search

blockchain / service-my-wallet-v3

Blockchain Wallet API Service
https://blockchain.info/api/blockchain_wallet_api
GNU Affero General Public License v3.0
917 stars 521 forks source link

19 vulnerabilities, 7 high #405

Open jaydenseric opened 5 years ago

jaydenseric commented 5 years ago

Please update the dependencies, npm audit on a fresh install reports 19 vulnerabilities (8 low, 4 moderate, 7 high):

Screen Shot 2019-03-19 at 4 55 12 pm
ghost commented 5 years ago

What does this mean

On Mon, Mar 18, 2019 at 11:08 PM Jayden Seric notifications@github.com wrote:

Please update the dependencies, npm audit on a fresh install reports 19 vulnerabilities (8 low, 4 moderate, 7 high):

[image: Screen Shot 2019-03-19 at 4 55 12 pm] https://user-images.githubusercontent.com/1754873/54583701-1d977f00-4a69-11e9-8bb8-7ed2f5dea99d.png

  • blockchain-wallet-service v0.26.3
  • Node.js v10.15.1

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/blockchain/service-my-wallet-v3/issues/405, or mute the thread https://github.com/notifications/unsubscribe-auth/AsNvXO6neIXO5ZJDfav9oBC66vYjRZWbks5vYH7WgaJpZM4b7WnJ .

-- www.pebblebam.com 480-930-9656 Text Available info@pebblebam.com The 1st Social Job Board For The Construction Workforce! Workers to Contractors

Facebook Page https://www.facebook.com/pebblebamaz/

jaydenseric commented 5 years ago

@Kasscon what do you mean, "what do you mean"? Are you hoping for a tutorial on the npm audit feature? See: https://docs.npmjs.com/cli/audit

Usually when npm audit picks up a lot of issues, it means dependencies (or dependencies of dependencies) are hopelessly out of date.

jaydenseric commented 5 years ago

The outdated dependencies:

Screen Shot 2019-03-19 at 7 44 56 pm

And why is the blockchain-wallet-client version pinned?

https://github.com/blockchain/service-my-wallet-v3/blob/v0.26.3/package.json#L44

jtormey commented 5 years ago

@jaydenseric blockchain-wallet-client has been deprecated, so this project isn't being actively updated anymore. However PRs are welcome!

jaydenseric commented 5 years ago

blockchain-wallet-client has been deprecated

Thanks for the heads-up. Unfortunately it is still the documented API for interacting with wallets: https://www.blockchain.com/api/blockchain_wallet_api

What is the new solution? My API needs to be able to programmatically send bitcoins out of the wallet.

kuzyakiev commented 5 years ago

@jtormey is there any active project/solution to work with blockchain.com wallets via API. Or this feature going to be removed in future?

RScottLewis commented 5 years ago

Good afternoon Gents: May we see some CORS support on the server side anytime soon? There are others of us that need it. See this blog titled "blockchain.info HTTP API support for CORS?" https://bitcointalk.org/index.php?topic=168010.0

To date, unspent is the only verb that works. Try it curl -v -H "Origin: http://example.com" \ -H "Access-Control-Request-Method: GET" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X GET \ "https://blockchain.info/unspent?cors=true"

Your attention to this request would be appreciated.