Skip to content

Commit

Permalink
Upgrade vulnerable dependencies (#8073)
Browse files Browse the repository at this point in the history 
* Upgrade lodash dependency

* Upgrade web3 dependency

* remove patch bn.js

* Upgrade dependency

* Upgrade sdk to 1.3.6

* Upgrade wallets to 1.3.6

* Upgrade web3-eth-contracts

* Commit yarn.lock

* Upgrade normalize-url
  • Loading branch information
Enrique Ruiz authored Jun 15, 2021
1 parent 01c6b67 commit 3364f33
Show file tree
Hide file tree
Showing 22 changed files with 231 additions and 256 deletions.
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@
"node-gyp": "5.0.1",
"node-libs-react-native": "^1.2.0",
"node-notifier": "^8.0.2",
"normalize-url": "4.5.1",
"npm": "^5.10.0",
"npmi": "^4.0.0",
"object-path": "^0.11.5",
Expand All @@ -119,7 +120,7 @@
"ua-parser-js": "^0.7.24",
"underscore": "^1.12.1",
"url-parse": "^1.5.0",
"web3-eth-contract": "1.3.5",
"web3-eth-contract": "1.3.6",
"websocket-extensions": "^0.1.4",
"y18n": "^5.0.5"
}
Expand Down
4 changes: 2 additions & 2 deletions packages/attestation-service/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@
"fp-ts": "2.1.1",
"nexmo": "2.4.2",
"moment": "^2.29.0",
"web3": "1.3.5",
"web3": "1.3.6",
"express": "^4.17.1",
"express-rate-limit": "^5.1.1",
"express-request-id": "1.4.1",
"lodash": "^4.17.14",
"lodash": "^4.17.21",
"messagebird": "^3.5.0",
"mysql2": "^2.1.0",
"node-fetch": "^2.6.1",
Expand Down
6 changes: 3 additions & 3 deletions packages/celotool/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@
"ecurve": "^1.0.6",
"ethereumjs-util": "^5.2.0",
"js-yaml": "^3.13.1",
"lodash": "^4.17.14",
"lodash": "^4.17.21",
"moment": "^2.29.0",
"node-fetch": "^2.6.1",
"prompts": "1.2.0",
"read-last-lines": "^1.7.2",
"sleep-promise": "^8.0.1",
"string-hash": "^1.1.3",
"twilio": "^3.57.0",
"web3": "1.3.5",
"web3": "1.3.6",
"web3-eth-admin": "1.0.0-beta.55",
"yargs": "14.0.0"
},
Expand All @@ -56,7 +56,7 @@
"@types/yargs": "^13.0.2",
"chai": "^4.1.2",
"mocha": "^7.1.1",
"web3-core": "1.3.5"
"web3-core": "1.3.6"
},
"scripts": {
"cli": "TS_NODE_FILES=true ts-node -r tsconfig-paths/register src/cli.ts",
Expand Down
34 changes: 17 additions & 17 deletions packages/cli/npm-shrinkwrap.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/cli/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
"randombytes": "^2.0.1",
"save": "^2.4.0",
"tslib": "^1",
"web3": "1.3.5"
"web3": "1.3.6"
},
"devDependencies": {
"@celo/dev-utils": "0.0.1-dev",
Expand Down
4 changes: 2 additions & 2 deletions packages/dev-utils/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
},
"dependencies": {
"bignumber.js": "^9.0.0",
"web3": "1.3.5",
"web3-core-helpers": "1.3.5",
"web3": "1.3.6",
"web3-core-helpers": "1.3.6",
"tmp": "^0.1.0",
"targz": "^1.0.1",
"fs-extra": "^8.1.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/env-tests/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"jest": "26.6.3",
"moment": "^2.29.0",
"twilio": "^3.57.0",
"web3": "1.3.5"
"web3": "1.3.6"
},
"scripts": {
"clean": "tsc -b . --clean",
Expand Down
2 changes: 1 addition & 1 deletion packages/faucet/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"firebase-admin": "^8.10.0",
"firebase-functions": "^3.6.0",
"twilio": "^3.57.0",
"web3": "1.3.5"
"web3": "1.3.6"
},
"devDependencies": {
"@types/debug": "^4.1.4",
Expand Down
2 changes: 1 addition & 1 deletion packages/metadata-crawler/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"googleapis": "^39.2.0",
"pg": "^7.18.0",
"ts-node": "^8.5.4",
"web3": "1.3.5"
"web3": "1.3.6"
},
"devDependencies": {
"@types/bunyan": "1.8.4",
Expand Down
2 changes: 1 addition & 1 deletion packages/phone-number-privacy/common/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"@types/bunyan": "1.8.4",
"@types/elliptic": "^6.4.12",
"@types/is-base64": "^1.1.0",
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=10"
Expand Down
10 changes: 5 additions & 5 deletions packages/protocol/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
"glob-fs": "^0.1.7",
"graphql": "^14.1.1",
"j6": "^1.0.2",
"lodash": "^4.17.14",
"lodash": "^4.17.21",
"mathjs": "^5.0.4",
"node-fetch": "^2.6.1",
"openzeppelin-solidity": "^2.5.0",
Expand All @@ -86,10 +86,10 @@
"truffle-security": "^1.7.1",
"twilio": "^3.57.0",
"weak-map": "^1.0.5",
"web3": "1.3.5",
"web3-core": "1.3.5",
"web3-core-helpers": "1.3.5",
"web3-utils": "1.3.5",
"web3": "1.3.6",
"web3-core": "1.3.6",
"web3-core-helpers": "1.3.6",
"web3-utils": "1.3.6",
"web3-provider-engine": "^15.0.0"
},
"devDependencies": {
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/base/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,6 @@
"@celo/typescript": "0.0.1",
"bignumber.js": "^9.0.0",
"elliptic": "^6.5.4",
"web3-utils": "1.3.5"
"web3-utils": "1.3.6"
}
}
14 changes: 7 additions & 7 deletions packages/sdk/connect/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@
},
"devDependencies": {
"@celo/flake-tracker": "0.0.1-dev",
"web3": "1.3.5",
"web3-core": "1.3.5",
"web3-eth": "1.3.5",
"web3-eth-contract": "1.3.5",
"web3-eth-abi": "1.3.5",
"web3-utils": "1.3.5"
"web3": "1.3.6",
"web3-core": "1.3.6",
"web3-eth": "1.3.6",
"web3-eth-contract": "1.3.6",
"web3-eth-abi": "1.3.6",
"web3-utils": "1.3.6"
},
"peerDependencies": {
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=8.13.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/contractkit/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"fp-ts": "2.1.1",
"io-ts": "2.0.1",
"moment": "^2.29.0",
"web3": "1.3.5"
"web3": "1.3.6"
},
"devDependencies": {
"@celo/dev-utils": "0.0.1-dev",
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/explorer/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"debug": "^4.1.1"
},
"devDependencies": {
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=8.13.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/transactions-uri/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"@celo/connect": "1.2.2-dev",
"bn.js": "4.11.8",
"qrcode": "^1.4.4",
"web3-eth-abi": "1.3.5"
"web3-eth-abi": "1.3.6"
},
"devDependencies": {
"@celo/dev-utils": "0.0.1-dev",
Expand Down
8 changes: 4 additions & 4 deletions packages/sdk/utils/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"@types/elliptic": "^6.4.9",
"@types/ethereumjs-util": "^5.2.0",
"@types/google-libphonenumber": "^7.4.17",
"@types/lodash": "^4.14.136",
"@types/lodash": "^4.14.170",
"@types/node": "^10.12.18",
"@types/randombytes": "^2.0.0",
"bigi": "^1.1.0",
Expand All @@ -42,10 +42,10 @@
"google-libphonenumber": "^3.2.15",
"io-ts": "2.0.1",
"keccak256": "^1.0.0",
"lodash": "^4.17.14",
"lodash": "^4.17.21",
"numeral": "^2.0.6",
"web3-eth-abi": "1.3.5",
"web3-utils": "1.3.5"
"web3-eth-abi": "1.3.6",
"web3-utils": "1.3.6"
},
"devDependencies": {
"@celo/flake-tracker": "0.0.1-dev",
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/wallets/wallet-hsm-aws/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"devDependencies": {
"@celo/connect": "1.2.2-dev",
"elliptic": "^6.5.4",
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=8.13.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/wallets/wallet-hsm-azure/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"devDependencies": {
"dotenv": "^8.2.0",
"elliptic": "^6.5.4",
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=8.13.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/sdk/wallets/wallet-local/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
"ethereumjs-util": "^5.2.0"
},
"devDependencies": {
"web3": "1.3.5"
"web3": "1.3.6"
},
"engines": {
"node": ">=8.13.0"
Expand Down
26 changes: 0 additions & 26 deletions patches/bn.js+4.11.9.patch
View file

This file was deleted.

Loading

0 comments on commit 3364f33

Please sign in to comment.