search

rainbow-me / browser-extension

An Ethereum wallet built for speed 🌈
https://rainbow.me/
GNU General Public License v3.0
170 stars 40 forks source link

Fix vulnerability: GHSA-gcx4-mw62-g8wm #1716

Closed BrodyHughes closed 2 months ago

BrodyHughes commented 2 months ago

Fixes BX-1649

Vulnerability: GHSA-gcx4-mw62-g8wm

Advisory title: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Advisory URL: https://github.com/advisories/GHSA-gcx4-mw62-g8wm

socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@rollup/rollup-android-arm-eabi@4.22.4 None 0 1.47 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-android-arm64@4.22.4 None 0 2.05 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-darwin-arm64@4.22.4 None 0 2.18 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-darwin-x64@4.22.4 None 0 2.32 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm-gnueabihf@4.22.4 None 0 2.22 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm-musleabihf@4.22.4 None 0 2.21 MB lukastaegert
npm/@rollup/rollup-linux-arm64-gnu@4.22.4 None 0 2.23 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm64-musl@4.22.4 None 0 2.12 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-powerpc64le-gnu@4.22.4 None 0 2.76 MB lukastaegert
npm/@rollup/rollup-linux-riscv64-gnu@4.22.4 None 0 2.25 MB lukastaegert
npm/@rollup/rollup-linux-s390x-gnu@4.22.4 None 0 3.8 MB lukastaegert
npm/@rollup/rollup-linux-x64-gnu@4.22.4 None 0 2.49 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-x64-musl@4.22.4 None 0 2.48 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-win32-arm64-msvc@4.22.4 None 0 2.74 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-win32-ia32-msvc@4.22.4 None 0 2.53 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-win32-x64-msvc@4.22.4 None 0 3.28 MB guybedford, lukastaegert, rich_harris, ...1 more
npm/rollup@4.22.4 None 0 2.27 MB eventualbuddha, lukastaegert, rich_harris, ...2 more

🚮 Removed packages: npm/@rollup/rollup-android-arm-eabi@4.21.3, npm/@rollup/rollup-android-arm64@4.21.3, npm/@rollup/rollup-darwin-arm64@4.21.3, npm/@rollup/rollup-darwin-x64@4.21.3, npm/@rollup/rollup-linux-arm-gnueabihf@4.21.3, npm/@rollup/rollup-linux-arm-musleabihf@4.21.3, npm/@rollup/rollup-linux-arm64-gnu@4.21.3, npm/@rollup/rollup-linux-arm64-musl@4.21.3, npm/@rollup/rollup-linux-powerpc64le-gnu@4.21.3, npm/@rollup/rollup-linux-riscv64-gnu@4.21.3, npm/@rollup/rollup-linux-s390x-gnu@4.21.3, npm/@rollup/rollup-linux-x64-gnu@4.21.3, npm/@rollup/rollup-linux-x64-musl@4.21.3, npm/@rollup/rollup-win32-arm64-msvc@4.21.3, npm/@rollup/rollup-win32-ia32-msvc@4.21.3, npm/@rollup/rollup-win32-x64-msvc@4.21.3, npm/rollup@4.21.3

View full report↗︎

linear[bot] commented 2 months ago

BX-1649 Vulnerability: GHSA-gcx4-mw62-g8wm

BrodyHughes commented 2 months ago

https://github.com/rainbow-me/browser-extension/pull/1708