From 6a4829816af01990073009e71acfc032832a296e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 20 May 2024 05:12:51 +0000 Subject: [PATCH] fix: packages/trestle/package.json & packages/trestle/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498 --- packages/trestle/package.json | 2 +- packages/trestle/yarn.lock | 191 ++++++++++++++++++++++++---------- 2 files changed, 137 insertions(+), 56 deletions(-) diff --git a/packages/trestle/package.json b/packages/trestle/package.json index ded1449..9f4b593 100644 --- a/packages/trestle/package.json +++ b/packages/trestle/package.json @@ -77,7 +77,7 @@ "repl": "^0.1.3", "@cosmjs/cosmwasm-stargate": "^0.28.5", "@cosmjs/proto-signing": "^0.27.1", - "@cosmjs/stargate": "^0.27.1", + "@cosmjs/stargate": "^0.28.6", "@iov/encoding": "^2.5.0", "@iov/crypto": "^2.5.0", "semver": "^7.3.5", diff --git a/packages/trestle/yarn.lock b/packages/trestle/yarn.lock index a22f594..461a028 100644 --- a/packages/trestle/yarn.lock +++ b/packages/trestle/yarn.lock @@ -33,7 +33,7 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@confio/ics23@^0.6.3": +"@confio/ics23@^0.6.8": version "0.6.8" resolved "https://registry.yarnpkg.com/@confio/ics23/-/ics23-0.6.8.tgz#2a6b4f1f2b7b20a35d9a0745bb5a446e72930b3d" integrity sha512-wB6uo+3A50m0sW/EWcU64xpV/8wShZ6bMTa7pF8eYsTrSkQA7oLUIJcs/wb8g4y2Oyq701BaGiO6n/ak5WXO1w== @@ -51,23 +51,32 @@ "@cosmjs/math" "0.27.1" "@cosmjs/utils" "0.27.1" -"@cosmjs/cosmwasm-stargate@^0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.27.1.tgz#7c90517f07ea652d06e8c8d0f6f14b10f3a50698" - integrity sha512-miEAYH4k0YPHRGmp5NTN93lrMg2opxZjr2d4fpRD8H3VVngP4+uUmiI2aUZpHTejlPjqrSTGQnPyycRVMHEFsw== - dependencies: - "@cosmjs/amino" "0.27.1" - "@cosmjs/crypto" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/proto-signing" "0.27.1" - "@cosmjs/stargate" "0.27.1" - "@cosmjs/tendermint-rpc" "0.27.1" - "@cosmjs/utils" "0.27.1" +"@cosmjs/amino@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.28.13.tgz#b51417a23c1ff8ef8b85a6862eba8492c6c44f38" + integrity sha512-IHnH2zGwaY69qT4mVAavr/pfzx6YE+ud1NHJbvVePlbGiz68CXTi5LHR+K0lrKB5mQ7E+ZErWz2mw5U/x+V1wQ== + dependencies: + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + +"@cosmjs/cosmwasm-stargate@^0.28.5": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.28.13.tgz#bea77bc999aaafdb677f446465f648cd000c5b4a" + integrity sha512-dVZNOiRd8btQreRUabncGhVXGCS2wToXqxi9l3KEHwCJQ2RWTshuqV+EZAdCaYHE5W6823s2Ol2W/ukA9AXJPw== + dependencies: + "@cosmjs/amino" "0.28.13" + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/proto-signing" "0.28.13" + "@cosmjs/stargate" "0.28.13" + "@cosmjs/tendermint-rpc" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" pako "^2.0.2" - protobufjs "~6.10.2" "@cosmjs/crypto@0.27.1": version "0.27.1" @@ -85,6 +94,19 @@ ripemd160 "^2.0.2" sha.js "^2.4.11" +"@cosmjs/crypto@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.28.13.tgz#541b6a36f616b2da5a568ead46d4e83841ceb412" + integrity sha512-ynKfM0q/tMBQMHJby6ad8lR3gkgBKaelQhIsCZTjClsnuC7oYT9y3ThSZCUWr7Pa9h0J8ahU2YV2oFWFVWJQzQ== + dependencies: + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + "@noble/hashes" "^1" + bn.js "^5.2.0" + elliptic "^6.5.3" + libsodium-wrappers "^0.7.6" + "@cosmjs/crypto@^0.20.0": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.20.1.tgz#7765e7a0573818fbaa232e473d77742ff73e8446" @@ -113,6 +135,15 @@ bech32 "^1.1.4" readonly-date "^1.0.0" +"@cosmjs/encoding@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.28.13.tgz#7994e8e2c435beaf0690296ffb0f7f3eaec8150b" + integrity sha512-jtXbAYtV77rLHxoIrjGFsvgGjeTKttuHRv6cvuy3toCZzY7JzTclKH5O2g36IIE4lXwD9xwuhGJ2aa6A3dhNkA== + dependencies: + base64-js "^1.3.0" + bech32 "^1.1.4" + readonly-date "^1.0.0" + "@cosmjs/encoding@^0.20.0", "@cosmjs/encoding@^0.20.1": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.20.1.tgz#1d1162b3eca51b7244cd45102e313612cea77281" @@ -122,12 +153,12 @@ bech32 "^1.1.4" readonly-date "^1.0.0" -"@cosmjs/json-rpc@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.27.1.tgz#ce0a6157f57a76e964587ceb9027884bc4ffe701" - integrity sha512-AKvsllGr6oN5kiroatIeIIxRdCFetLd8LCWV04RRNkoJ2OefDNb46VlWEQ+gI3ay5GgfVjB9qAcfvbJyrcEv+A== +"@cosmjs/json-rpc@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.28.13.tgz#ff3f0c4a2f363b1a2c6779f8624a897e217fe297" + integrity sha512-fInSvg7x9P6p+GWqet+TMhrMTM3OWWdLJOGS5w2ryubMjgpR1rLiAx77MdTNkArW+/6sUwku0sN4veM4ENQu6A== dependencies: - "@cosmjs/stream" "0.27.1" + "@cosmjs/stream" "0.28.13" xstream "^11.14.0" "@cosmjs/math@0.27.1": @@ -137,6 +168,13 @@ dependencies: bn.js "^5.2.0" +"@cosmjs/math@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.28.13.tgz#50c05bc67007a04216f7f5e0c93f57270f8cc077" + integrity sha512-PDpL8W/kbyeWi0mQ2OruyqE8ZUAdxPs1xCbDX3WXJwy2oU+X2UTbkuweJHVpS9CIqmZulBoWQAmlf6t6zr1N/g== + dependencies: + bn.js "^5.2.0" + "@cosmjs/math@^0.20.0", "@cosmjs/math@^0.20.1": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.20.1.tgz#c3c2be821b8b5dbbb9b2c0401bd9f1472e821f2a" @@ -144,7 +182,20 @@ dependencies: bn.js "^4.11.8" -"@cosmjs/proto-signing@0.27.1", "@cosmjs/proto-signing@^0.27.1": +"@cosmjs/proto-signing@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.28.13.tgz#95ac12f0da0f0814f348f5ae996c3e96d015df61" + integrity sha512-nSl/2ZLsUJYz3Ad0RY3ihZUgRHIow2OnYqKsESMu+3RA/jTi9bDYhiBu8mNMHI0xrEJry918B2CyI56pOUHdPQ== + dependencies: + "@cosmjs/amino" "0.28.13" + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + cosmjs-types "^0.4.0" + long "^4.0.0" + +"@cosmjs/proto-signing@^0.27.1": version "0.27.1" resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.27.1.tgz#1f8f662550aab012d957d02f43c77d914c2ae0db" integrity sha512-t7/VvQivMdM1KgKWai/9ZCEcGFXJtr9Xo0hGcPLTn9wGkh9tmOsUXINYVMsf5D/jWIm1MDPbGCYfdb9V1Od4hw== @@ -156,52 +207,53 @@ long "^4.0.0" protobufjs "~6.10.2" -"@cosmjs/socket@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.27.1.tgz#c7a3eceb15efb9874a048c3238d1f0b185185742" - integrity sha512-bKCRsaSXh/TA7efxVCogzS2K3cgC40Ge2itFYmTfgpOE+++52FchCblVCsCYwMNDLS497RP4P0GbeC1VEBToMA== +"@cosmjs/socket@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.28.13.tgz#d8443ad6e91d080fc6b80a7e9cf297a56b1f6833" + integrity sha512-lavwGxQ5VdeltyhpFtwCRVfxeWjH5D5mmN7jgx9nuCf3XSFbTcOYxrk2pQ4usenu1Q1KZdL4Yl5RCNrJuHD9Ug== dependencies: - "@cosmjs/stream" "0.27.1" + "@cosmjs/stream" "0.28.13" isomorphic-ws "^4.0.1" ws "^7" xstream "^11.14.0" -"@cosmjs/stargate@0.27.1", "@cosmjs/stargate@^0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.27.1.tgz#0abc1f91e5cc421940c920f16a22c6c93cc774d5" - integrity sha512-7hAIyNd6NbhQA51w9mPVyMYw515Hpj0o7SXMaqbc7nxs3hkJNMONQ9RakyMm0U/WeCd6ObcSaPEcdkqbfkc+mg== - dependencies: - "@confio/ics23" "^0.6.3" - "@cosmjs/amino" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/proto-signing" "0.27.1" - "@cosmjs/stream" "0.27.1" - "@cosmjs/tendermint-rpc" "0.27.1" - "@cosmjs/utils" "0.27.1" +"@cosmjs/stargate@0.28.13", "@cosmjs/stargate@^0.28.6": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.28.13.tgz#a73d837a46ee8944e6eafe162f2ff6943c14350e" + integrity sha512-dVBMazDz8/eActHsRcZjDHHptOBMqvibj5CFgEtZBp22gP6ASzoAUXTlkSVk5FBf4sfuUHoff6st134/+PGMAg== + dependencies: + "@confio/ics23" "^0.6.8" + "@cosmjs/amino" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/proto-signing" "0.28.13" + "@cosmjs/stream" "0.28.13" + "@cosmjs/tendermint-rpc" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" - protobufjs "~6.10.2" + protobufjs "~6.11.3" xstream "^11.14.0" -"@cosmjs/stream@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.27.1.tgz#02f40856c0840e34ef11054da9e84e8196d37593" - integrity sha512-cEyEAVfXEyuUpKYBeEJrOj8Dp/c+M6a0oGJHxvDdhP5gSsaeCPgQXrh7qZFBiUfu3Brmqd+e/bKZm+068l9bBw== +"@cosmjs/stream@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.28.13.tgz#1e79d1116fda1e63e5ecddbd9d803d403942b1fa" + integrity sha512-AnjtfwT8NwPPkd3lhZhjOlOzT0Kn9bgEu2IPOZjQ1nmG2bplsr6TJmnwn0dJxHT7UGtex17h6whKB5N4wU37Wg== dependencies: xstream "^11.14.0" -"@cosmjs/tendermint-rpc@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.27.1.tgz#66f4a04d1b9ac5849ea2981c2e67bc229996a85a" - integrity sha512-eN1NyBYIiFutDNleEaTfvIJ3S3KA1gP45UHaLhSETm8KyiaUqg/b0Mj6sp7J3h4BhgwLq2zn/TDtIn0k5luedg== - dependencies: - "@cosmjs/crypto" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/json-rpc" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/socket" "0.27.1" - "@cosmjs/stream" "0.27.1" +"@cosmjs/tendermint-rpc@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.28.13.tgz#0bf587ae66fa3f88319edbd258492d28e73f9f29" + integrity sha512-GB+ZmfuJIGQm0hsRtLYjeR3lOxF7Z6XyCBR0cX5AAYOZzSEBJjevPgUHD6tLn8zIhvzxaW3/VKnMB+WmlxdH4w== + dependencies: + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/json-rpc" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/socket" "0.28.13" + "@cosmjs/stream" "0.28.13" + "@cosmjs/utils" "0.28.13" axios "^0.21.2" readonly-date "^1.0.0" xstream "^11.14.0" @@ -211,6 +263,11 @@ resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.27.1.tgz#1c8efde17256346ef142a3bd15158ee4055470e2" integrity sha512-VG7QPDiMUzVPxRdJahDV8PXxVdnuAHiIuG56hldV4yPnOz/si/DLNd7VAUUA5923b6jS1Hhev0Hr6AhEkcxBMg== +"@cosmjs/utils@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.28.13.tgz#2fd2844ec832d7833811e2ae1691305d09791a08" + integrity sha512-dVeMBiyg+46x7XBZEfJK8yTihphbCFpjVYmLJVqmTsHfJwymQ65cpyW/C+V/LgWARGK8hWQ/aX9HM5Ao8QmMSg== + "@cosmjs/utils@^0.20.0", "@cosmjs/utils@^0.20.1": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.20.1.tgz#4d239b7d93c15523cdf109f225cbf61326fb69cd" @@ -253,6 +310,11 @@ resolved "https://registry.yarnpkg.com/@jsdevtools/ono/-/ono-7.1.3.tgz#9df03bbd7c696a5c58885c34aa06da41c8543796" integrity sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg== +"@noble/hashes@^1": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.4.0.tgz#45814aa329f30e4fe0ba49426f49dfccdd066426" + integrity sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg== + "@noble/hashes@^1.0.0": version "1.0.0" resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.0.0.tgz#d5e38bfbdaba174805a4e649f13be9a9ed3351ae" @@ -2845,6 +2907,25 @@ protobufjs@~6.10.2: "@types/node" "^13.7.0" long "^4.0.0" +protobufjs@~6.11.3: + version "6.11.4" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.4.tgz#29a412c38bf70d89e537b6d02d904a6f448173aa" + integrity sha512-5kQWPaJHi1WoCpjTGszzQ32PG2F4+wRY6BmAT4Vfw56Q2FZ4YZzK20xUYQH4YkfehY1e6QSICrJquM6xXZNcrw== + dependencies: + "@protobufjs/aspromise" "^1.1.2" + "@protobufjs/base64" "^1.1.2" + "@protobufjs/codegen" "^2.0.4" + "@protobufjs/eventemitter" "^1.1.0" + "@protobufjs/fetch" "^1.1.0" + "@protobufjs/float" "^1.0.2" + "@protobufjs/inquire" "^1.1.0" + "@protobufjs/path" "^1.1.2" + "@protobufjs/pool" "^1.1.0" + "@protobufjs/utf8" "^1.1.0" + "@types/long" "^4.0.1" + "@types/node" ">=13.7.0" + long "^4.0.0" + pstree.remy@^1.1.7: version "1.1.8" resolved "https://registry.yarnpkg.com/pstree.remy/-/pstree.remy-1.1.8.tgz#c242224f4a67c21f686839bbdb4ac282b8373d3a"