From 9aa6234bedd5906e05eb7e1ea2269a4da39e37b4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 24 Dec 2024 03:40:17 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6032459 - https://snyk.io/vuln/SNYK-JS-AXIOS-6124857 - https://snyk.io/vuln/SNYK-JS-AXIOS-6671926 --- package-lock.json | 157 +++++++++++++++++++++++++++------------------- package.json | 4 +- 2 files changed, 93 insertions(+), 68 deletions(-) diff --git a/package-lock.json b/package-lock.json index e3cb2c7..4ac4277 100644 --- a/package-lock.json +++ b/package-lock.json @@ -27,7 +27,7 @@ "@ston-fi/sdk": "0.4.0", "@tegro/ton3-client": "0.0.17", "@terra-money/terra.js": "3.0.11", - "@ton/ton": "^13.9.0", + "@ton/ton": "^13.11.1", "@uniswap/uniswapx-sdk": "1.4.0", "abi-decoder": "2.4.0", "ajv": "8.11.0", @@ -62,7 +62,7 @@ "socket.io": "4.5.3", "socket.io-client": "4.5.3", "starknet": "4.22.0", - "stellar-sdk": "11.2.2", + "stellar-sdk": "^13.1.0", "tonweb": "^0.0.62", "tronweb": "4.2.0", "tweetnacl": "1.0.3", @@ -8206,25 +8206,26 @@ "integrity": "sha512-nPewA6m9mR3d6k7WkZ8N8zpTWfenFH3q9pA2PkuiZxINr9DKB2+40wEQf0ixn8VaGuJ78AB6iWOtStI+/4FKZQ==" }, "node_modules/@stellar/js-xdr": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@stellar/js-xdr/-/js-xdr-3.1.0.tgz", - "integrity": "sha512-mYTyFnhgyQgyvpAYZRO1LurUn2MxcIZRj74zZz/BxKEk7zrL4axhQ1ez0HL2BRi0wlG6cHn5BeD/t9Xcyp7CSQ==" + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@stellar/js-xdr/-/js-xdr-3.1.2.tgz", + "integrity": "sha512-VVolPL5goVEIsvuGqDc5uiKxV03lzfWdvYg1KikvwheDmTBO68CKDji3bAZ/kppZrx5iTA8z3Ld5yuytcvhvOQ==", + "license": "Apache-2.0" }, "node_modules/@stellar/stellar-base": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/@stellar/stellar-base/-/stellar-base-11.0.0.tgz", - "integrity": "sha512-KPTjaWJCG2m7hMCPRWFGGPaG5qOkgPLWvFVOhe1HUy7dlE4MxxPfdusz0mcLkf6VT7doqhLB1rIt0D9M2GgQcQ==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/@stellar/stellar-base/-/stellar-base-13.0.1.tgz", + "integrity": "sha512-Xbd12mc9Oj/130Tv0URmm3wXG77XMshZtZ2yNCjqX5ZbMD5IYpbBs3DVCteLU/4SLj/Fnmhh1dzhrQXnk4r+pQ==", + "license": "Apache-2.0", "dependencies": { - "@stellar/js-xdr": "^3.1.0", + "@stellar/js-xdr": "^3.1.2", "base32.js": "^0.1.0", "bignumber.js": "^9.1.2", "buffer": "^6.0.3", "sha.js": "^2.3.6", - "tweetnacl": "^1.0.3", - "typescript": "^5.3.3" + "tweetnacl": "^1.0.3" }, "optionalDependencies": { - "sodium-native": "^4.0.8" + "sodium-native": "^4.3.0" } }, "node_modules/@ston-fi/sdk": { @@ -8372,9 +8373,10 @@ } }, "node_modules/@ton/core": { - "version": "0.53.0", - "resolved": "https://registry.npmjs.org/@ton/core/-/core-0.53.0.tgz", - "integrity": "sha512-tB5RxXFS6Z/ivmsqMn/eebEZmkWXIAz+hS1PDZXhbBkcvnBTknZ12g2AFrZtXyuvpm8O6SbL15UI/3NgkyIWzQ==", + "version": "0.59.1", + "resolved": "https://registry.npmjs.org/@ton/core/-/core-0.59.1.tgz", + "integrity": "sha512-SxFBAvutYJaIllTkv82vbHTJhJI6NxzqUhi499CDEjJEZ9i6i9lHJiK2df4dlLAb/4SiWX6+QUzESkK4DEdnCw==", + "license": "MIT", "peer": true, "dependencies": { "symbol.inspect": "1.0.1" @@ -8384,47 +8386,53 @@ } }, "node_modules/@ton/crypto": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@ton/crypto/-/crypto-3.2.0.tgz", - "integrity": "sha512-50RkwReEuV2FkxSZ8ht/x9+n0ZGtwRKGsJ0ay4I/HFhkYVG/awIIBQeH0W4j8d5lADdO5h01UtX8PJ8AjiejjA==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/@ton/crypto/-/crypto-3.3.0.tgz", + "integrity": "sha512-/A6CYGgA/H36OZ9BbTaGerKtzWp50rg67ZCH2oIjV1NcrBaCK9Z343M+CxedvM7Haf3f/Ee9EhxyeTp0GKMUpA==", + "license": "MIT", "peer": true, "dependencies": { - "@ton/crypto-primitives": "2.0.0", + "@ton/crypto-primitives": "2.1.0", "jssha": "3.2.0", "tweetnacl": "1.0.3" } }, "node_modules/@ton/crypto-primitives": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@ton/crypto-primitives/-/crypto-primitives-2.0.0.tgz", - "integrity": "sha512-wttiNClmGbI6Dfy/8oyNnsIV0b/qYkCJz4Gn4eP62lJZzMtVQ94Ko7nikDX1EfYHkLI1xpOitWpW+8ZuG6XtDg==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@ton/crypto-primitives/-/crypto-primitives-2.1.0.tgz", + "integrity": "sha512-PQesoyPgqyI6vzYtCXw4/ZzevePc4VGcJtFwf08v10OevVJHVfW238KBdpj1kEDQkxWLeuNHEpTECNFKnP6tow==", + "license": "MIT", "peer": true, "dependencies": { "jssha": "3.2.0" } }, "node_modules/@ton/ton": { - "version": "13.9.0", - "resolved": "https://registry.npmjs.org/@ton/ton/-/ton-13.9.0.tgz", - "integrity": "sha512-bvDn9vv0rNsN/OH84Q4DKH3N21AD0MvTxXmnS0wPEOoU38F4mltXmA7an2SjaSgd9kAlsOSHa0EirkTie+Zitw==", + "version": "13.11.1", + "resolved": "https://registry.npmjs.org/@ton/ton/-/ton-13.11.1.tgz", + "integrity": "sha512-tcLdHzwhS5bmS0EGstcmfYK0ZeRrNz1AUIzUGKq/Xh0MGEwfP1qZBMloGGHLQnyZdRQ1D7Wx4g4mBKNrvG6DcQ==", + "license": "MIT", "dependencies": { - "axios": "^0.25.0", + "axios": "^1.6.7", "dataloader": "^2.0.0", "symbol.inspect": "1.0.1", "teslabot": "^1.3.0", "zod": "^3.21.4" }, "peerDependencies": { - "@ton/core": ">=0.53.0", + "@ton/core": ">=0.56.0", "@ton/crypto": ">=3.2.0" } }, "node_modules/@ton/ton/node_modules/axios": { - "version": "0.25.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.25.0.tgz", - "integrity": "sha512-cD8FOb0tRH3uuEe6+evtAbgJtfxr7ly3fQjYcMcuPlgkwVS9xboaVIpcDV+cYQe+yGykgwZCs1pzjntcGa6l5g==", + "version": "1.7.9", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", + "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.14.7" + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" } }, "node_modules/@types/babel__core": { @@ -9689,6 +9697,7 @@ "version": "0.1.0", "resolved": "https://registry.npmjs.org/base32.js/-/base32.js-0.1.0.tgz", "integrity": "sha512-n3TkB02ixgBOhTvANakDb4xaMXnYUVkNoRFJjQflcqMQhyEKxEHdj3E6N8t8sUQ0mjH/3/JxzlXuz3ul/J90pQ==", + "license": "MIT", "engines": { "node": ">=0.12.0" } @@ -13951,6 +13960,15 @@ "optional": true, "peer": true }, + "node_modules/feaxios": { + "version": "0.0.23", + "resolved": "https://registry.npmjs.org/feaxios/-/feaxios-0.0.23.tgz", + "integrity": "sha512-eghR0A21fvbkcQBgZuMfQhrXxJzC0GNUGC9fXhBge33D+mFDTwl0aJ35zoQQn575BhyjQitRc5N4f+L4cP708g==", + "license": "MIT", + "dependencies": { + "is-retry-allowed": "^3.0.0" + } + }, "node_modules/fetch-retry": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/fetch-retry/-/fetch-retry-4.1.1.tgz", @@ -14219,15 +14237,16 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", - "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", "funding": [ { "type": "individual", "url": "https://github.com/sponsors/RubenVerborgh" } ], + "license": "MIT", "engines": { "node": ">=4.0" }, @@ -15653,6 +15672,18 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-retry-allowed": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-3.0.0.tgz", + "integrity": "sha512-9xH0xvoggby+u0uGF7cZXdrutWiBiaFG8ZT4YFPXL8NzkyAwX3AKGLeFQLvzDpM430+nDFBZ1LHkie/8ocL06A==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-shared-array-buffer": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz", @@ -16918,6 +16949,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/jssha/-/jssha-3.2.0.tgz", "integrity": "sha512-QuruyBENDWdN4tZwJbQq7/eAK85FqrI4oDbXjy5IBhYD+2pTJyBUWZe8ctWaCkrV0gy6AaelgOZZBMeswEa/6Q==", + "license": "BSD-3-Clause", "peer": true, "engines": { "node": "*" @@ -19152,9 +19184,10 @@ } }, "node_modules/node-gyp-build": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.7.0.tgz", - "integrity": "sha512-PbZERfeFdrHQOOXiAKOY0VPbykZy90ndPKk0d+CFDegTKmWp1VgOTz2xACVbr1BjCWxrQp68CXtvNsveFhqDJg==", + "version": "4.8.4", + "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz", + "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==", + "license": "MIT", "bin": { "node-gyp-build": "bin.js", "node-gyp-build-optional": "optional.js", @@ -22308,13 +22341,13 @@ } }, "node_modules/sodium-native": { - "version": "4.0.10", - "resolved": "https://registry.npmjs.org/sodium-native/-/sodium-native-4.0.10.tgz", - "integrity": "sha512-vrJQt4gASntDbnltRRk9vN4rks1SehjM12HkqQtu250JtWT+/lo8oEOa1HvSq3+8hzJdYcCJuLR5qRGxoRDjAg==", - "hasInstallScript": true, + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/sodium-native/-/sodium-native-4.3.1.tgz", + "integrity": "sha512-YdP64gAdpIKHfL4ttuX4aIfjeunh9f+hNeQJpE9C8UMndB3zkgZ7YmmGT4J2+v6Ibyp6Wem8D1TcSrtdW0bqtg==", + "license": "MIT", "optional": true, "dependencies": { - "node-gyp-build": "^4.6.0" + "node-gyp-build": "^4.8.0" } }, "node_modules/source-map": { @@ -22596,26 +22629,29 @@ } }, "node_modules/stellar-sdk": { - "version": "11.2.2", - "resolved": "https://registry.npmjs.org/stellar-sdk/-/stellar-sdk-11.2.2.tgz", - "integrity": "sha512-xecQW4gkPIxAvxcVFcw4ZSTtzpUmJPd4A4e4Mr3EkOdyWnshMIZQMzFox5DuAikrThofgihScJGYrDCmo3I/BA==", - "dependencies": { - "@stellar/stellar-base": "^11.0.0", - "axios": "^1.6.7", + "version": "13.1.0", + "resolved": "https://registry.npmjs.org/stellar-sdk/-/stellar-sdk-13.1.0.tgz", + "integrity": "sha512-b7fYK9kX4ljulXckt63jSwzAzTW43RlitSIJH4CHTft7Fce8zNqWuNwJ29FALt258SKlxiL0qKn58LcOA9iJIw==", + "deprecated": "⚠️ This package has moved to @stellar/stellar-sdk! 🚚", + "license": "Apache-2.0", + "dependencies": { + "@stellar/stellar-base": "^13.0.1", + "axios": "^1.7.9", "bignumber.js": "^9.1.2", "eventsource": "^2.0.2", + "feaxios": "^0.0.23", "randombytes": "^2.1.0", "toml": "^3.0.0", - "typescript": "^5.3.3", "urijs": "^1.19.1" } }, "node_modules/stellar-sdk/node_modules/axios": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", - "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "version": "1.7.9", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz", + "integrity": "sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==", + "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } @@ -23291,7 +23327,8 @@ "node_modules/symbol.inspect": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/symbol.inspect/-/symbol.inspect-1.0.1.tgz", - "integrity": "sha512-YQSL4duoHmLhsTD1Pw8RW6TZ5MaTX5rXJnqacJottr2P2LZBF/Yvrc3ku4NUpMOm8aM0KOCqM+UAkMA5HWQCzQ==" + "integrity": "sha512-YQSL4duoHmLhsTD1Pw8RW6TZ5MaTX5rXJnqacJottr2P2LZBF/Yvrc3ku4NUpMOm8aM0KOCqM+UAkMA5HWQCzQ==", + "license": "ISC" }, "node_modules/tar": { "version": "4.4.19", @@ -23981,18 +24018,6 @@ "resolved": "https://registry.npmjs.org/typeforce/-/typeforce-1.18.0.tgz", "integrity": "sha512-7uc1O8h1M1g0rArakJdf0uLRSSgFcYexrVoKo+bzJd32gd4gDy2L/Z+8/FjPnU9ydY3pEnVPtr9FyscYY60K1g==" }, - "node_modules/typescript": { - "version": "5.4.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.2.tgz", - "integrity": "sha512-+2/g0Fds1ERlP6JsakQQDXjZdZMM+rqpamFZJEKh4kwTIn3iDkgKtby0CeNd5ATNZ4Ry1ax15TMx0W2V+miizQ==", - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=14.17" - } - }, "node_modules/u3": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/u3/-/u3-0.1.1.tgz", diff --git a/package.json b/package.json index 6b82ff6..86ff872 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "@ston-fi/sdk": "0.4.0", "@tegro/ton3-client": "0.0.17", "@terra-money/terra.js": "3.0.11", - "@ton/ton": "^13.9.0", + "@ton/ton": "^13.11.1", "@uniswap/uniswapx-sdk": "1.4.0", "abi-decoder": "2.4.0", "ajv": "8.11.0", @@ -74,7 +74,7 @@ "socket.io": "4.5.3", "socket.io-client": "4.5.3", "starknet": "4.22.0", - "stellar-sdk": "11.2.2", + "stellar-sdk": "13.1.0", "tonweb": "^0.0.62", "tronweb": "4.2.0", "tweetnacl": "1.0.3",