mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-22 17:33:23 +01:00
fix audit failure (#17079)
This commit is contained in:
parent
4d12c36cf8
commit
35e3b7e82e
10
.iyarc
10
.iyarc
@ -5,3 +5,13 @@ GHSA-257v-vj4p-3w2h
|
||||
# it is a false positive. The offending version of 'ws' that is installed is
|
||||
# 7.1.1 and is included only via remote-redux-devtools which is a devDependency
|
||||
GHSA-6fc8-4gx4-v693
|
||||
|
||||
# yarn npm audit reports on a fast-json-patch version < 3.1.1 but due to patch
|
||||
# resolution, the only version of fast-json-patch that we use is 3.1.1. We also
|
||||
# have 2.2.1 installed but it is a dev only dependency. The "violation" reports
|
||||
# smart-transacton-controller as the culprit but if you run
|
||||
# `yarn info -A -R dependents fast-json-patch` you can see that only 2.2.1 and
|
||||
# 3.3.1 are installed and that smart-transaction-controller resolves to the
|
||||
# patched version of 3.3.1. We can remove this once the
|
||||
# smart-transaction-controller updates its dependency.
|
||||
GHSA-8gh8-hqwg-xf34
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/commonjs/helpers.js b/commonjs/helpers.js
|
||||
index 0ac28b4d6a715e913da246f1b4b2576c7e5537f4..d048c0a9b498d08fb70337558fa541c1ecc2ed32 100644
|
||||
index 5f2350e4c264e61b4b83edf89bbd5d7d9bf2c812..8894686993d61eec7dce91264294f8608db39a31 100644
|
||||
--- a/commonjs/helpers.js
|
||||
+++ b/commonjs/helpers.js
|
||||
@@ -21,7 +21,7 @@ var _hasOwnProperty = Object.prototype.hasOwnProperty;
|
||||
@ -10,4 +10,4 @@ index 0ac28b4d6a715e913da246f1b4b2576c7e5537f4..d048c0a9b498d08fb70337558fa541c1
|
||||
+Object.defineProperty(exports, "hasOwnProperty", { value: hasOwnProperty });
|
||||
function _objectKeys(obj) {
|
||||
if (Array.isArray(obj)) {
|
||||
var keys = new Array(obj.length);
|
||||
var keys_1 = new Array(obj.length);
|
@ -1171,8 +1171,8 @@
|
||||
"@metamask/controller-utils>isomorphic-fetch": true,
|
||||
"@metamask/smart-transactions-controller>@metamask/controllers": true,
|
||||
"@metamask/smart-transactions-controller>bignumber.js": true,
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": true,
|
||||
"ethers>@ethersproject/bytes": true,
|
||||
"fast-json-patch": true,
|
||||
"lodash": true
|
||||
}
|
||||
},
|
||||
@ -1397,14 +1397,6 @@
|
||||
"define": true
|
||||
}
|
||||
},
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": {
|
||||
"globals": {
|
||||
"addEventListener": true,
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
}
|
||||
},
|
||||
"@metamask/snaps-controllers>nanoid": {
|
||||
"globals": {
|
||||
"crypto.getRandomValues": true
|
||||
@ -3719,9 +3711,6 @@
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
},
|
||||
"packages": {
|
||||
"fast-json-patch>fast-deep-equal": true
|
||||
}
|
||||
},
|
||||
"fuse.js": {
|
||||
|
@ -1266,8 +1266,8 @@
|
||||
"@metamask/controller-utils>isomorphic-fetch": true,
|
||||
"@metamask/smart-transactions-controller>@metamask/controllers": true,
|
||||
"@metamask/smart-transactions-controller>bignumber.js": true,
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": true,
|
||||
"ethers>@ethersproject/bytes": true,
|
||||
"fast-json-patch": true,
|
||||
"lodash": true
|
||||
}
|
||||
},
|
||||
@ -1492,14 +1492,6 @@
|
||||
"define": true
|
||||
}
|
||||
},
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": {
|
||||
"globals": {
|
||||
"addEventListener": true,
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
}
|
||||
},
|
||||
"@metamask/snaps-controllers": {
|
||||
"globals": {
|
||||
"URL": true,
|
||||
@ -4044,9 +4036,6 @@
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
},
|
||||
"packages": {
|
||||
"fast-json-patch>fast-deep-equal": true
|
||||
}
|
||||
},
|
||||
"fuse.js": {
|
||||
|
@ -1171,8 +1171,8 @@
|
||||
"@metamask/controller-utils>isomorphic-fetch": true,
|
||||
"@metamask/smart-transactions-controller>@metamask/controllers": true,
|
||||
"@metamask/smart-transactions-controller>bignumber.js": true,
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": true,
|
||||
"ethers>@ethersproject/bytes": true,
|
||||
"fast-json-patch": true,
|
||||
"lodash": true
|
||||
}
|
||||
},
|
||||
@ -1397,14 +1397,6 @@
|
||||
"define": true
|
||||
}
|
||||
},
|
||||
"@metamask/smart-transactions-controller>fast-json-patch": {
|
||||
"globals": {
|
||||
"addEventListener": true,
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
}
|
||||
},
|
||||
"@metamask/snaps-controllers>nanoid": {
|
||||
"globals": {
|
||||
"crypto.getRandomValues": true
|
||||
@ -3719,9 +3711,6 @@
|
||||
"clearTimeout": true,
|
||||
"removeEventListener": true,
|
||||
"setTimeout": true
|
||||
},
|
||||
"packages": {
|
||||
"fast-json-patch>fast-deep-equal": true
|
||||
}
|
||||
},
|
||||
"fuse.js": {
|
||||
|
@ -167,7 +167,7 @@
|
||||
"@fortawesome/fontawesome-free@^5.13.0": "patch:@fortawesome/fontawesome-free@npm%3A5.13.0#./.yarn/patches/@fortawesome-fontawesome-free-npm-5.13.0-f20fc0388d.patch",
|
||||
"@keystonehq/bc-ur-registry@^0.5.0-alpha.5": "patch:@keystonehq/bc-ur-registry@npm%3A0.5.0-alpha.5#./.yarn/patches/@keystonehq-bc-ur-registry-npm-0.5.0-alpha.5-b95c7992a6.patch",
|
||||
"@lavamoat/lavapack@^3.1.0": "patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch",
|
||||
"fast-json-patch@^3.1.0": "patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch",
|
||||
"fast-json-patch@^3.1.0": "patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch",
|
||||
"@reduxjs/toolkit@^1.6.2": "patch:@reduxjs/toolkit@npm%3A1.6.2#./.yarn/patches/@reduxjs-toolkit-npm-1.6.2-67af09515f.patch",
|
||||
"parse5@^7.0.0": "patch:parse5@npm%3A7.0.0#./.yarn/patches/parse5-npm-7.0.0-3158a72394.patch",
|
||||
"@types/madge@^5.0.0": "patch:@types/madge@npm%3A5.0.0#./.yarn/patches/@types-madge-npm-5.0.0-654566c2d2.patch",
|
||||
@ -185,7 +185,8 @@
|
||||
"luxon@^3.0.1": "patch:luxon@npm%3A3.1.0#./.yarn/patches/luxon-npm-3.1.0-16e2508500.patch",
|
||||
"improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch",
|
||||
"lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch",
|
||||
"symbol-observable": "^2.0.3"
|
||||
"symbol-observable": "^2.0.3",
|
||||
"fast-json-patch@^3.1.1": "patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch"
|
||||
},
|
||||
"dependencies": {
|
||||
"@babel/runtime": "^7.5.5",
|
||||
@ -275,7 +276,7 @@
|
||||
"ethjs-contract": "^0.2.3",
|
||||
"ethjs-query": "^0.3.4",
|
||||
"extension-port-stream": "^2.0.0",
|
||||
"fast-json-patch": "^2.2.1",
|
||||
"fast-json-patch": "^3.1.1",
|
||||
"fuse.js": "^3.2.0",
|
||||
"globalthis": "^1.0.1",
|
||||
"human-standard-token-abi": "^2.0.0",
|
||||
|
18
yarn.lock
18
yarn.lock
@ -15902,10 +15902,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"fast-json-patch@npm:3.1.0":
|
||||
version: 3.1.0
|
||||
resolution: "fast-json-patch@npm:3.1.0"
|
||||
checksum: bad25a6121650d5e138fba787f8e8c6c738779a9a84a978513261110632b1450d96b92a7fedd17188ae847cd5a2b0560725b400a0214aefd3c6506e1be36c66e
|
||||
"fast-json-patch@npm:3.1.1":
|
||||
version: 3.1.1
|
||||
resolution: "fast-json-patch@npm:3.1.1"
|
||||
checksum: c4525b61b2471df60d4b025b4118b036d99778a93431aa44d1084218182841d82ce93056f0f3bbd731a24e6a8e69820128adf1873eb2199a26c62ef58d137833
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@ -15918,10 +15918,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"fast-json-patch@patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch::locator=metamask-crx%40workspace%3A.":
|
||||
version: 3.1.0
|
||||
resolution: "fast-json-patch@patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch::version=3.1.0&hash=a705a6&locator=metamask-crx%40workspace%3A."
|
||||
checksum: 4452b428571e0a7650889711952509f08f5301f4f8b0b7fe7d38b92ed830bd2bf76d11a6b1b72b77724a6c4b27dfe66dbca53f91d695b08cec37cf2394945a56
|
||||
"fast-json-patch@patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch::locator=metamask-crx%40workspace%3A.":
|
||||
version: 3.1.1
|
||||
resolution: "fast-json-patch@patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch::version=3.1.1&hash=aa95c0&locator=metamask-crx%40workspace%3A."
|
||||
checksum: 8ad8658818cde8447863e233a1ae333d70e125ad8493794e5a5bb162ba744875ca78031f94348bd31efda06403b9fdcb724e06e495cee6c6a13452823c194d6e
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@ -23012,7 +23012,7 @@ __metadata:
|
||||
extension-port-stream: ^2.0.0
|
||||
fancy-log: ^1.3.3
|
||||
fast-glob: ^3.2.2
|
||||
fast-json-patch: ^2.2.1
|
||||
fast-json-patch: ^3.1.1
|
||||
fs-extra: ^8.1.0
|
||||
fuse.js: ^3.2.0
|
||||
ganache: ^v7.0.4
|
||||
|
Loading…
Reference in New Issue
Block a user