diff --git a/.iyarc b/.iyarc index 316510d7d..1d0f2111f 100644 --- a/.iyarc +++ b/.iyarc @@ -1,2 +1,12 @@ # improved-yarn-audit advisory exclusions GHSA-257v-vj4p-3w2h + +# yarn npm audit reports on a fast-json-patch version < 3.1.1 but due to patch +# resolution, the only version of fast-json-patch that we use is 3.1.1. We also +# have 2.2.1 installed but it is a dev only dependency. The "violation" reports +# smart-transacton-controller as the culprit but if you run +# `yarn info -A -R dependents fast-json-patch` you can see that only 2.2.1 and +# 3.3.1 are installed and that smart-transaction-controller resolves to the +# patched version of 3.3.1. We can remove this once the +# smart-transaction-controller updates its dependency. +GHSA-8gh8-hqwg-xf34 diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index e7f71c17f..de032a2d2 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -1291,7 +1291,7 @@ "@metamask/controllers>@ethersproject/providers": true, "@metamask/controllers>isomorphic-fetch": true, "@metamask/smart-transactions-controller>bignumber.js": true, - "@metamask/smart-transactions-controller>fast-json-patch": true, + "fast-json-patch": true, "lodash": true } }, @@ -4471,9 +4471,6 @@ "clearTimeout": true, "removeEventListener": true, "setTimeout": true - }, - "packages": { - "fast-json-patch>fast-deep-equal": true } }, "fuse.js": { diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index 8864f057d..79c338ab4 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -1536,7 +1536,7 @@ "@metamask/controllers>@ethersproject/providers": true, "@metamask/controllers>isomorphic-fetch": true, "@metamask/smart-transactions-controller>bignumber.js": true, - "@metamask/smart-transactions-controller>fast-json-patch": true, + "fast-json-patch": true, "lodash": true } }, @@ -4992,9 +4992,6 @@ "clearTimeout": true, "removeEventListener": true, "setTimeout": true - }, - "packages": { - "fast-json-patch>fast-deep-equal": true } }, "fuse.js": { diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index e7f71c17f..de032a2d2 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -1291,7 +1291,7 @@ "@metamask/controllers>@ethersproject/providers": true, "@metamask/controllers>isomorphic-fetch": true, "@metamask/smart-transactions-controller>bignumber.js": true, - "@metamask/smart-transactions-controller>fast-json-patch": true, + "fast-json-patch": true, "lodash": true } }, @@ -4471,9 +4471,6 @@ "clearTimeout": true, "removeEventListener": true, "setTimeout": true - }, - "packages": { - "fast-json-patch>fast-deep-equal": true } }, "fuse.js": { diff --git a/package.json b/package.json index e974f4665..06690c623 100644 --- a/package.json +++ b/package.json @@ -174,7 +174,7 @@ "ethjs-contract": "^0.2.3", "ethjs-query": "^0.3.4", "extension-port-stream": "^2.0.0", - "fast-json-patch": "^2.2.1", + "fast-json-patch": "^3.1.1", "fuse.js": "^3.2.0", "globalthis": "^1.0.1", "human-standard-token-abi": "^2.0.0", diff --git a/patches/fast-json-patch+2.2.1.patch b/patches/fast-json-patch+2.2.1.patch deleted file mode 100644 index d8f7b20f8..000000000 --- a/patches/fast-json-patch+2.2.1.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/node_modules/fast-json-patch/lib/helpers.js b/node_modules/fast-json-patch/lib/helpers.js -index 0ac28b4..d048c0a 100644 ---- a/node_modules/fast-json-patch/lib/helpers.js -+++ b/node_modules/fast-json-patch/lib/helpers.js -@@ -21,7 +21,7 @@ var _hasOwnProperty = Object.prototype.hasOwnProperty; - function hasOwnProperty(obj, key) { - return _hasOwnProperty.call(obj, key); - } --exports.hasOwnProperty = hasOwnProperty; -+Object.defineProperty(exports, "hasOwnProperty", { value: hasOwnProperty }); - function _objectKeys(obj) { - if (Array.isArray(obj)) { - var keys = new Array(obj.length); \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 8d84807d1..04cafe80d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12112,7 +12112,7 @@ fast-json-parse@^1.0.3: resolved "https://registry.yarnpkg.com/fast-json-parse/-/fast-json-parse-1.0.3.tgz#43e5c61ee4efa9265633046b770fb682a7577c4d" integrity sha512-FRWsaZRWEJ1ESVNbDWmsAlqDk96gPQezzLghafp5J4GUKjbCz3OkAHuZs5TuPEtkbVQERysLp9xv6c24fBm8Aw== -fast-json-patch@^2.0.6, fast-json-patch@^2.2.1: +fast-json-patch@^2.0.6: version "2.2.1" resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-2.2.1.tgz#18150d36c9ab65c7209e7d4eb113f4f8eaabe6d9" integrity sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig== @@ -12124,6 +12124,11 @@ fast-json-patch@^3.1.0: resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-3.1.0.tgz#ec8cd9b9c4c564250ec8b9140ef7a55f70acaee6" integrity sha512-IhpytlsVTRndz0hU5t0/MGzS/etxLlfrpG5V5M9mVbuj9TrJLWaMfsox9REM5rkuGX0T+5qjpe8XA1o0gZ42nA== +fast-json-patch@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-3.1.1.tgz#85064ea1b1ebf97a3f7ad01e23f9337e72c66947" + integrity sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ== + fast-json-stable-stringify@^2.0.0, fast-json-stable-stringify@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"