From c6d5649b93fbbb7fc59cf452e5dd7e8e82cbf6e6 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 28 Aug 2023 22:40:07 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248 --- package.json | 4 +- yarn.lock | 221 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 151 insertions(+), 74 deletions(-) diff --git a/package.json b/package.json index 3c047ad5c4..0d6d1973a6 100644 --- a/package.json +++ b/package.json @@ -20,8 +20,8 @@ "@cosmjs/launchpad": "^0.27.1", "@cosmjs/ledger-amino": "^0.28.4", "@cosmjs/math": "^0.28.4", - "@cosmjs/proto-signing": "^0.28.4", - "@cosmjs/stargate": "0.28.4", + "@cosmjs/proto-signing": "^0.28.6", + "@cosmjs/stargate": "0.28.6", "@hanchon/signature-to-pubkey": "^1.0.0", "@intlify/vue-i18n-loader": "^2.1.2", "@ledgerhq/hw-app-eth": "^6.28.2", diff --git a/yarn.lock b/yarn.lock index 190c885de0..865da26a8e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -975,6 +975,16 @@ "@cosmjs/math" "0.27.1" "@cosmjs/utils" "0.27.1" +"@cosmjs/amino@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.28.13.tgz#b51417a23c1ff8ef8b85a6862eba8492c6c44f38" + integrity sha512-IHnH2zGwaY69qT4mVAavr/pfzx6YE+ud1NHJbvVePlbGiz68CXTi5LHR+K0lrKB5mQ7E+ZErWz2mw5U/x+V1wQ== + dependencies: + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + "@cosmjs/amino@0.28.4", "@cosmjs/amino@^0.28.4": version "0.28.4" resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.28.4.tgz#9315f6876dba80148cf715ced44d1dc7a9b68b94" @@ -985,6 +995,16 @@ "@cosmjs/math" "0.28.4" "@cosmjs/utils" "0.28.4" +"@cosmjs/amino@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.28.6.tgz#519039d893186bad17b9e00a361d26329feb7c48" + integrity sha512-i25BgQI2por2j6IGQsd3OxJYauxDt/7mtyywLMfKqHYu30/V5niiXsWoPSrn6P4bbprY5pB9di4vWpk5lBAnqA== + dependencies: + "@cosmjs/crypto" "0.28.6" + "@cosmjs/encoding" "0.28.6" + "@cosmjs/math" "0.28.6" + "@cosmjs/utils" "0.28.6" + "@cosmjs/amino@^0.29.5": version "0.29.5" resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.29.5.tgz#053b4739a90b15b9e2b781ccd484faf64bd49aec" @@ -1028,6 +1048,19 @@ ripemd160 "^2.0.2" sha.js "^2.4.11" +"@cosmjs/crypto@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.28.13.tgz#541b6a36f616b2da5a568ead46d4e83841ceb412" + integrity sha512-ynKfM0q/tMBQMHJby6ad8lR3gkgBKaelQhIsCZTjClsnuC7oYT9y3ThSZCUWr7Pa9h0J8ahU2YV2oFWFVWJQzQ== + dependencies: + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + "@noble/hashes" "^1" + bn.js "^5.2.0" + elliptic "^6.5.3" + libsodium-wrappers "^0.7.6" + "@cosmjs/crypto@0.28.4", "@cosmjs/crypto@^0.28.4": version "0.28.4" resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.28.4.tgz#b2f1ccb9edee7d357ed1dcd92bdb61f6a1ca06d3" @@ -1041,6 +1074,19 @@ elliptic "^6.5.3" libsodium-wrappers "^0.7.6" +"@cosmjs/crypto@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.28.6.tgz#66c54537fc2cbd8ac9644e9456acad2032632f84" + integrity sha512-7cKtPXZVRSeNkHJnahQ3jODWMG/5u2fTK2UZj0ouYD7TayjGs9fs1VnDY3aq7NMSwEN+UZlpp/tlYvK/MjPqig== + dependencies: + "@cosmjs/encoding" "0.28.6" + "@cosmjs/math" "0.28.6" + "@cosmjs/utils" "0.28.6" + "@noble/hashes" "^1" + bn.js "^5.2.0" + elliptic "^6.5.3" + libsodium-wrappers "^0.7.6" + "@cosmjs/crypto@^0.29.5": version "0.29.5" resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.29.5.tgz#ab99fc382b93d8a8db075780cf07487a0f9519fd" @@ -1063,6 +1109,15 @@ bech32 "^1.1.4" readonly-date "^1.0.0" +"@cosmjs/encoding@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.28.13.tgz#7994e8e2c435beaf0690296ffb0f7f3eaec8150b" + integrity sha512-jtXbAYtV77rLHxoIrjGFsvgGjeTKttuHRv6cvuy3toCZzY7JzTclKH5O2g36IIE4lXwD9xwuhGJ2aa6A3dhNkA== + dependencies: + base64-js "^1.3.0" + bech32 "^1.1.4" + readonly-date "^1.0.0" + "@cosmjs/encoding@0.28.4", "@cosmjs/encoding@^0.28.4": version "0.28.4" resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.28.4.tgz#ea39eb4c27ebf7b35e62e9898adae189b86d0da7" @@ -1072,6 +1127,15 @@ bech32 "^1.1.4" readonly-date "^1.0.0" +"@cosmjs/encoding@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.28.6.tgz#e4778fffe1657fbbb5334454087d4f09a79c2f60" + integrity sha512-ELTMFZRrcT+fd3bs9a7YTgQIwurtq1jz7cmSITxCMLAiiasr4c72soNsVaw7QRfvW/Rweo4nQVhR+f9cJY6f2A== + dependencies: + base64-js "^1.3.0" + bech32 "^1.1.4" + readonly-date "^1.0.0" + "@cosmjs/encoding@^0.29.5": version "0.29.5" resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.29.5.tgz#009a4b1c596cdfd326f30ccfa79f5e56daa264f2" @@ -1081,12 +1145,12 @@ bech32 "^1.1.4" readonly-date "^1.0.0" -"@cosmjs/json-rpc@0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.28.4.tgz#19bc38b895bbb74122832a22aea5b25087143636" - integrity sha512-An8ZQi9OKbnS8ew/MyHhF90zQpXBF8RTj2wdvIH+Hr8yA6QjynY8hxRpUwYUt3Skc5NeUnTZNuWCzlluHnoxVg== +"@cosmjs/json-rpc@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.28.6.tgz#2d3b03002ab68f7320008e889323117d9af72ca0" + integrity sha512-3nVDGiap57E+nvHyD3f0CiZT0rco3ouhlvIYyiHVUQsZAdwD8P158qOeI0Xjq7Ku5QX57qAbRYRZ/fyKYdZwvQ== dependencies: - "@cosmjs/stream" "0.28.4" + "@cosmjs/stream" "0.28.6" xstream "^11.14.0" "@cosmjs/json-rpc@^0.29.5": @@ -1130,6 +1194,13 @@ dependencies: bn.js "^5.2.0" +"@cosmjs/math@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.28.13.tgz#50c05bc67007a04216f7f5e0c93f57270f8cc077" + integrity sha512-PDpL8W/kbyeWi0mQ2OruyqE8ZUAdxPs1xCbDX3WXJwy2oU+X2UTbkuweJHVpS9CIqmZulBoWQAmlf6t6zr1N/g== + dependencies: + bn.js "^5.2.0" + "@cosmjs/math@0.28.4", "@cosmjs/math@^0.28.4": version "0.28.4" resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.28.4.tgz#ddc35b69fa1ffeaf5928f70d4c2faf9284627d84" @@ -1137,6 +1208,13 @@ dependencies: bn.js "^5.2.0" +"@cosmjs/math@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.28.6.tgz#1fc8a48dc5b79dd7a3fc5405ef32e6b162b960c2" + integrity sha512-vk0g7f8UGXd2gj5IdeOqim/ZnMe9pJ9fxBISXkM1gJzJ+Tw09sdLA44Dp+yP6qyscb9mv5/CsIC+QA7+c27HkA== + dependencies: + bn.js "^5.2.0" + "@cosmjs/math@^0.29.5": version "0.29.5" resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.29.5.tgz#722c96e080d6c2b62215ce9f4c70da7625b241b6" @@ -1144,19 +1222,32 @@ dependencies: bn.js "^5.2.0" -"@cosmjs/proto-signing@0.28.4", "@cosmjs/proto-signing@^0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.28.4.tgz#7007651042bd05b3eee7e1c8562417bbed630198" - integrity sha512-4vgCLK9gOsdWzD78V5XbAsupSSyntPEzokWYhgRQNwgVTcKX1kg0eKZqUvF5ua5iL9x6MevfH/sgwPyiYleMBw== +"@cosmjs/proto-signing@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.28.6.tgz#0962cd9af2ef797d4118a021acb4d881a0e43752" + integrity sha512-DOuUgmvC/x1tjMv2iC8mD6RnU6S3ffFRMpWvjPMLiHmlxaXlGjlI9apYcg28WEowxJUmLlgvAsKxsDm3OetiBw== dependencies: - "@cosmjs/amino" "0.28.4" - "@cosmjs/crypto" "0.28.4" - "@cosmjs/encoding" "0.28.4" - "@cosmjs/math" "0.28.4" - "@cosmjs/utils" "0.28.4" + "@cosmjs/amino" "0.28.6" + "@cosmjs/crypto" "0.28.6" + "@cosmjs/encoding" "0.28.6" + "@cosmjs/math" "0.28.6" + "@cosmjs/utils" "0.28.6" + cosmjs-types "^0.4.0" + long "^4.0.0" + protobufjs "~6.11.3" + +"@cosmjs/proto-signing@^0.28.6": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.28.13.tgz#95ac12f0da0f0814f348f5ae996c3e96d015df61" + integrity sha512-nSl/2ZLsUJYz3Ad0RY3ihZUgRHIow2OnYqKsESMu+3RA/jTi9bDYhiBu8mNMHI0xrEJry918B2CyI56pOUHdPQ== + dependencies: + "@cosmjs/amino" "0.28.13" + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" - protobufjs "~6.10.2" "@cosmjs/proto-signing@^0.29.5": version "0.29.5" @@ -1171,12 +1262,12 @@ cosmjs-types "^0.5.2" long "^4.0.0" -"@cosmjs/socket@0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.28.4.tgz#f2c337bee18c631739ba6c2357fe564dbf17df45" - integrity sha512-jAEL3Ri+s8XuBM3mqgO4yvmeQu+R+704V37lGROC1B6kAbGxWRyOWrMdOOiFJzCZ35sSMB7L+xKjpE8ug0vJjg== +"@cosmjs/socket@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.28.6.tgz#09d170d3d0c86738e18f75bb61e3774918e48a75" + integrity sha512-p1AhkfcI7bOuPSS/BSVavsGBBCi+fDveR3vJfDtf4WI13seRk0MNzBDyVMUCTjr4A/wn25YOwmkQGCRlJDdswA== dependencies: - "@cosmjs/stream" "0.28.4" + "@cosmjs/stream" "0.28.6" isomorphic-ws "^4.0.1" ws "^7" xstream "^11.14.0" @@ -1191,22 +1282,22 @@ ws "^7" xstream "^11.14.0" -"@cosmjs/stargate@0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.28.4.tgz#a5acbaa3451f7c853739064f799dec21097a06df" - integrity sha512-tdwudilP5iLNwDm4TOMBjWuL5YehLPqGlC5/7hjJM/kVHyzLFo4Lzt0dVEwr5YegH+RsRXH/VtFLQz+NYlCobw== +"@cosmjs/stargate@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.28.6.tgz#29dd674dca146aefba8f48886ec5aae0baa641a0" + integrity sha512-72A/qGCt7+1Ce+R53U3SGYllTyJ0JWgewZV/HVcQosVLA+vIf1Pb1Dmd8vd6K2sbb4qdRWaqPHvtjhPUmyrZPQ== dependencies: "@confio/ics23" "^0.6.8" - "@cosmjs/amino" "0.28.4" - "@cosmjs/encoding" "0.28.4" - "@cosmjs/math" "0.28.4" - "@cosmjs/proto-signing" "0.28.4" - "@cosmjs/stream" "0.28.4" - "@cosmjs/tendermint-rpc" "0.28.4" - "@cosmjs/utils" "0.28.4" + "@cosmjs/amino" "0.28.6" + "@cosmjs/encoding" "0.28.6" + "@cosmjs/math" "0.28.6" + "@cosmjs/proto-signing" "0.28.6" + "@cosmjs/stream" "0.28.6" + "@cosmjs/tendermint-rpc" "0.28.6" + "@cosmjs/utils" "0.28.6" cosmjs-types "^0.4.0" long "^4.0.0" - protobufjs "~6.10.2" + protobufjs "~6.11.3" xstream "^11.14.0" "@cosmjs/stargate@^0.29.5": @@ -1227,10 +1318,10 @@ protobufjs "~6.11.3" xstream "^11.14.0" -"@cosmjs/stream@0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.28.4.tgz#88a294c2404107327f8e293b952db047ab182179" - integrity sha512-BDwDdFOrOgRx/Wm5nknb9YCV9HHIUcsOxykTDZqdArCUsn4QJBq79QIjp919G05Z8UemkoHwiUCUNB2BfoKmFw== +"@cosmjs/stream@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.28.6.tgz#6cafa4675f69c31b126fa09b80c5cc2a9d0b7fcd" + integrity sha512-I8/AAbV6Ax4PEFtx6Lr8rj/0Vl0be6OozlefOJ2WJxA7yk5n1lCGfc8nIDb5b7sdk/wif5H/Xpm/IOV1SIWLqA== dependencies: xstream "^11.14.0" @@ -1241,18 +1332,18 @@ dependencies: xstream "^11.14.0" -"@cosmjs/tendermint-rpc@0.28.4": - version "0.28.4" - resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.28.4.tgz#78835fdc8126baa3122c8b2b396c1d7d290c7167" - integrity sha512-iz6p4UW2QUZNh55WeJy9wHbMdqM8COo0AJdrGU4Ikb/xU0/H6b0dFPoEK+i6ngR0cSizh+hpTMzh3AA7ySUKlA== - dependencies: - "@cosmjs/crypto" "0.28.4" - "@cosmjs/encoding" "0.28.4" - "@cosmjs/json-rpc" "0.28.4" - "@cosmjs/math" "0.28.4" - "@cosmjs/socket" "0.28.4" - "@cosmjs/stream" "0.28.4" - "@cosmjs/utils" "0.28.4" +"@cosmjs/tendermint-rpc@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.28.6.tgz#067e5fab42874881858438ea1e6add52303f9c92" + integrity sha512-vyUym5AbYUitBZwl72URXXoFbXvhsuMUBi/x1ZSzubFifAlU6+WsTEFpC0HYlGeHNQfd8zwI2sO8dnfsiRS/pw== + dependencies: + "@cosmjs/crypto" "0.28.6" + "@cosmjs/encoding" "0.28.6" + "@cosmjs/json-rpc" "0.28.6" + "@cosmjs/math" "0.28.6" + "@cosmjs/socket" "0.28.6" + "@cosmjs/stream" "0.28.6" + "@cosmjs/utils" "0.28.6" axios "^0.21.2" readonly-date "^1.0.0" xstream "^11.14.0" @@ -1278,11 +1369,21 @@ resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.27.1.tgz#1c8efde17256346ef142a3bd15158ee4055470e2" integrity sha512-VG7QPDiMUzVPxRdJahDV8PXxVdnuAHiIuG56hldV4yPnOz/si/DLNd7VAUUA5923b6jS1Hhev0Hr6AhEkcxBMg== +"@cosmjs/utils@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.28.13.tgz#2fd2844ec832d7833811e2ae1691305d09791a08" + integrity sha512-dVeMBiyg+46x7XBZEfJK8yTihphbCFpjVYmLJVqmTsHfJwymQ65cpyW/C+V/LgWARGK8hWQ/aX9HM5Ao8QmMSg== + "@cosmjs/utils@0.28.4": version "0.28.4" resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.28.4.tgz#ecbc72458cdaffa6eeef572bc691502b3151330f" integrity sha512-lb3TU6833arPoPZF8HTeG9V418CpurvqH5Aa/ls0I0wYdPDEMO6622+PQNQhQ8Vw8Az2MXoSyc8jsqrgawT84Q== +"@cosmjs/utils@0.28.6": + version "0.28.6" + resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.28.6.tgz#3cb967cce55ef341229c755a7703e7c25b0f0164" + integrity sha512-ct5JPjCo+uI7O2Z7Xb8BxPYK39N0ykNhVsCG6I31z6ns6cGHD8Q3J5iVvSKkkJGRuBSrRk7yO8YY5etws3pinw== + "@cosmjs/utils@^0.29.5": version "0.29.5" resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.29.5.tgz#3fed1b3528ae8c5f1eb5d29b68755bebfd3294ee" @@ -2760,11 +2861,6 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-10.17.60.tgz#35f3d6213daed95da7f0f73e75bcc6980e90597b" integrity sha512-F0KIgDJfy2nA3zMLmWGKxcH2ZVEtCZXHHdOQs2gSaQ27+lNeEfGxzkIw90aXswATX7AZ33tahPbzy6KAfUreVw== -"@types/node@^13.7.0": - version "13.13.52" - resolved "https://registry.yarnpkg.com/@types/node/-/node-13.13.52.tgz#03c13be70b9031baaed79481c0c0cfb0045e53f7" - integrity sha512-s3nugnZumCC//n4moGGe6tkNMyYEdaDBitVjwPxXmR5lnMG5dHePinH2EdxkG3Rh1ghFHHixAG4NJhpJW1rthQ== - "@types/node@^17.0.21": version "17.0.35" resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.35.tgz#635b7586086d51fb40de0a2ec9d1014a5283ba4a" @@ -8494,25 +8590,6 @@ protobufjs@^6.8.8, protobufjs@~6.11.2: "@types/node" ">=13.7.0" long "^4.0.0" -protobufjs@~6.10.2: - version "6.10.2" - resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.10.2.tgz#b9cb6bd8ec8f87514592ba3fdfd28e93f33a469b" - integrity sha512-27yj+04uF6ya9l+qfpH187aqEzfCF4+Uit0I9ZBQVqK09hk/SQzKa2MUqUpXaVa7LOFRg1TSSr3lVxGOk6c0SQ== - dependencies: - "@protobufjs/aspromise" "^1.1.2" - "@protobufjs/base64" "^1.1.2" - "@protobufjs/codegen" "^2.0.4" - "@protobufjs/eventemitter" "^1.1.0" - "@protobufjs/fetch" "^1.1.0" - "@protobufjs/float" "^1.0.2" - "@protobufjs/inquire" "^1.1.0" - "@protobufjs/path" "^1.1.2" - "@protobufjs/pool" "^1.1.0" - "@protobufjs/utf8" "^1.1.0" - "@types/long" "^4.0.1" - "@types/node" "^13.7.0" - long "^4.0.0" - protobufjs@~6.11.3: version "6.11.3" resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.3.tgz#637a527205a35caa4f3e2a9a4a13ddffe0e7af74"