Closed hernan-clich closed 1 year ago
webmaster128
commented
1 year ago I made a pre-release now and the integration is here: https://github.com/cosmos/cosmjs/pull/1484. Still a bit of work but once done, we can get a new CosmJS out with the dependency upgrade.
webmaster128
commented
1 year ago I think you can now just upgrader to version 6.11.4. At least this was recognized as a fixed version by GitHub in a different project I worked on. The version range was updated here: https://github.com/advisories/GHSA-h755-8qp9-cq85
Assuming this is done by using 6.11.4. In the meantime we try to get rid of the dependency, but this is likely not completely possible short term for the entire CosmJS stack.
A dependabot alert appeared in one of our repos related to protobufjs, this is the alert:
After some traversing in our dependency tree I noticed that the latest version of
cosmjs-typeshave it as a dependency.I also saw that a PR was already merged to remove it from the
package.jsonof the project so I would like to know when that change would be readily available so I can upgrade the version.Thanks for your hard work!