1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 09:57:02 +01:00

fix audit failure (#17079)

This commit is contained in:
PeterYinusa 2023-01-05 11:41:59 +00:00 committed by Dan Miller
parent 2dc8cb7136
commit 5672f24c9f
7 changed files with 20 additions and 27 deletions

10
.iyarc
View File

@ -1,2 +1,12 @@
# improved-yarn-audit advisory exclusions
GHSA-257v-vj4p-3w2h
# yarn npm audit reports on a fast-json-patch version < 3.1.1 but due to patch
# resolution, the only version of fast-json-patch that we use is 3.1.1. We also
# have 2.2.1 installed but it is a dev only dependency. The "violation" reports
# smart-transacton-controller as the culprit but if you run
# `yarn info -A -R dependents fast-json-patch` you can see that only 2.2.1 and
# 3.3.1 are installed and that smart-transaction-controller resolves to the
# patched version of 3.3.1. We can remove this once the
# smart-transaction-controller updates its dependency.
GHSA-8gh8-hqwg-xf34

View File

@ -1291,7 +1291,7 @@
"@metamask/controllers>@ethersproject/providers": true,
"@metamask/controllers>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -4471,9 +4471,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -1536,7 +1536,7 @@
"@metamask/controllers>@ethersproject/providers": true,
"@metamask/controllers>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -4992,9 +4992,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -1291,7 +1291,7 @@
"@metamask/controllers>@ethersproject/providers": true,
"@metamask/controllers>isomorphic-fetch": true,
"@metamask/smart-transactions-controller>bignumber.js": true,
"@metamask/smart-transactions-controller>fast-json-patch": true,
"fast-json-patch": true,
"lodash": true
}
},
@ -4471,9 +4471,6 @@
"clearTimeout": true,
"removeEventListener": true,
"setTimeout": true
},
"packages": {
"fast-json-patch>fast-deep-equal": true
}
},
"fuse.js": {

View File

@ -174,7 +174,7 @@
"ethjs-contract": "^0.2.3",
"ethjs-query": "^0.3.4",
"extension-port-stream": "^2.0.0",
"fast-json-patch": "^2.2.1",
"fast-json-patch": "^3.1.1",
"fuse.js": "^3.2.0",
"globalthis": "^1.0.1",
"human-standard-token-abi": "^2.0.0",

View File

@ -1,13 +0,0 @@
diff --git a/node_modules/fast-json-patch/lib/helpers.js b/node_modules/fast-json-patch/lib/helpers.js
index 0ac28b4..d048c0a 100644
--- a/node_modules/fast-json-patch/lib/helpers.js
+++ b/node_modules/fast-json-patch/lib/helpers.js
@@ -21,7 +21,7 @@ var _hasOwnProperty = Object.prototype.hasOwnProperty;
function hasOwnProperty(obj, key) {
return _hasOwnProperty.call(obj, key);
}
-exports.hasOwnProperty = hasOwnProperty;
+Object.defineProperty(exports, "hasOwnProperty", { value: hasOwnProperty });
function _objectKeys(obj) {
if (Array.isArray(obj)) {
var keys = new Array(obj.length);

View File

@ -12112,7 +12112,7 @@ fast-json-parse@^1.0.3:
resolved "https://registry.yarnpkg.com/fast-json-parse/-/fast-json-parse-1.0.3.tgz#43e5c61ee4efa9265633046b770fb682a7577c4d"
integrity sha512-FRWsaZRWEJ1ESVNbDWmsAlqDk96gPQezzLghafp5J4GUKjbCz3OkAHuZs5TuPEtkbVQERysLp9xv6c24fBm8Aw==
fast-json-patch@^2.0.6, fast-json-patch@^2.2.1:
fast-json-patch@^2.0.6:
version "2.2.1"
resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-2.2.1.tgz#18150d36c9ab65c7209e7d4eb113f4f8eaabe6d9"
integrity sha512-4j5uBaTnsYAV5ebkidvxiLUYOwjQ+JSFljeqfTxCrH9bDmlCQaOJFS84oDJ2rAXZq2yskmk3ORfoP9DCwqFNig==
@ -12124,6 +12124,11 @@ fast-json-patch@^3.1.0:
resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-3.1.0.tgz#ec8cd9b9c4c564250ec8b9140ef7a55f70acaee6"
integrity sha512-IhpytlsVTRndz0hU5t0/MGzS/etxLlfrpG5V5M9mVbuj9TrJLWaMfsox9REM5rkuGX0T+5qjpe8XA1o0gZ42nA==
fast-json-patch@^3.1.1:
version "3.1.1"
resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-3.1.1.tgz#85064ea1b1ebf97a3f7ad01e23f9337e72c66947"
integrity sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ==
fast-json-stable-stringify@^2.0.0, fast-json-stable-stringify@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"