From b98c09cb4118762f0130deac968b4ed9518a9290 Mon Sep 17 00:00:00 2001 From: Jin Date: Thu, 11 Jul 2024 12:44:40 -0400 Subject: [PATCH] fix audit: ws, requirejs, ip (#5929) * Fix audit-ci for ws https://github.com/advisories/GHSA-3h5v-q93c-6h6q * Fix audit-ci for ip and requirejs https://github.com/advisories/GHSA-x3m3-4wpv-5vgc https://github.com/advisories/GHSA-2p57-rm9w-gvfp --- audit-ci.jsonc | 2 ++ package.json | 6 +++++- yarn.lock | 37 +++++++++++-------------------------- 3 files changed, 18 insertions(+), 27 deletions(-) diff --git a/audit-ci.jsonc b/audit-ci.jsonc index 65dda2aba1d..e7d74c2784d 100644 --- a/audit-ci.jsonc +++ b/audit-ci.jsonc @@ -19,5 +19,7 @@ "GHSA-78xj-cgh5-2h22", // https://github.com/advisories/GHSA-78xj-cgh5-2h22 "GHSA-2p57-rm9w-gvfp", // https://github.com/advisories/GHSA-2p57-rm9w-gvfp "GHSA-3h5v-q93c-6h6q", // https://github.com/advisories/GHSA-3h5v-q93c-6h6q + "GHSA-2p57-rm9w-gvfp", // https://github.com/advisories/GHSA-2p57-rm9w-gvfp + "GHSA-x3m3-4wpv-5vgc", // https://github.com/advisories/GHSA-x3m3-4wpv-5vgc ], } diff --git a/package.json b/package.json index f763745b149..b0623cedb8e 100644 --- a/package.json +++ b/package.json @@ -442,7 +442,11 @@ "**/browserify-sign": "4.2.2", "**/axios": "1.6.1", "**/ip": "1.1.9", - "**/phin": "3.7.1" + "**/phin": "3.7.1", + "**/viem/ws": "8.17.1", + "**/socket.io-client/engine.io-client/ws": "8.17.1", + "**/@ethersproject/providers/ws": "7.5.10", + "**/@walletconnect/socket-transport/ws": "7.5.10" }, "react-native": { "@tanstack/query-async-storage-persister": "@tanstack/query-async-storage-persister/build/esm/index", diff --git a/yarn.lock b/yarn.lock index f7c13ad152c..20db3a82bb2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -20079,20 +20079,15 @@ write-file-atomic@^5.0.0: imurmurhash "^0.1.4" signal-exit "^4.0.1" -ws@7.4.6: - version "7.4.6" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.6.tgz#5654ca8ecdeee47c33a9a4bf6d28e2be2980377c" - integrity sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A== +ws@7.4.6, ws@7.5.10, ws@7.5.3, ws@^7, ws@^7.0.0, ws@^7.4.6, ws@^7.5.1: + version "7.5.10" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9" + integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ== -ws@7.5.3: - version "7.5.3" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.3.tgz#160835b63c7d97bfab418fc1b8a9fced2ac01a74" - integrity sha512-kQ/dHIzuLrS6Je9+uv81ueZomEwH0qVYstcAQ4/Z93K8zeko9gtAbttJWzoC5ukqXY1PpoouV3+VSOqEAFt5wg== - -ws@8.13.0: - version "8.13.0" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.13.0.tgz#9a9fb92f93cf41512a0735c8f4dd09b8a1211cd0" - integrity sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA== +ws@8.13.0, ws@8.17.1, ws@~8.2.3: + version "8.17.1" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b" + integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ== ws@^3.0.0: version "3.3.3" @@ -20104,22 +20099,12 @@ ws@^3.0.0: ultron "~1.1.0" ws@^6.2.2: - version "6.2.2" - resolved "https://registry.yarnpkg.com/ws/-/ws-6.2.2.tgz#dd5cdbd57a9979916097652d78f1cc5faea0c32e" - integrity sha512-zmhltoSR8u1cnDsD43TX59mzoMZsLKqUweyYBAIvTngR3shc0W6aOZylZmq/7hqyVxPdi+5Ud2QInblgyE72fw== + version "6.2.3" + resolved "https://registry.yarnpkg.com/ws/-/ws-6.2.3.tgz#ccc96e4add5fd6fedbc491903075c85c5a11d9ee" + integrity sha512-jmTjYU0j60B+vHey6TfR3Z7RD61z/hmxBS3VMSGIrroOWXQEneK1zNuotOUrGyBHQj0yrpsLHPWtigEFd13ndA== dependencies: async-limiter "~1.0.0" -ws@^7, ws@^7.0.0, ws@^7.4.6, ws@^7.5.1: - version "7.5.9" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.9.tgz#54fa7db29f4c7cec68b1ddd3a89de099942bb591" - integrity sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q== - -ws@~8.2.3: - version "8.2.3" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.2.3.tgz#63a56456db1b04367d0b721a0b80cae6d8becbba" - integrity sha512-wBuoj1BDpC6ZQ1B7DWQBYVLphPWkm8i9Y0/3YdHjHKHiohOJ1ws+3OccDWtH+PoC9DZD5WOTrJvNbWvjS6JWaA== - xhr-request-promise@^0.1.2: version "0.1.3" resolved "https://registry.yarnpkg.com/xhr-request-promise/-/xhr-request-promise-0.1.3.tgz#2d5f4b16d8c6c893be97f1a62b0ed4cf3ca5f96c"