1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00

fix audit failure (#17079)

This commit is contained in:
Brad Decker 2023-01-04 12:29:37 -05:00 committed by GitHub
parent 4d12c36cf8
commit 35e3b7e82e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 50 deletions

10
.iyarc
View File

@ -5,3 +5,13 @@ GHSA-257v-vj4p-3w2h
# it is a false positive. The offending version of 'ws' that is installed is
# 7.1.1 and is included only via remote-redux-devtools which is a devDependency
GHSA-6fc8-4gx4-v693
# yarn npm audit reports on a fast-json-patch version < 3.1.1 but due to patch
# resolution, the only version of fast-json-patch that we use is 3.1.1. We also
# have 2.2.1 installed but it is a dev only dependency. The "violation" reports
# smart-transacton-controller as the culprit but if you run
# `yarn info -A -R dependents fast-json-patch` you can see that only 2.2.1 and
# 3.3.1 are installed and that smart-transaction-controller resolves to the
# patched version of 3.3.1. We can remove this once the
# smart-transaction-controller updates its dependency.
GHSA-8gh8-hqwg-xf34

View File

@ -1,5 +1,5 @@
diff --git a/commonjs/helpers.js b/commonjs/helpers.js
index 0ac28b4d6a715e913da246f1b4b2576c7e5537f4..d048c0a9b498d08fb70337558fa541c1ecc2ed32 100644
index 5f2350e4c264e61b4b83edf89bbd5d7d9bf2c812..8894686993d61eec7dce91264294f8608db39a31 100644
--- a/commonjs/helpers.js
+++ b/commonjs/helpers.js
@@ -21,7 +21,7 @@ var _hasOwnProperty = Object.prototype.hasOwnProperty;
@ -10,4 +10,4 @@ index 0ac28b4d6a715e913da246f1b4b2576c7e5537f4..d048c0a9b498d08fb70337558fa541c1
+Object.defineProperty(exports, "hasOwnProperty", { value: hasOwnProperty });
function _objectKeys(obj) {
if (Array.isArray(obj)) {
var keys = new Array(obj.length);
var keys_1 = new Array(obj.length);

View File

@ -1171,8 +1171,8 @@
"@metamask/controller-utils>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>@metamask/controllers": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"ethers>@ethersproject/bytes": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -1397,14 +1397,6 @@
"define": true
}
},
"@metamask/smart-transactions-controller>fast-json-patch": {
"globals": {
"addEventListener": true,
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
}
},
"@metamask/snaps-controllers>nanoid": {
"globals": {
"crypto.getRandomValues": true
@ -3719,9 +3711,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -1266,8 +1266,8 @@
"@metamask/controller-utils>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>@metamask/controllers": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"ethers>@ethersproject/bytes": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -1492,14 +1492,6 @@
"define": true
}
},
"@metamask/smart-transactions-controller>fast-json-patch": {
"globals": {
"addEventListener": true,
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
}
},
"@metamask/snaps-controllers": {
"globals": {
"URL": true,
@ -4044,9 +4036,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -1171,8 +1171,8 @@
"@metamask/controller-utils>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>@metamask/controllers": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"ethers>@ethersproject/bytes": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -1397,14 +1397,6 @@
"define": true
}
},
"@metamask/smart-transactions-controller>fast-json-patch": {
"globals": {
"addEventListener": true,
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
}
},
"@metamask/snaps-controllers>nanoid": {
"globals": {
"crypto.getRandomValues": true
@ -3719,9 +3711,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -167,7 +167,7 @@
"@fortawesome/fontawesome-free@^5.13.0": "patch:@fortawesome/fontawesome-free@npm%3A5.13.0#./.yarn/patches/@fortawesome-fontawesome-free-npm-5.13.0-f20fc0388d.patch",
"@keystonehq/bc-ur-registry@^0.5.0-alpha.5": "patch:@keystonehq/bc-ur-registry@npm%3A0.5.0-alpha.5#./.yarn/patches/@keystonehq-bc-ur-registry-npm-0.5.0-alpha.5-b95c7992a6.patch",
"@lavamoat/lavapack@^3.1.0": "patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch",
"fast-json-patch@^3.1.0": "patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch",
"fast-json-patch@^3.1.0": "patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch",
"@reduxjs/toolkit@^1.6.2": "patch:@reduxjs/toolkit@npm%3A1.6.2#./.yarn/patches/@reduxjs-toolkit-npm-1.6.2-67af09515f.patch",
"parse5@^7.0.0": "patch:parse5@npm%3A7.0.0#./.yarn/patches/parse5-npm-7.0.0-3158a72394.patch",
"@types/madge@^5.0.0": "patch:@types/madge@npm%3A5.0.0#./.yarn/patches/@types-madge-npm-5.0.0-654566c2d2.patch",
@ -185,7 +185,8 @@
"luxon@^3.0.1": "patch:luxon@npm%3A3.1.0#./.yarn/patches/luxon-npm-3.1.0-16e2508500.patch",
"improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch",
"lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch",
"symbol-observable": "^2.0.3"
"symbol-observable": "^2.0.3",
"fast-json-patch@^3.1.1": "patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch"
},
"dependencies": {
"@babel/runtime": "^7.5.5",
@ -275,7 +276,7 @@
"ethjs-contract": "^0.2.3",
"ethjs-query": "^0.3.4",
"extension-port-stream": "^2.0.0",
"fast-json-patch": "^2.2.1",
"fast-json-patch": "^3.1.1",
"fuse.js": "^3.2.0",
"globalthis": "^1.0.1",
"human-standard-token-abi": "^2.0.0",

View File

@ -15902,10 +15902,10 @@ __metadata:
languageName: node
linkType: hard
"fast-json-patch@npm:3.1.0":
version: 3.1.0
resolution: "fast-json-patch@npm:3.1.0"
checksum: bad25a6121650d5e138fba787f8e8c6c738779a9a84a978513261110632b1450d96b92a7fedd17188ae847cd5a2b0560725b400a0214aefd3c6506e1be36c66e
"fast-json-patch@npm:3.1.1":
version: 3.1.1
resolution: "fast-json-patch@npm:3.1.1"
checksum: c4525b61b2471df60d4b025b4118b036d99778a93431aa44d1084218182841d82ce93056f0f3bbd731a24e6a8e69820128adf1873eb2199a26c62ef58d137833
languageName: node
linkType: hard
@ -15918,10 +15918,10 @@ __metadata:
languageName: node
linkType: hard
"fast-json-patch@patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch::locator=metamask-crx%40workspace%3A.":
version: 3.1.0
resolution: "fast-json-patch@patch:fast-json-patch@npm%3A3.1.0#./.yarn/patches/fast-json-patch-npm-3.1.0-f4bd467b5f.patch::version=3.1.0&hash=a705a6&locator=metamask-crx%40workspace%3A."
checksum: 4452b428571e0a7650889711952509f08f5301f4f8b0b7fe7d38b92ed830bd2bf76d11a6b1b72b77724a6c4b27dfe66dbca53f91d695b08cec37cf2394945a56
"fast-json-patch@patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch::locator=metamask-crx%40workspace%3A.":
version: 3.1.1
resolution: "fast-json-patch@patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch::version=3.1.1&hash=aa95c0&locator=metamask-crx%40workspace%3A."
checksum: 8ad8658818cde8447863e233a1ae333d70e125ad8493794e5a5bb162ba744875ca78031f94348bd31efda06403b9fdcb724e06e495cee6c6a13452823c194d6e
languageName: node
linkType: hard
@ -23012,7 +23012,7 @@ __metadata:
extension-port-stream: ^2.0.0
fancy-log: ^1.3.3
fast-glob: ^3.2.2
fast-json-patch: ^2.2.1
fast-json-patch: ^3.1.1
fs-extra: ^8.1.0
fuse.js: ^3.2.0
ganache: ^v7.0.4