From e1342721828832ee6dc9b53c91f416c84ae03690 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 19 Dec 2022 20:37:56 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248 --- package.json | 2 +- yarn.lock | 218 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 147 insertions(+), 73 deletions(-) diff --git a/package.json b/package.json index 989caef..c4098ec 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "version": "0.1.0", "private": true, "dependencies": { - "@cosmjs/cosmwasm-stargate": "^0.27.1", + "@cosmjs/cosmwasm-stargate": "^0.28.6", "@cosmjs/faucet-client": "^0.27.1", "@cosmjs/launchpad": "^0.27.1", "@cosmjs/proto-signing": "^0.27.1", diff --git a/yarn.lock b/yarn.lock index 22980c9..ba2b210 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1069,15 +1069,13 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== -"@confio/ics23@^0.6.3": - version "0.6.5" - resolved "https://registry.yarnpkg.com/@confio/ics23/-/ics23-0.6.5.tgz#9c21a61089d4c3c2429875a69d6d9cd8c87512aa" - integrity sha512-1GdPMsaP/l8JSF4P4HWFLBhdcxHcJT8lS0nknBYNSZ1XrJOsJKUy6EkOwd9Pa1qJkXzY2gyNv7MdHR+AIwSTAg== +"@confio/ics23@^0.6.8": + version "0.6.8" + resolved "https://registry.yarnpkg.com/@confio/ics23/-/ics23-0.6.8.tgz#2a6b4f1f2b7b20a35d9a0745bb5a446e72930b3d" + integrity sha512-wB6uo+3A50m0sW/EWcU64xpV/8wShZ6bMTa7pF8eYsTrSkQA7oLUIJcs/wb8g4y2Oyq701BaGiO6n/ak5WXO1w== dependencies: - js-sha512 "^0.8.0" + "@noble/hashes" "^1.0.0" protobufjs "^6.8.8" - ripemd160 "^2.0.2" - sha.js "^2.4.11" "@cosmjs/amino@0.27.1": version "0.27.1" @@ -1089,23 +1087,32 @@ "@cosmjs/math" "0.27.1" "@cosmjs/utils" "0.27.1" -"@cosmjs/cosmwasm-stargate@^0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.27.1.tgz#7c90517f07ea652d06e8c8d0f6f14b10f3a50698" - integrity sha512-miEAYH4k0YPHRGmp5NTN93lrMg2opxZjr2d4fpRD8H3VVngP4+uUmiI2aUZpHTejlPjqrSTGQnPyycRVMHEFsw== - dependencies: - "@cosmjs/amino" "0.27.1" - "@cosmjs/crypto" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/proto-signing" "0.27.1" - "@cosmjs/stargate" "0.27.1" - "@cosmjs/tendermint-rpc" "0.27.1" - "@cosmjs/utils" "0.27.1" +"@cosmjs/amino@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/amino/-/amino-0.28.13.tgz#b51417a23c1ff8ef8b85a6862eba8492c6c44f38" + integrity sha512-IHnH2zGwaY69qT4mVAavr/pfzx6YE+ud1NHJbvVePlbGiz68CXTi5LHR+K0lrKB5mQ7E+ZErWz2mw5U/x+V1wQ== + dependencies: + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + +"@cosmjs/cosmwasm-stargate@^0.28.6": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/cosmwasm-stargate/-/cosmwasm-stargate-0.28.13.tgz#bea77bc999aaafdb677f446465f648cd000c5b4a" + integrity sha512-dVZNOiRd8btQreRUabncGhVXGCS2wToXqxi9l3KEHwCJQ2RWTshuqV+EZAdCaYHE5W6823s2Ol2W/ukA9AXJPw== + dependencies: + "@cosmjs/amino" "0.28.13" + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/proto-signing" "0.28.13" + "@cosmjs/stargate" "0.28.13" + "@cosmjs/tendermint-rpc" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" pako "^2.0.2" - protobufjs "~6.10.2" "@cosmjs/crypto@0.27.1": version "0.27.1" @@ -1123,6 +1130,19 @@ ripemd160 "^2.0.2" sha.js "^2.4.11" +"@cosmjs/crypto@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.28.13.tgz#541b6a36f616b2da5a568ead46d4e83841ceb412" + integrity sha512-ynKfM0q/tMBQMHJby6ad8lR3gkgBKaelQhIsCZTjClsnuC7oYT9y3ThSZCUWr7Pa9h0J8ahU2YV2oFWFVWJQzQ== + dependencies: + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" + "@noble/hashes" "^1" + bn.js "^5.2.0" + elliptic "^6.5.3" + libsodium-wrappers "^0.7.6" + "@cosmjs/crypto@^0.24.1": version "0.24.1" resolved "https://registry.yarnpkg.com/@cosmjs/crypto/-/crypto-0.24.1.tgz#62da59c32b26344f26b10dd31a02b93655586d04" @@ -1150,6 +1170,15 @@ bech32 "^1.1.4" readonly-date "^1.0.0" +"@cosmjs/encoding@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.28.13.tgz#7994e8e2c435beaf0690296ffb0f7f3eaec8150b" + integrity sha512-jtXbAYtV77rLHxoIrjGFsvgGjeTKttuHRv6cvuy3toCZzY7JzTclKH5O2g36IIE4lXwD9xwuhGJ2aa6A3dhNkA== + dependencies: + base64-js "^1.3.0" + bech32 "^1.1.4" + readonly-date "^1.0.0" + "@cosmjs/encoding@^0.20.0": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/encoding/-/encoding-0.20.1.tgz#1d1162b3eca51b7244cd45102e313612cea77281" @@ -1175,12 +1204,12 @@ dependencies: axios "^0.21.2" -"@cosmjs/json-rpc@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.27.1.tgz#ce0a6157f57a76e964587ceb9027884bc4ffe701" - integrity sha512-AKvsllGr6oN5kiroatIeIIxRdCFetLd8LCWV04RRNkoJ2OefDNb46VlWEQ+gI3ay5GgfVjB9qAcfvbJyrcEv+A== +"@cosmjs/json-rpc@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/json-rpc/-/json-rpc-0.28.13.tgz#ff3f0c4a2f363b1a2c6779f8624a897e217fe297" + integrity sha512-fInSvg7x9P6p+GWqet+TMhrMTM3OWWdLJOGS5w2ryubMjgpR1rLiAx77MdTNkArW+/6sUwku0sN4veM4ENQu6A== dependencies: - "@cosmjs/stream" "0.27.1" + "@cosmjs/stream" "0.28.13" xstream "^11.14.0" "@cosmjs/launchpad@^0.24.0-alpha.25", "@cosmjs/launchpad@^0.24.1": @@ -1215,6 +1244,13 @@ dependencies: bn.js "^5.2.0" +"@cosmjs/math@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.28.13.tgz#50c05bc67007a04216f7f5e0c93f57270f8cc077" + integrity sha512-PDpL8W/kbyeWi0mQ2OruyqE8ZUAdxPs1xCbDX3WXJwy2oU+X2UTbkuweJHVpS9CIqmZulBoWQAmlf6t6zr1N/g== + dependencies: + bn.js "^5.2.0" + "@cosmjs/math@^0.20.0": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/math/-/math-0.20.1.tgz#c3c2be821b8b5dbbb9b2c0401bd9f1472e821f2a" @@ -1229,17 +1265,18 @@ dependencies: bn.js "^4.11.8" -"@cosmjs/proto-signing@0.27.1", "@cosmjs/proto-signing@^0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.27.1.tgz#1f8f662550aab012d957d02f43c77d914c2ae0db" - integrity sha512-t7/VvQivMdM1KgKWai/9ZCEcGFXJtr9Xo0hGcPLTn9wGkh9tmOsUXINYVMsf5D/jWIm1MDPbGCYfdb9V1Od4hw== +"@cosmjs/proto-signing@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.28.13.tgz#95ac12f0da0f0814f348f5ae996c3e96d015df61" + integrity sha512-nSl/2ZLsUJYz3Ad0RY3ihZUgRHIow2OnYqKsESMu+3RA/jTi9bDYhiBu8mNMHI0xrEJry918B2CyI56pOUHdPQ== dependencies: - "@cosmjs/amino" "0.27.1" - "@cosmjs/crypto" "0.27.1" - "@cosmjs/math" "0.27.1" + "@cosmjs/amino" "0.28.13" + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" - protobufjs "~6.10.2" "@cosmjs/proto-signing@^0.24.0-alpha.25": version "0.24.1" @@ -1250,52 +1287,65 @@ long "^4.0.0" protobufjs "~6.10.2" -"@cosmjs/socket@0.27.1": +"@cosmjs/proto-signing@^0.27.1": version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.27.1.tgz#c7a3eceb15efb9874a048c3238d1f0b185185742" - integrity sha512-bKCRsaSXh/TA7efxVCogzS2K3cgC40Ge2itFYmTfgpOE+++52FchCblVCsCYwMNDLS497RP4P0GbeC1VEBToMA== + resolved "https://registry.yarnpkg.com/@cosmjs/proto-signing/-/proto-signing-0.27.1.tgz#1f8f662550aab012d957d02f43c77d914c2ae0db" + integrity sha512-t7/VvQivMdM1KgKWai/9ZCEcGFXJtr9Xo0hGcPLTn9wGkh9tmOsUXINYVMsf5D/jWIm1MDPbGCYfdb9V1Od4hw== + dependencies: + "@cosmjs/amino" "0.27.1" + "@cosmjs/crypto" "0.27.1" + "@cosmjs/math" "0.27.1" + cosmjs-types "^0.4.0" + long "^4.0.0" + protobufjs "~6.10.2" + +"@cosmjs/socket@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/socket/-/socket-0.28.13.tgz#d8443ad6e91d080fc6b80a7e9cf297a56b1f6833" + integrity sha512-lavwGxQ5VdeltyhpFtwCRVfxeWjH5D5mmN7jgx9nuCf3XSFbTcOYxrk2pQ4usenu1Q1KZdL4Yl5RCNrJuHD9Ug== dependencies: - "@cosmjs/stream" "0.27.1" + "@cosmjs/stream" "0.28.13" isomorphic-ws "^4.0.1" ws "^7" xstream "^11.14.0" -"@cosmjs/stargate@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.27.1.tgz#0abc1f91e5cc421940c920f16a22c6c93cc774d5" - integrity sha512-7hAIyNd6NbhQA51w9mPVyMYw515Hpj0o7SXMaqbc7nxs3hkJNMONQ9RakyMm0U/WeCd6ObcSaPEcdkqbfkc+mg== - dependencies: - "@confio/ics23" "^0.6.3" - "@cosmjs/amino" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/proto-signing" "0.27.1" - "@cosmjs/stream" "0.27.1" - "@cosmjs/tendermint-rpc" "0.27.1" - "@cosmjs/utils" "0.27.1" +"@cosmjs/stargate@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/stargate/-/stargate-0.28.13.tgz#a73d837a46ee8944e6eafe162f2ff6943c14350e" + integrity sha512-dVBMazDz8/eActHsRcZjDHHptOBMqvibj5CFgEtZBp22gP6ASzoAUXTlkSVk5FBf4sfuUHoff6st134/+PGMAg== + dependencies: + "@confio/ics23" "^0.6.8" + "@cosmjs/amino" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/proto-signing" "0.28.13" + "@cosmjs/stream" "0.28.13" + "@cosmjs/tendermint-rpc" "0.28.13" + "@cosmjs/utils" "0.28.13" cosmjs-types "^0.4.0" long "^4.0.0" - protobufjs "~6.10.2" + protobufjs "~6.11.3" xstream "^11.14.0" -"@cosmjs/stream@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.27.1.tgz#02f40856c0840e34ef11054da9e84e8196d37593" - integrity sha512-cEyEAVfXEyuUpKYBeEJrOj8Dp/c+M6a0oGJHxvDdhP5gSsaeCPgQXrh7qZFBiUfu3Brmqd+e/bKZm+068l9bBw== +"@cosmjs/stream@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/stream/-/stream-0.28.13.tgz#1e79d1116fda1e63e5ecddbd9d803d403942b1fa" + integrity sha512-AnjtfwT8NwPPkd3lhZhjOlOzT0Kn9bgEu2IPOZjQ1nmG2bplsr6TJmnwn0dJxHT7UGtex17h6whKB5N4wU37Wg== dependencies: xstream "^11.14.0" -"@cosmjs/tendermint-rpc@0.27.1": - version "0.27.1" - resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.27.1.tgz#66f4a04d1b9ac5849ea2981c2e67bc229996a85a" - integrity sha512-eN1NyBYIiFutDNleEaTfvIJ3S3KA1gP45UHaLhSETm8KyiaUqg/b0Mj6sp7J3h4BhgwLq2zn/TDtIn0k5luedg== - dependencies: - "@cosmjs/crypto" "0.27.1" - "@cosmjs/encoding" "0.27.1" - "@cosmjs/json-rpc" "0.27.1" - "@cosmjs/math" "0.27.1" - "@cosmjs/socket" "0.27.1" - "@cosmjs/stream" "0.27.1" +"@cosmjs/tendermint-rpc@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/tendermint-rpc/-/tendermint-rpc-0.28.13.tgz#0bf587ae66fa3f88319edbd258492d28e73f9f29" + integrity sha512-GB+ZmfuJIGQm0hsRtLYjeR3lOxF7Z6XyCBR0cX5AAYOZzSEBJjevPgUHD6tLn8zIhvzxaW3/VKnMB+WmlxdH4w== + dependencies: + "@cosmjs/crypto" "0.28.13" + "@cosmjs/encoding" "0.28.13" + "@cosmjs/json-rpc" "0.28.13" + "@cosmjs/math" "0.28.13" + "@cosmjs/socket" "0.28.13" + "@cosmjs/stream" "0.28.13" + "@cosmjs/utils" "0.28.13" axios "^0.21.2" readonly-date "^1.0.0" xstream "^11.14.0" @@ -1305,6 +1355,11 @@ resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.27.1.tgz#1c8efde17256346ef142a3bd15158ee4055470e2" integrity sha512-VG7QPDiMUzVPxRdJahDV8PXxVdnuAHiIuG56hldV4yPnOz/si/DLNd7VAUUA5923b6jS1Hhev0Hr6AhEkcxBMg== +"@cosmjs/utils@0.28.13": + version "0.28.13" + resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.28.13.tgz#2fd2844ec832d7833811e2ae1691305d09791a08" + integrity sha512-dVeMBiyg+46x7XBZEfJK8yTihphbCFpjVYmLJVqmTsHfJwymQ65cpyW/C+V/LgWARGK8hWQ/aX9HM5Ao8QmMSg== + "@cosmjs/utils@^0.20.0": version "0.20.1" resolved "https://registry.yarnpkg.com/@cosmjs/utils/-/utils-0.20.1.tgz#4d239b7d93c15523cdf109f225cbf61326fb69cd" @@ -1671,6 +1726,11 @@ resolved "https://registry.yarnpkg.com/@lit/reactive-element/-/reactive-element-1.2.2.tgz#bfa5539dfe4776899c3e3ba11e0e10224aeb9ff7" integrity sha512-HkhTTO2rT8jlf4izz7ME/+YUjqz+ZHgmnOKorA+7tkDmQDg6QzDpWSFz//1YyiL193W4bc7rlQCiYyFiZa9pkQ== +"@noble/hashes@^1", "@noble/hashes@^1.0.0": + version "1.1.5" + resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.1.5.tgz#1a0377f3b9020efe2fae03290bd2a12140c95c11" + integrity sha512-LTMZiiLc+V4v1Yi16TD6aX2gmtKszNye0pQgbaLqkvhIqP7nVsSaJsWloGQjJfJ8offaoP5GtX3yY5swbcJxxQ== + "@nodelib/fs.scandir@2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" @@ -7164,11 +7224,6 @@ js-sha3@^0.8.0: resolved "https://registry.yarnpkg.com/js-sha3/-/js-sha3-0.8.0.tgz#b9b7a5da73afad7dedd0f8c463954cbde6818840" integrity sha512-gF1cRrHhIzNfToc802P800N8PpXS+evLLXfsVpowqmAFR9uwbi89WvXg2QspOmXL8QL86J4T1EpFu+yUkwJY3Q== -js-sha512@^0.8.0: - version "0.8.0" - resolved "https://registry.yarnpkg.com/js-sha512/-/js-sha512-0.8.0.tgz#dd22db8d02756faccf19f218e3ed61ec8249f7d4" - integrity sha512-PWsmefG6Jkodqt+ePTvBZCSMFgN7Clckjd0O7su3I0+BW2QWUTJNzjktHsztGLhncP2h8mcF9V9Y2Ha59pAViQ== - "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" @@ -9085,6 +9140,25 @@ protobufjs@~6.10.2: "@types/node" "^13.7.0" long "^4.0.0" +protobufjs@~6.11.3: + version "6.11.3" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.3.tgz#637a527205a35caa4f3e2a9a4a13ddffe0e7af74" + integrity sha512-xL96WDdCZYdU7Slin569tFX712BxsxslWwAfAhCYjQKGTq7dAU91Lomy6nLLhh/dyGhk/YH4TwTSRxTzhuHyZg== + dependencies: + "@protobufjs/aspromise" "^1.1.2" + "@protobufjs/base64" "^1.1.2" + "@protobufjs/codegen" "^2.0.4" + "@protobufjs/eventemitter" "^1.1.0" + "@protobufjs/fetch" "^1.1.0" + "@protobufjs/float" "^1.0.2" + "@protobufjs/inquire" "^1.1.0" + "@protobufjs/path" "^1.1.2" + "@protobufjs/pool" "^1.1.0" + "@protobufjs/utf8" "^1.1.0" + "@types/long" "^4.0.1" + "@types/node" ">=13.7.0" + long "^4.0.0" + proxy-addr@~2.0.7: version "2.0.7" resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"