search

hashgraph / guardian

The Guardian is an innovative open-source platform that streamlines the creation, management, and verification of digital environmental assets. It leverages a customizable Policy Workflow Engine and Web3 technology to ensure transparent and fraud-proof operations, making it a key tool for transforming sustainability practices and carbon markets.
Apache License 2.0
105 stars 133 forks source link

[Snyk] Security upgrade crypto-browserify from 3.12.0 to 3.12.1 #4297

Closed CMiville42 closed 1 month ago

CMiville42 commented 1 month ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: crypto-browserify The new version differs by 31 commits.
  • 55476ac v3.12.1
  • 3f564b4 [Tests] ignore the "low" warning from elliptic
  • b2cadea [Tests] node 22+ removes `crypto.createCipher`
  • 6fad824 [Tests] add `nyc`
  • 42cfba1 [Dev Deps] update `@ ljharb/eslint-config`, `object.entries`, `tape`
  • 73a8db9 [Tests] replace `aud` with `npm audit`
  • b638139 [meta] add `sideEffects` flag
  • 5db1531 [readme] minor cleanups
  • 7050e61 Merge tags: `v2.1.9`, `v2.1.10`, `v2.1.11`, `v3.0.1`, `v3.0.2`, `v3.0.3`, `v3.2.0`, `v3.2.1`, `v3.2.2`, `v3.2.3`, `v3.2.4`, `v3.2.5`, `v3.2.6`, `v3.8.3`, `v3.9.0`, `v3.9.1`, `v3.9.2`, `v3.9.3`, `v3.9.4`, `v3.9.7`, `v3.9.8`, `v3.9.9`, `v3.9.10`, `v3.9.11`, `v3.9.12`, `v3.9.13`, `v3.9.14`, `v3.10.0`, `v3.11.0`, `v3.11.1`, `v3.12.0`
  • 2e18bb2 [meta] document support as node 0.10+
  • da8a1a2 [Deps] update `browserify-sign`
  • 0c62cf8 [Deps] pin `hash-base` to ~3.0, due to a breaking change
  • 3878562 [Tests] remove zuul; it’s dead
  • 0bc31e6 [Dev Deps] update `aud`, `tape`
  • 8ff13b0 [Tests] skip `engines` check for now
  • 24eea0d [Tests] mostly switch to Github Actions
  • 797455f [Tests] node 17 doesn’t support rmd160
  • 33596f6 [Tests] node 17+ requires a DH key length of >= 512
  • 1179f7c [Deps] update `browserify-cipher browserify-sign `, `create-ecdh`, `create-hash`, `create-hmac`, `diffie-hellman`, `inherits`, `pbkdf2`, `public-encrypt`, `randombytes`, `randomfill`
  • 0a9aab4 [Tests] rename test scripts to match my conventions
  • 7223ce7 [meta] update repo URLs
  • 5757219 [Tests] refactor so tests are not recursive
  • e592c95 [Dev Deps] update `safe-buffer`, `tape`, `zuul`
  • 7d8170e Only apps should have lockfiles
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

github-actions[bot] commented 1 month ago

Test Results

27 tests  ±0   27 :white_check_mark: ±0   0s :stopwatch: ±0s 27 suites ±0    0 :zzz: ±0   3 files   ±0    0 :x: ±0 

Results for commit f43f30ec. ± Comparison against base commit 1e8a8011.