From d118f079a7c37d0e6fd75712e44a218649df949e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 14 Mar 2024 20:13:01 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498 --- package.json | 2 +- yarn.lock | 212 ++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 193 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index 2b894eb..31482f3 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ }, "dependencies": { "@cosmjs/amino": "^0.26.0", - "@cosmjs/cosmwasm-stargate": "^0.26.0", + "@cosmjs/cosmwasm-stargate": "^0.26.8", "@cosmjs/crypto": "^0.26.0", "@cosmjs/ledger-amino": "^0.26.0", "@cosmjs/proto-signing": "^0.26.0", diff --git a/yarn.lock b/yarn.lock index 5c96b09..7642405 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1099,6 +1099,14 @@ ripemd160 "^2.0.2" sha.js "^2.4.11" +"@confio/ics23@^0.6.8": + version "0.6.8" + resolved "https://registry.yarnpkg.com/@confio/ics23/-/ics23-0.6.8.tgz#2a6b4f1f2b7b20a35d9a0745bb5a446e72930b3d" + integrity sha512-wB6uo+3A50m0sW/EWcU64xpV/8wShZ6bMTa7pF8eYsTrSkQA7oLUIJcs/wb8g4y2Oyq701BaGiO6n/ak5WXO1w== + dependencies: + "@noble/hashes" "^1.0.0" + protobufjs "^6.8.8" + "@cosmjs/amino@0.26.0", "@cosmjs/amino@^0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.26.0.tgz#2999204fe21101ecdfb5f2f5632440d065914b51" @@ -1109,23 +1117,32 @@ "@cosmjs/math" "0.26.0" "@cosmjs/utils" "0.26.0" -"@cosmjs/cosmwasm-stargate@^0.26.0": - version "0.26.0" - resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.26.0.tgz#690b1a5d397a2dce0c07836334b76bbe9ae59081" - integrity sha512-iiYtWhsPsaSsu3xFHYKzbGgAL0yODFp9orUCrPbiLEec3xH3b0ai79d0irv4Yr9DbwG0uxVm4viejDfE+oKWoA== - dependencies: - "@cosmjs/amino" "0.26.0" - "@cosmjs/crypto" "0.26.0" - "@cosmjs/encoding" "0.26.0" - "@cosmjs/math" "0.26.0" - "@cosmjs/proto-signing" "0.26.0" - "@cosmjs/stargate" "0.26.0" - "@cosmjs/tendermint-rpc" "0.26.0" - "@cosmjs/utils" "0.26.0" - cosmjs-types "^0.2.0" +"@cosmjs/amino@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.26.8.tgz#d4cecfd4c3286e868282e60c3cd007a742e20e3f" + integrity sha512-cf25tg0X6FdqqLJ8gbvFJ5SRyz29oDVM21b1kVOspGzOEEs2J4bWjTBEnLK6g/BuQ5ODIfTV3JwDLIVU+eTsgw== + dependencies: + "@cosmjs/crypto" "0.26.8" + "@cosmjs/encoding" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/utils" "0.26.8" + +"@cosmjs/cosmwasm-stargate@^0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.26.8.tgz#7541b4225e8d5fe7164e46900981601a13b3f3fe" + integrity sha512-O527CtXfKBEyCQXKB5s9qbaf565F3+RH6qPy2irsoUjCgWYp3/gvfZJXW7D8s9zdfqNttCUEykL+l/3X92FNKA== + dependencies: + "@cosmjs/amino" "0.26.8" + "@cosmjs/crypto" "0.26.8" + "@cosmjs/encoding" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/proto-signing" "0.26.8" + "@cosmjs/stargate" "0.26.8" + "@cosmjs/tendermint-rpc" "0.26.8" + "@cosmjs/utils" "0.26.8" + cosmjs-types "^0.4.0" long "^4.0.0" pako "^2.0.2" - protobufjs "~6.10.2" "@cosmjs/crypto@0.26.0", "@cosmjs/crypto@^0.26.0": version "0.26.0" @@ -1143,6 +1160,19 @@ ripemd160 "^2.0.2" sha.js "^2.4.11" +"@cosmjs/crypto@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.26.8.tgz#005d696cbac1e04fc78e9c2f10e1d5c1fa3b8a03" + integrity sha512-ykZWgRHuZjizQnIwG7mj6D0Jip406Z6VZLH9bs1RdNOugeX6kp/I3EYEsEO694bQPvggwNZqRT84ovqjsj2KwQ== + dependencies: + "@cosmjs/encoding" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/utils" "0.26.8" + "@noble/hashes" "^1" + bn.js "^5.2.0" + elliptic "^6.5.3" + libsodium-wrappers "^0.7.6" + "@cosmjs/encoding@0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.26.0.tgz#b486331d1f640327df5b21bd88c7d67c265e1dfe" @@ -1152,6 +1182,15 @@ bech32 "^1.1.4" readonly-date "^1.0.0" +"@cosmjs/encoding@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.26.8.tgz#2a1d4e689bd69d5b9eaa2f93d8c25623faddddee" + integrity sha512-rsqdeCHPmSXSjwE6pzbsx/drxIZKPiIxza4hYsGCaVsxrFZmgOFNmvWgtuIOIEXPS/ZoyST9XU9aMpkaYzLEVQ== + dependencies: + base64-js "^1.3.0" + bech32 "^1.1.4" + readonly-date "^1.0.0" + "@cosmjs/json-rpc@0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.26.0.tgz#b24c943f7445dcfc5265fbc65f50862353a48d8b" @@ -1160,6 +1199,14 @@ "@cosmjs/stream" "0.26.0" xstream "^11.14.0" +"@cosmjs/json-rpc@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.26.8.tgz#ca1d502174ae9d1207445291f64b44a8735bddef" + integrity sha512-aTEP4kDhR3F04bYluRNOf9Hk8Eyz3L9p5P1EVJ1qhOCHaRZikSUQS9XNdZG3yryLbFTQS1b8MY9quBqrtU6UWQ== + dependencies: + "@cosmjs/stream" "0.26.8" + xstream "^11.14.0" + "@cosmjs/ledger-amino@^0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/ledger-amino/-/ledger-amino-0.26.0.tgz#b8f4a6c3fbcd5134f209633c2a9e96560973ac09" @@ -1180,6 +1227,13 @@ dependencies: bn.js "^4.11.8" +"@cosmjs/math@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.26.8.tgz#29d7fc8df96a0da25f8b110482d510af93505b0d" + integrity sha512-AfooIaqhOks5xPDc4kDEXje/90iPm2STu+0YWvDStEEib2xxPTtXU3OuK+KpJ3CCFfQwbKCrzEIzJWCYmTs7mw== + dependencies: + bn.js "^5.2.0" + "@cosmjs/proto-signing@0.26.0", "@cosmjs/proto-signing@^0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.26.0.tgz#987f4a2437f7115dcdfb850fb90ba92f662f621c" @@ -1192,6 +1246,19 @@ long "^4.0.0" protobufjs "~6.10.2" +"@cosmjs/proto-signing@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.26.8.tgz#7d645da76d448fd5c9fdb7b4380732b2c8e11daa" + integrity sha512-wgbOblUyv9qpMCoVCa0FDs28/OjA39is3/LgOZStBdVmtHEjsWGHIhqF8WR0rrjRGhio/e6sOLySU3fWMUVqag== + dependencies: + "@cosmjs/amino" "0.26.8" + "@cosmjs/crypto" "0.26.8" + "@cosmjs/encoding" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/utils" "0.26.8" + cosmjs-types "^0.4.0" + long "^4.0.0" + "@cosmjs/socket@0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.26.0.tgz#3ec1acda91b4b467a290b0850696b120fc4ed903" @@ -1202,7 +1269,35 @@ ws "^7" xstream "^11.14.0" -"@cosmjs/stargate@0.26.0", "@cosmjs/stargate@^0.26.0": +"@cosmjs/socket@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.26.8.tgz#d407a57e0df4f8f9c4a5f53346c84a89ab16d3ea" + integrity sha512-Yv+6aFyfnsrFiLzWPK7rABGajGIlNvlcxAeVWtKFMCVKXr0hYRe0DdzsLgW18tm4L7ezoJBQhXIJLYwpYuKZAw== + dependencies: + "@cosmjs/stream" "0.26.8" + isomorphic-ws "^4.0.1" + ws "^7" + xstream "^11.14.0" + +"@cosmjs/stargate@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.26.8.tgz#8399da4af856a2c38dc44f8764df214fef4177da" + integrity sha512-/epKiDo1PTSJ6+Q3udxl1ZM14BvHVA445PSSGRnEHkFTeQqon9sjGhCw1eCCIIxvt2kYOM9Wpxei0+vuMVQdfg== + dependencies: + "@confio/ics23" "^0.6.8" + "@cosmjs/amino" "0.26.8" + "@cosmjs/encoding" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/proto-signing" "0.26.8" + "@cosmjs/stream" "0.26.8" + "@cosmjs/tendermint-rpc" "0.26.8" + "@cosmjs/utils" "0.26.8" + cosmjs-types "^0.4.0" + long "^4.0.0" + protobufjs "~6.11.3" + xstream "^11.14.0" + +"@cosmjs/stargate@^0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.26.0.tgz#35ba2628696522f07f81b2db13b6b75d1b00baa4" integrity sha512-+60Mbu5Y3x+vDRGfs9DgyQYx7QqKXQ7t4dH8Y0JIs+4Gn38WbrcAHaqcT58K/sQHSZPueRsBGkZTZdQkJII2zw== @@ -1227,6 +1322,13 @@ dependencies: xstream "^11.14.0" +"@cosmjs/stream@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.26.8.tgz#11989ac5d5f7181d1654881b1df1f1086b6b946c" + integrity sha512-MWfgjoe9l4292JJx7CYBgVkClQXJHvQcOYBLi9qjYCTixBL+OjmtCNs+XcjsL8tPCG+XkPh8tHagOghNIb3vWw== + dependencies: + xstream "^11.14.0" + "@cosmjs/tendermint-rpc@0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.26.0.tgz#a7d36790de16c3c3c02f9eb93d8363cde26a67cc" @@ -1242,11 +1344,32 @@ readonly-date "^1.0.0" xstream "^11.14.0" +"@cosmjs/tendermint-rpc@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.26.8.tgz#39ecb621d6745fcc203db031313606a32a6babd4" + integrity sha512-L1Zvc/bg/toB9iCu2VFlC//LNadOTmK+/LEw6HqYJ7pRbSH0vhr1GzV4hEjjp/8VgMm2D+XiZUPFIR+m2V4/dw== + dependencies: + "@cosmjs/crypto" "0.26.8" + "@cosmjs/encoding" "0.26.8" + "@cosmjs/json-rpc" "0.26.8" + "@cosmjs/math" "0.26.8" + "@cosmjs/socket" "0.26.8" + "@cosmjs/stream" "0.26.8" + "@cosmjs/utils" "0.26.8" + axios "^0.21.2" + readonly-date "^1.0.0" + xstream "^11.14.0" + "@cosmjs/utils@0.26.0", "@cosmjs/utils@^0.26.0": version "0.26.0" resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.26.0.tgz#a1c1728899e06e00ddfa99e2053b93413c9c20cf" integrity sha512-InTQ3P1noUR0U5zJs8ssqnToIGH2NKbFb+hS5wmYGLB0XRdlNk0UGcb9pjbAzaWRQPWxTd08YQvXg6IK/WE4fA== +"@cosmjs/utils@0.26.8": + version "0.26.8" + resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.26.8.tgz#73c3f65ff212b8cff5e628c782000e9e5f2ae22f" + integrity sha512-fG7y9qUPkpCJFCK9m7qioffhACTgWNQTNpO1D7Q9AVr5V7LZJdaWRcnskSzPwAyjQkK3pkC5GuRNvNdn8kWzMg== + "@csstools/convert-colors@^1.4.0": version "1.4.0" resolved "https://registry.yarnpkg.com/@csstools/convert-colors/-/convert-colors-1.4.0.tgz#ad495dc41b12e75d588c6db8b9834f08fa131eb7" @@ -1559,6 +1682,11 @@ call-me-maybe "^1.0.1" glob-to-regexp "^0.3.0" +"@noble/hashes@^1", "@noble/hashes@^1.0.0": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.4.0.tgz#45814aa329f30e4fe0ba49426f49dfccdd066426" + integrity sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg== + "@nodelib/fs.stat@^1.1.2": version "1.1.3" resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz#2b5a3ab3f918cca48a8c754c08168e3f03eba61b" @@ -1667,10 +1795,10 @@ resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.14.0.tgz#9fb3a3cf3132328151f353de4632e01e52102bea" integrity sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ== -"@snyk/protect@^1.754.0": - version "1.754.0" - resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.754.0.tgz#e373f9ae6ba772813e975b0fcb7f2ce226ce086b" - integrity sha512-+sOza4g5UMgjjfEscCvOO80SJI5DlM91fH5ABpzCbslw/IfbkufX2NxU0cr/32pyLafkiWLfb7IvCLqsTTVL/g== +"@snyk/protect@latest": + version "1.1284.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1284.0.tgz#6314c92d5306ced7e3002b3184ea1b91bbd8916f" + integrity sha512-JEwe3x5uglCppm1C/3/NyoAEw4s/crPl+iqm8zEHcglWWpW2LYZVup70UbMv2OTCSevrvVE+NlTLPYucwU9OQg== "@svgr/babel-plugin-add-jsx-attribute@^4.2.0": version "4.2.0" @@ -2706,6 +2834,13 @@ axios@^0.21.1: dependencies: follow-redirects "^1.10.0" +axios@^0.21.2: + version "0.21.4" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" + integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg== + dependencies: + follow-redirects "^1.14.0" + axobject-query@^2.0.2: version "2.1.2" resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.1.2.tgz#2bdffc0371e643e5f03ba99065d5179b9ca79799" @@ -2995,6 +3130,11 @@ bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.11.8, bn.js@^4.11.9: resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88" integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA== +bn.js@^5.2.0: + version "5.2.1" + resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.2.1.tgz#0bc527a6a0d18d0aa8d5b0538ce4a77dccfa7b70" + integrity sha512-eXRvHzWyYPBuB4NBy0cmYQjGitUrtqwbvlzP3G6VFnNRbsZQIxQ10PbKKHt8gZ/HW/D/747aDl+QkDqg3KQLMQ== + body-parser@1.19.0, body-parser@^1.18.3, body-parser@^1.19.0: version "1.19.0" resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a" @@ -3969,6 +4109,14 @@ cosmjs-types@^0.2.0: long "^4.0.0" protobufjs "~6.11.2" +cosmjs-types@^0.4.0: + version "0.4.1" + resolved "https://registry.yarnpkg.com/cosmjs-types/-/cosmjs-types-0.4.1.tgz#3b2a53ba60d33159dd075596ce8267cfa7027063" + integrity sha512-I7E/cHkIgoJzMNQdFF0YVqPlaTqrqKHrskuSTIqlEyxfB5Lf3WKCajSXVK2yHOfOFfSux/RxEdpMzw/eO4DIog== + dependencies: + long "^4.0.0" + protobufjs "~6.11.2" + crc32-stream@^3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/crc32-stream/-/crc32-stream-3.0.1.tgz#cae6eeed003b0e44d739d279de5ae63b171b4e85" @@ -5796,6 +5944,11 @@ follow-redirects@^1.0.0, follow-redirects@^1.10.0: resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.13.1.tgz#5f69b813376cee4fd0474a3aba835df04ab763b7" integrity sha512-SSG5xmZh1mkPGyKzjZP8zLjltIfpW32Y5QpdNJyjcfGxK3qo3NDDkZOZSFiGn1A6SclQxY9GzEwAHQ3dmYRWpg== +follow-redirects@^1.14.0: + version "1.15.6" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b" + integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA== + for-in@^0.1.3: version "0.1.8" resolved "https://registry.yarnpkg.com/for-in/-/for-in-0.1.8.tgz#d8773908e31256109952b1fdb9b3fa867d2775e1" @@ -10621,6 +10774,25 @@ protobufjs@^6.8.6, protobufjs@^6.8.8, protobufjs@~6.11.2: "@types/node" ">=13.7.0" long "^4.0.0" +protobufjs@~6.11.3: + version "6.11.4" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.4.tgz#29a412c38bf70d89e537b6d02d904a6f448173aa" + integrity sha512-5kQWPaJHi1WoCpjTGszzQ32PG2F4+wRY6BmAT4Vfw56Q2FZ4YZzK20xUYQH4YkfehY1e6QSICrJquM6xXZNcrw== + dependencies: + "@protobufjs/aspromise" "^1.1.2" + "@protobufjs/base64" "^1.1.2" + "@protobufjs/codegen" "^2.0.4" + "@protobufjs/eventemitter" "^1.1.0" + "@protobufjs/fetch" "^1.1.0" + "@protobufjs/float" "^1.0.2" + "@protobufjs/inquire" "^1.1.0" + "@protobufjs/path" "^1.1.2" + "@protobufjs/pool" "^1.1.0" + "@protobufjs/utf8" "^1.1.0" + "@types/long" "^4.0.1" + "@types/node" ">=13.7.0" + long "^4.0.0" + proxy-addr@~2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.5.tgz#34cbd64a2d81f4b1fd21e76f9f06c8a45299ee34"