Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Audit #1053

Merged
merged 1 commit into from
Apr 13, 2022
Merged

Fix Audit #1053

merged 1 commit into from
Apr 13, 2022

Conversation

crypto-matto
Copy link
Collaborator

No description provided.

@XinyuCRO
Copy link
Collaborator

I don't know whether it will break the app or not, it has highly chance that there are API break changes with async npm package from 0.2.4 to 3.2.2.
Our dependency @seald-io/nedb has heavily use of this lib, need do a check on

@crypto-matto
Copy link
Collaborator Author

crypto-matto commented Apr 13, 2022

I don't know whether it will break the app or not, it has highly chance that there are API break changes with async npm package from 0.2.4 to 3.2.2. Our dependency @seald-io/nedb has heavily use of this lib, need do a check on

So far no problems from my side. I checked some indexing services & made some transaction broadcasts. Tx records are also successfully inserted into the DB.
Or if QA further study & finds out any issues which seems unsolvable, we may roll back to ignore this audit issue.

What do you think? @XinyuCRO

@crypto-matto
Copy link
Collaborator Author

So far no problems from my side. I checked some indexing services & made some transaction broadcasts.
Or if QA further study & finds out any issues which seems unsolvable, we may roll back to ignore this audit issue.

@XinyuCRO
Copy link
Collaborator

I would suggest to patch the changes here caolan/async#1828 with https://www.npmjs.com/package/patch-package in our codebase and ignore this vulnerability

@seald-io/nedb has so many use of async can't guarantee jump from 0.x to 3.x will not break anything.
But if the mapping doesn't break anything, I am ok with this change.

@crypto-matto
Copy link
Collaborator Author

crypto-matto commented Apr 13, 2022

I would suggest to patch the changes here caolan/async#1828 with https://www.npmjs.com/package/patch-package in our codebase and ignore this vulnerability

This package looks new to me & sounds good to be a solution when we encounter packaging issues which we just couldn't ignore in the future 👍🏻 We may dive into this implementation.

@crypto-matto crypto-matto merged commit de7cc65 into dev Apr 13, 2022
@crypto-matto crypto-matto deleted the fix/audit branch April 13, 2022 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants