jasonandjay
commented
5 months ago unexpected test failed of audit, please have a look @junderw
Closed jasonandjay closed 5 months ago
jasonandjay
commented
5 months ago unexpected test failed of audit, please have a look @junderw
junderw
commented
5 months ago Change - run: npm run audit to - run: npm run audit -- -x 1097496 to the audit script to ignore. This vulnerability will at worst crash when running the tests or eslint.
junderw
commented
5 months ago npm ci (from package-lock)npm ls bracesSince it did not fix the audit, that means there is no fix out yet and/or the chain of dependencies hasn't upgraded yet.
We can't do anything, but check the content of the vulnerability and see if we can ignore it.
I think we can ignore it.
junderw
commented
5 months ago I think instead of modifying the audit script in package.json we should just modify the invocation in CI.
If some other user wants to run audit, we shouldn't mess with it.
... maybe -l high should also be moved from package.json to main_ci?
jasonandjay
commented
5 months ago Which part needs to be optimized?
In case of https://github.com/bitcoinjs/bitcoinjs-lib/issues/2106
1. Documented Error: Added details about the Uncaught TypeError: (0 , fs_1.readFileSync) is not a function error with tiny-secp256k1 due to WASM issues in browsers.
2. ECC Library Alternatives: Introduced @bitcoinjs-lib/tiny-secp256k1-asmjs and @bitcoinerlab/secp256k1 as alternatives for improved browser support.