metamask-extension/.iyarc

# improved-yarn-audit advisory exclusions
GHSA-257v-vj4p-3w2h

# request library is subject to SSRF.
# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch
GHSA-p8p7-x288-28g6

# Prototype pollution
# Not easily patched
# Minimal risk to us because we're using lockdown which also prevents this case of prototype pollution
GHSA-h755-8qp9-cq85

# tough-cookie
# this will go away soon when we get rid of web3-provider-engine
GHSA-72xf-g2v4-qvf3
Feature/remove bitmask (#14489) * remove bitmask * add --fail-on-missing-exclusions * add .iyarc 2022-04-21 23:58:57 +02:00			`# improved-yarn-audit advisory exclusions`
			`GHSA-257v-vj4p-3w2h`
upgrade yarn to version 3 (#16232) Co-authored-by: Mark Stacey <markjstacey@gmail.com> Co-authored-by: ricky <ricky.miller@gmail.com> Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com> Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com> Co-authored-by: legobt <6wbvkn0j@anonaddy.me> Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net> 2022-12-08 17:38:04 +01:00
security: patch request for CVE-2023-28155 (#18208) * security: patch request for CVE-2023-28155 GHSA-p8p7-x288-28g6 Ported from https://github.com/request/request/pull/3444 * add iyarc exclusion 2023-03-17 15:29:39 +01:00			`# request library is subject to SSRF.`
			`# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch`
Bump @metamask/network-controller to 10.3.0 (#19903) In the new version of NetworkController, it will now precreate network clients for built-in and custom networks and expose those network clients for consumers. This furthers the multichain UX project by making it possible for MetaMask to interface with multiple networks simultaneously. This commit also upgrades `@metamask/gas-fee-controller` to prevent a peer dependency warning from showing up as well as `@metamask/controller-utils` in order to reduce the dependency tree. There are no user-facing changes to either package. 2023-07-07 20:14:18 +02:00			`GHSA-p8p7-x288-28g6`
Resolve two new security advisories (#19940) Two new security advisories have been resolved. These advisories are causing CI to fail on `develop`. Neither presents any risk to us, as they are prototype pollution issues that are prevented by lockdown. The first advisory isn't easy for us to patch. It's caused by an outdated version of `protobufjs` used by `@trezor/transport`. It has been ignored for now, until Trezor updates that package. For the second advisory (related to `tough-cookie`), it was resolved by updating that dependency in our lockfile. 2023-07-10 17:26:34 +02:00
			`# Prototype pollution`
			`# Not easily patched`
			`# Minimal risk to us because we're using lockdown which also prevents this case of prototype pollution`
			`GHSA-h755-8qp9-cq85`
Restore support for Linea networks (#20011) When the NetworkController in this repo was replaced with `@metamask/network-controller`, support for Linea networks was lost as it did not support it at that time. `@metamask/network-controller` has since been updated, so this commit bumps that package to restore support. 2023-07-14 00:57:31 +02:00
			`# tough-cookie`
			`# this will go away soon when we get rid of web3-provider-engine`
			`GHSA-72xf-g2v4-qvf3`