From 70b8026d599692d9c259d526b879311621051f55 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 23 Feb 2021 03:48:10 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 --- package-lock.json | 76 +++++++++++++++++++++++++++++------------------ package.json | 4 +-- 2 files changed, 49 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index 977b58cdd..b18d395d0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@hathor/wallet-lib", - "version": "0.8.2", + "version": "0.9.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -2267,9 +2267,9 @@ } }, "base-x": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.5.tgz", - "integrity": "sha512-C3picSgzPSLE+jW3tcBzJoGwitOtazb5B+5YmAxZm2ybmTi9LNgAtDO/jjVEBZwHoXmDBZ9m/IELj3elJVRBcA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.8.tgz", + "integrity": "sha512-Rl/1AWP4J/zRrk54hhlxH4drNxPJXYUaKffODVI53/dAsV4t9fBxyxYKAVPU1XBHxYwOWP9h9H0hM2MVw4YfJA==", "requires": { "safe-buffer": "^5.0.1" } @@ -2283,6 +2283,11 @@ "tweetnacl": "^0.14.3" } }, + "bech32": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/bech32/-/bech32-1.1.3.tgz", + "integrity": "sha512-yuVFUvrNcoJi0sv5phmqc6P+Fl1HjRDRNOOkHY2X/3LBy2bIGNSFx4fZ95HMaXHupuS7cZR15AsvtmCIF4UEyg==" + }, "binary-extensions": { "version": "1.13.1", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz", @@ -2291,16 +2296,17 @@ "optional": true }, "bitcore-lib": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/bitcore-lib/-/bitcore-lib-0.16.0.tgz", - "integrity": "sha512-CEtcrPAH2gwgaMN+OPMJc18TBEak1+TtzMyafrqrIbK9PIa3kat195qBJhC0liJSHRiRr6IE2eLcXeIFFs+U8w==", + "version": "8.25.0", + "resolved": "https://registry.npmjs.org/bitcore-lib/-/bitcore-lib-8.25.0.tgz", + "integrity": "sha512-rswb6YLDCSSg8oNGeJ/RM01MOlvu356aCri0zSx9W/iGihztEKwno0Y4tHQHt28jE2jps8dUlXv9m1ow/zBsjA==", "requires": { + "bech32": "=1.1.3", "bn.js": "=4.11.8", - "bs58": "=4.0.1", + "bs58": "^4.0.1", "buffer-compare": "=1.1.1", - "elliptic": "=6.4.0", + "elliptic": "^6.5.3", "inherits": "=2.0.1", - "lodash": "=4.17.11" + "lodash": "^4.17.20" }, "dependencies": { "inherits": { @@ -2311,11 +2317,11 @@ } }, "bitcore-mnemonic": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/bitcore-mnemonic/-/bitcore-mnemonic-1.7.0.tgz", - "integrity": "sha512-1JV1okgz9Vv+Y4fG2m3ToR+BGdKA6tSoqjepIxA95BZjW6YaeopVW4iOe/dY9dnkZH4+LA2AJ4YbDE6H3ih3Yw==", + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/bitcore-mnemonic/-/bitcore-mnemonic-8.1.0.tgz", + "integrity": "sha512-7zTLcno1IiywqrYEp46gZVklGRcL3UA6KGbYUQRbselyJTR76NpkFHe00eXPNO6sSzvhJEHLvt0zybiIJ2njXQ==", "requires": { - "bitcore-lib": "^0.16.0", + "bitcore-lib": "^8.1.0", "unorm": "^1.4.1" } }, @@ -2911,17 +2917,29 @@ "dev": true }, "elliptic": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz", - "integrity": "sha1-ysmvh2LIWDYYcAPI3+GT5eLq5d8=", + "version": "6.5.4", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz", + "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==", "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", + "bn.js": "^4.11.9", + "brorand": "^1.1.0", "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" + "hmac-drbg": "^1.0.1", + "inherits": "^2.0.4", + "minimalistic-assert": "^1.0.1", + "minimalistic-crypto-utils": "^1.0.1" + }, + "dependencies": { + "bn.js": { + "version": "4.11.9", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.9.tgz", + "integrity": "sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==" + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + } } }, "end-of-stream": { @@ -6444,9 +6462,9 @@ } }, "lodash": { - "version": "4.17.11", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", - "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash.sortby": { "version": "4.7.0", @@ -8401,9 +8419,9 @@ } }, "unorm": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/unorm/-/unorm-1.5.0.tgz", - "integrity": "sha512-sMfSWoiRaXXeDZSXC+YRZ23H4xchQpwxjpw1tmfR+kgbBCaOgln4NI0LXejJIhnBuKINrB3WRn+ZI8IWssirVw==" + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/unorm/-/unorm-1.6.0.tgz", + "integrity": "sha512-b2/KCUlYZUeA7JFUuRJZPUtr4gZvBh7tavtv4fvk4+KV9pfGiR6CQAQAWl49ZpR3ts2dk4FYkP7EIgDJoiOLDA==" }, "unset-value": { "version": "1.0.0", diff --git a/package.json b/package.json index 8fa097b03..4b2976416 100644 --- a/package.json +++ b/package.json @@ -32,10 +32,10 @@ ], "dependencies": { "axios": "^0.18.0", - "bitcore-mnemonic": "^1.7.0", + "bitcore-mnemonic": "^8.1.0", "crypto-js": "^3.1.9-1", "isomorphic-ws": "^4.0.1", - "lodash": "^4.17.11", + "lodash": "^4.17.21", "long": "^4.0.0", "ws": "^7.2.1" },