search

Uniswap / v3-sdk

🛠 An SDK for building applications on top of Uniswap V3
MIT License
544 stars 416 forks source link

chore: update `@uniswap/v3-staker` dependency to `v1.0.2` #206

Open chloe-tan opened 3 months ago

chloe-tan commented 3 months ago

Issue

Current v3-staker version (1.0.0) depends on a vulnerable version of @openzeppelin/contracts. Sample dependabot alerts:

image

Changelog

  1. Update @uniswap/v3-staker dependency to v1.0.2

Linked issues

https://github.com/Uniswap/v3-sdk/issues/195

socket-security[bot] commented 3 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@uniswap/v3-staker@1.0.2 None +1 1.45 MB noahwz

🚮 Removed packages: npm/@uniswap/v3-staker@1.0.0

View full report↗︎