Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade vulnerable dependencies #8073

Merged
merged 14 commits into from
Jun 15, 2021
Merged

Upgrade vulnerable dependencies #8073

merged 14 commits into from
Jun 15, 2021

Conversation

eruizgar91
Copy link
Contributor

@eruizgar91 eruizgar91 commented Jun 9, 2021
edited
Loading

Description

Upgrade web3 and lodash dependency to avoid https://nvd.nist.gov/vuln/detail/CVE-2021-23337 and https://nvd.nist.gov/vuln/detail/CVE-2021-23358

Related issues

  • Disbursement tool audit.

@eruizgar91 eruizgar91 requested a review from a team June 9, 2021 15:10
@eruizgar91 eruizgar91 requested a review from a team as a code owner June 9, 2021 15:10
@carterqw2 carterqw2 changed the title Feature/upgrade vulnerable dependencies Upgrade vulnerable dependencies Jun 9, 2021
@eruizgar91 eruizgar91 force-pushed the feature/upgrade-vulnerable-dependencies branch 3 times, most recently from e1ebdac to cc57465 Compare June 10, 2021 12:28
@eruizgar91 eruizgar91 force-pushed the feature/upgrade-vulnerable-dependencies branch from cc57465 to da403e5 Compare June 10, 2021 12:33
@eruizgar91 eruizgar91 merged commit 3364f33 into master Jun 15, 2021
@eruizgar91 eruizgar91 deleted the feature/upgrade-vulnerable-dependencies branch June 15, 2021 12:34
eelanagaraj pushed a commit that referenced this pull request Jun 17, 2021
@eelanagaraj
Upgrade vulnerable dependencies (#8073)
2d242ff 
* Upgrade lodash dependency

* Upgrade web3 dependency

* remove patch bn.js

* Upgrade dependency

* Upgrade sdk to 1.3.6

* Upgrade wallets to 1.3.6

* Upgrade web3-eth-contracts

* Commit yarn.lock

* Upgrade normalize-url
tkporter pushed a commit that referenced this pull request Jul 8, 2021
@tkporter
Upgrade vulnerable dependencies (#8073)
cfd8a24 
* Upgrade lodash dependency

* Upgrade web3 dependency

* remove patch bn.js

* Upgrade dependency

* Upgrade sdk to 1.3.6

* Upgrade wallets to 1.3.6

* Upgrade web3-eth-contracts

* Commit yarn.lock

* Upgrade normalize-url
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexBHarley AlexBHarley AlexBHarley approved these changes

@asaj asaj Awaiting requested review from asaj

@barbaraliau barbaraliau Awaiting requested review from barbaraliau

@cmcewen cmcewen Awaiting requested review from cmcewen

@eelanagaraj eelanagaraj Awaiting requested review from eelanagaraj

@gastonponti gastonponti Awaiting requested review from gastonponti

@mcortesi mcortesi Awaiting requested review from mcortesi

@medhakothari medhakothari Awaiting requested review from medhakothari

@timmoreton timmoreton Awaiting requested review from timmoreton

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eruizgar91 @AlexBHarley