fix: package.json & yarn.lock to reduce vulnerabilities (#277)

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Conflux-Chain · Jan 8, 2025 · 3feba82 · 3feba82
1 parent 4b2be25
commit 3feba82
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -47,7 +47,7 @@
     "lodash": "^4.17.21",
     "rlp": "^2.2.7",
     "scrypt-js": "^3.0.1",
-    "secp256k1": "^3.7.1",
+    "secp256k1": "^3.8.1",
     "superagent": "^6.1.0",
     "websocket": "^1.0.35"
   },

diff --git a/yarn.lock b/yarn.lock
@@ -1023,10 +1023,10 @@
   resolved "https://registry.yarnpkg.com/@conflux-dev/jsdoc-tsimport-plugin/-/jsdoc-tsimport-plugin-1.0.5.tgz#993d06970a38c2c858a41e3732528db8cbcca6fe"
   integrity sha512-ZMz9GpegPwQq0nitk1bR0xsmCclfxELFeiCPag1Vu1zOZ1h6fD6FOqItt3peISViCj3tfWJE/VjiWpCfjBVehg==
 
-"@conflux-dev/jsonrpc-spec@^0.2.0":
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/@conflux-dev/jsonrpc-spec/-/jsonrpc-spec-0.2.0.tgz#e12f0a9cb2ac8cdbd468ae918062694d21f4824c"
-  integrity sha512-LOlb836alNry67lNBqeitlEzajPqq5ycz40uQlQx5kpFswAbVp+3d48UEz5vyh0C7DE0iH1j6NMywQ6HUZaSsw==
+"@conflux-dev/jsonrpc-spec@^0.2.1":
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/@conflux-dev/jsonrpc-spec/-/jsonrpc-spec-0.2.1.tgz#7a0de7d27b699d6cd9a931a89ceddf3aa9f9e7b7"
+  integrity sha512-/BDvUcI4NWbrB4UoWxcCUreVYpDUcLt9MkVepBrRUfCce7WpLV3+nrD7bo6ltLt4/9N2wQFrq0Mu1PTP3aM9AA==
   dependencies:
     "@open-rpc/server-js" "^1.9.3"
     js-conflux-sdk "^2.4.1"
@@ -2976,7 +2976,7 @@ electron-to-chromium@^1.3.896:
   resolved "https://registry.npmmirror.com/electron-to-chromium/download/electron-to-chromium-1.3.898.tgz?cache=0&sync_timestamp=1637031779927&other_urls=https%3A%2F%2Fregistry.npmmirror.com%2Felectron-to-chromium%2Fdownload%2Felectron-to-chromium-1.3.898.tgz#0bd4090bf7c7003cb9bd31c4223a9f6aa1aab9dc"
   integrity sha512-dxEsaHy9Ter268LO7P8uWomuChbyML4zZk5F9+UZSozFRS7ggC5cQ8fPIM8Pec+6uWGdujuDagQhIbqjohUK2w==
 
-elliptic@^6.5.2, elliptic@^6.5.3, elliptic@^6.5.5:
+elliptic@^6.5.2, elliptic@^6.5.3, elliptic@^6.5.5, elliptic@^6.5.7:
   version "6.5.4"
   resolved "https://registry.npmmirror.com/elliptic/download/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb"
   integrity sha1-2jfOvTHnmhNn6UG1ku0fvr1Yq7s=
@@ -6558,6 +6558,20 @@ secp256k1@^3.7.1:
     nan "^2.14.0"
     safe-buffer "^5.1.2"
 
+secp256k1@^3.8.1:
+  version "3.8.1"
+  resolved "https://registry.yarnpkg.com/secp256k1/-/secp256k1-3.8.1.tgz#b62a62a882d6b16f9b51fe599c6b3a861e36c59f"
+  integrity sha512-tArjQw2P0RTdY7QmkNehgp6TVvQXq6ulIhxv8gaH6YubKG/wxxAoNKcbuXjDhybbc+b2Ihc7e0xxiGN744UIiQ==
+  dependencies:
+    bindings "^1.5.0"
+    bip66 "^1.1.5"
+    bn.js "^4.11.8"
+    create-hash "^1.2.0"
+    drbg.js "^1.0.1"
+    elliptic "^6.5.7"
+    nan "^2.14.0"
+    safe-buffer "^5.1.2"
+
 "semver@2 || 3 || 4 || 5", semver@^5.5.0:
   version "5.7.2"
   resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8"