1.0.0" - browserify-sign: "npm:^4.0.0" - create-ecdh: "npm:^4.0.0" - create-hash: "npm:^1.1.0" - create-hmac: "npm:^1.1.0" - diffie-hellman: "npm:^5.0.0" - inherits: "npm:^2.0.1" - pbkdf2: "npm:^3.0.3" - public-encrypt: "npm:^4.0.0" - randombytes: "npm:^2.0.0" - randomfill: "npm:^1.0.3" - checksum: 5ab534474e24c8c3925bd1ec0de57c9022329cb267ca8437f1e3a7200278667c0bea0a51235030a9da3165c1885c73f51cfbece1eca31fd4a53cfea23f628c9b + browserify-cipher: "npm:^1.0.1" + browserify-sign: "npm:^4.2.3" + create-ecdh: "npm:^4.0.4" + create-hash: "npm:^1.2.0" + create-hmac: "npm:^1.1.7" + diffie-hellman: "npm:^5.0.3" + hash-base: "npm:~3.0.4" + inherits: "npm:^2.0.4" + pbkdf2: "npm:^3.1.2" + public-encrypt: "npm:^4.0.3" + randombytes: "npm:^2.1.0" + randomfill: "npm:^1.0.4" + checksum: 13da0b5f61b3e8e68fcbebf0394f2b2b4d35a0d0ba6ab762720c13391d3697ea42735260a26328a6a3d872be7d4cb5abe98a7a8f88bc93da7ba59b993331b409 languageName: node linkType: hard @@ -4220,7 +4221,7 @@ __metadata: languageName: node linkType: hard -"diffie-hellman@npm:^5.0.0": +"diffie-hellman@npm:^5.0.3": version: 5.0.3 resolution: "diffie-hellman@npm:5.0.3" dependencies: @@ -4335,9 +4336,9 @@ __metadata: languageName: node linkType: hard -"elliptic@npm:6.5.7": - version: 6.5.7 - resolution: "elliptic@npm:6.5.7" +"elliptic@npm:^6.5.3, elliptic@npm:^6.5.5": + version: 6.6.1 + resolution: "elliptic@npm:6.6.1" dependencies: bn.js: "npm:^4.11.9" brorand: "npm:^1.1.0" @@ -4346,7 +4347,7 @@ __metadata: inherits: "npm:^2.0.4" minimalistic-assert: "npm:^1.0.1" minimalistic-crypto-utils: "npm:^1.0.1" - checksum: fbad1fad0a5cc07df83f80cc1f7a784247ef59075194d3e340eaeb2f4dd594825ee24c7e9b0cf279c9f1982efe610503bb3139737926428c4821d4fca1bcf348 + checksum: dc678c9febd89a219c4008ba3a9abb82237be853d9fd171cd602c8fb5ec39927e65c6b5e7a1b2a4ea82ee8e0ded72275e7932bb2da04a5790c2638b818e4e1c5 languageName: node linkType: hard @@ -4410,21 +4411,21 @@ __metadata: languageName: node linkType: hard -"engine.io@npm:~6.5.2": - version: 6.5.5 - resolution: "engine.io@npm:6.5.5" +"engine.io@npm:~6.6.0": + version: 6.6.2 + resolution: "engine.io@npm:6.6.2" dependencies: "@types/cookie": "npm:^0.4.1" "@types/cors": "npm:^2.8.12" "@types/node": "npm:>=10.0.0" accepts: "npm:~1.3.4" base64id: "npm:2.0.0" - cookie: "npm:~0.4.1" + cookie: "npm:~0.7.2" cors: "npm:~2.8.5" debug: "npm:~4.3.1" engine.io-parser: "npm:~5.2.1" ws: "npm:~8.17.1" - checksum: df8562e5249cf122efad77b909fe804b36ac5769676f963c997d4d18c91e014c68bb40661ff92f641b978baa0297be4000c2f3c3d1ce237cd1771952ccc5f38a + checksum: 381c0a715362bebf32c95f0e4247899b53ff9f8c0074b03f88748cf17635a02948ea3eca27905df37130bc963747c0d286acc78c757e6fc085fe8b8e17d76e01 languageName: node linkType: hard @@ -5859,7 +5860,7 @@ __metadata: languageName: node linkType: hard -"hash-base@npm:~3.0": +"hash-base@npm:~3.0, hash-base@npm:~3.0.4": version: 3.0.4 resolution: "hash-base@npm:3.0.4" dependencies: @@ -8333,7 +8334,7 @@ __metadata: languageName: node linkType: hard -"pbkdf2@npm:^3.0.3, pbkdf2@npm:^3.1.2": +"pbkdf2@npm:^3.1.2": version: 3.1.2 resolution: "pbkdf2@npm:3.1.2" dependencies: @@ -8525,7 +8526,7 @@ __metadata: languageName: node linkType: hard -"public-encrypt@npm:^4.0.0": +"public-encrypt@npm:^4.0.3": version: 4.0.3 resolution: "public-encrypt@npm:4.0.3" dependencies: @@ -8598,16 +8599,7 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.11.0": - version: 6.11.0 - resolution: "qs@npm:6.11.0" - dependencies: - side-channel: "npm:^1.0.4" - checksum: 5a3bfea3e2f359ede1bfa5d2f0dbe54001aa55e40e27dc3e60fab814362d83a9b30758db057c2011b6f53a2d4e4e5150194b5bac45372652aecb3e3c0d4b256e - languageName: node - linkType: hard - -"qs@npm:^6.12.3, qs@npm:^6.4.0": +"qs@npm:6.13.0, qs@npm:^6.12.3, qs@npm:^6.4.0": version: 6.13.0 resolution: "qs@npm:6.13.0" dependencies: @@ -8646,7 +8638,7 @@ __metadata: languageName: node linkType: hard -"randomfill@npm:^1.0.3": +"randomfill@npm:^1.0.4": version: 1.0.4 resolution: "randomfill@npm:1.0.4" dependencies: @@ -9446,17 +9438,17 @@ __metadata: linkType: hard "socket.io@npm:^4.7.2": - version: 4.7.5 - resolution: "socket.io@npm:4.7.5" + version: 4.8.1 + resolution: "socket.io@npm:4.8.1" dependencies: accepts: "npm:~1.3.4" base64id: "npm:~2.0.0" cors: "npm:~2.8.5" debug: "npm:~4.3.2" - engine.io: "npm:~6.5.2" + engine.io: "npm:~6.6.0" socket.io-adapter: "npm:~2.5.2" socket.io-parser: "npm:~4.2.4" - checksum: 911528f5bfdf83dbe2b154866884b736a7498f112f294a6f8420418fa11baadf08578869dab3e220c943094ff0d17b7f4587de3b1ad39679d9c12ed4cb226900 + checksum: b9b362b7f63fc7ebb58482b8a3ade6c971da7783b7611dfeebaa8b02be23cb948137ec218491ccda8be57e434e97d65b64edf1e9811e5245b23a888d41636f4a languageName: node linkType: hard