mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-11-25 11:28:51 +01:00
Resolve two new security advisories (#19940)
Two new security advisories have been resolved. These advisories are causing CI to fail on `develop`. Neither presents any risk to us, as they are prototype pollution issues that are prevented by lockdown. The first advisory isn't easy for us to patch. It's caused by an outdated version of `protobufjs` used by `@trezor/transport`. It has been ignored for now, until Trezor updates that package. For the second advisory (related to `tough-cookie`), it was resolved by updating that dependency in our lockfile.
This commit is contained in:
parent
57519235bb
commit
9c278c3610
5
.iyarc
5
.iyarc
@ -4,3 +4,8 @@ GHSA-257v-vj4p-3w2h
|
|||||||
# request library is subject to SSRF.
|
# request library is subject to SSRF.
|
||||||
# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch
|
# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch
|
||||||
GHSA-p8p7-x288-28g6
|
GHSA-p8p7-x288-28g6
|
||||||
|
|
||||||
|
# Prototype pollution
|
||||||
|
# Not easily patched
|
||||||
|
# Minimal risk to us because we're using lockdown which also prevents this case of prototype pollution
|
||||||
|
GHSA-h755-8qp9-cq85
|
||||||
|
42
yarn.lock
42
yarn.lock
@ -28818,6 +28818,13 @@ __metadata:
|
|||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"querystringify@npm:^2.1.1":
|
||||||
|
version: 2.2.0
|
||||||
|
resolution: "querystringify@npm:2.2.0"
|
||||||
|
checksum: 5641ea231bad7ef6d64d9998faca95611ed4b11c2591a8cae741e178a974f6a8e0ebde008475259abe1621cb15e692404e6b6626e927f7b849d5c09392604b15
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"queue-microtask@npm:^1.2.3":
|
"queue-microtask@npm:^1.2.3":
|
||||||
version: 1.2.3
|
version: 1.2.3
|
||||||
resolution: "queue-microtask@npm:1.2.3"
|
resolution: "queue-microtask@npm:1.2.3"
|
||||||
@ -30320,6 +30327,13 @@ __metadata:
|
|||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"requires-port@npm:^1.0.0":
|
||||||
|
version: 1.0.0
|
||||||
|
resolution: "requires-port@npm:1.0.0"
|
||||||
|
checksum: eee0e303adffb69be55d1a214e415cf42b7441ae858c76dfc5353148644f6fd6e698926fc4643f510d5c126d12a705e7c8ed7e38061113bdf37547ab356797ff
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"reselect@npm:^3.0.1":
|
"reselect@npm:^3.0.1":
|
||||||
version: 3.0.1
|
version: 3.0.1
|
||||||
resolution: "reselect@npm:3.0.1"
|
resolution: "reselect@npm:3.0.1"
|
||||||
@ -33418,13 +33432,14 @@ __metadata:
|
|||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
"tough-cookie@npm:>=2.3.3, tough-cookie@npm:^4.0.0":
|
"tough-cookie@npm:>=2.3.3, tough-cookie@npm:^4.0.0":
|
||||||
version: 4.0.0
|
version: 4.1.3
|
||||||
resolution: "tough-cookie@npm:4.0.0"
|
resolution: "tough-cookie@npm:4.1.3"
|
||||||
dependencies:
|
dependencies:
|
||||||
psl: ^1.1.33
|
psl: ^1.1.33
|
||||||
punycode: ^2.1.1
|
punycode: ^2.1.1
|
||||||
universalify: ^0.1.2
|
universalify: ^0.2.0
|
||||||
checksum: 0891b37eb7d17faa3479d47f0dce2e3007f2583094ad272f2670d120fbcc3df3b0b0a631ba96ecad49f9e2297d93ff8995ce0d3292d08dd7eabe162f5b224d69
|
url-parse: ^1.5.3
|
||||||
|
checksum: c9226afff36492a52118432611af083d1d8493a53ff41ec4ea48e5b583aec744b989e4280bcf476c910ec1525a89a4a0f1cae81c08b18fb2ec3a9b3a72b91dcc
|
||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
@ -34316,13 +34331,20 @@ __metadata:
|
|||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
"universalify@npm:^0.1.0, universalify@npm:^0.1.2":
|
"universalify@npm:^0.1.0":
|
||||||
version: 0.1.2
|
version: 0.1.2
|
||||||
resolution: "universalify@npm:0.1.2"
|
resolution: "universalify@npm:0.1.2"
|
||||||
checksum: 40cdc60f6e61070fe658ca36016a8f4ec216b29bf04a55dce14e3710cc84c7448538ef4dad3728d0bfe29975ccd7bfb5f414c45e7b78883567fb31b246f02dff
|
checksum: 40cdc60f6e61070fe658ca36016a8f4ec216b29bf04a55dce14e3710cc84c7448538ef4dad3728d0bfe29975ccd7bfb5f414c45e7b78883567fb31b246f02dff
|
||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"universalify@npm:^0.2.0":
|
||||||
|
version: 0.2.0
|
||||||
|
resolution: "universalify@npm:0.2.0"
|
||||||
|
checksum: e86134cb12919d177c2353196a4cc09981524ee87abf621f7bc8d249dbbbebaec5e7d1314b96061497981350df786e4c5128dbf442eba104d6e765bc260678b5
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"universalify@npm:^2.0.0":
|
"universalify@npm:^2.0.0":
|
||||||
version: 2.0.0
|
version: 2.0.0
|
||||||
resolution: "universalify@npm:2.0.0"
|
resolution: "universalify@npm:2.0.0"
|
||||||
@ -34478,6 +34500,16 @@ __metadata:
|
|||||||
languageName: node
|
languageName: node
|
||||||
linkType: hard
|
linkType: hard
|
||||||
|
|
||||||
|
"url-parse@npm:^1.5.3":
|
||||||
|
version: 1.5.10
|
||||||
|
resolution: "url-parse@npm:1.5.10"
|
||||||
|
dependencies:
|
||||||
|
querystringify: ^2.1.1
|
||||||
|
requires-port: ^1.0.0
|
||||||
|
checksum: fbdba6b1d83336aca2216bbdc38ba658d9cfb8fc7f665eb8b17852de638ff7d1a162c198a8e4ed66001ddbf6c9888d41e4798912c62b4fd777a31657989f7bdf
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
"url@npm:~0.11.0":
|
"url@npm:~0.11.0":
|
||||||
version: 0.11.0
|
version: 0.11.0
|
||||||
resolution: "url@npm:0.11.0"
|
resolution: "url@npm:0.11.0"
|
||||||
|
Loading…
Reference in New Issue
Block a user