SOC2: Fixing vulnerabilities

farhanW3 commented 5 months ago

PR-Codex overview

This PR updates dependencies like eslint and @aws-sdk/client-kms, also adds resolutions for ethers-gcp-kms-signer and @thirdweb-dev/auth/axios.

Detailed summary

Updated eslint to version ^9.3.0
Updated @aws-sdk/client-kms to version ^3.587.0
Added resolutions for ethers-gcp-kms-signer and @thirdweb-dev/auth/axios

The following files were skipped due to too many changes: yarn.lock

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

socket-security[bot] commented 5 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@aws-sdk/client-kms@3.587.0	Transitive: environment, filesystem, network	`+69`	1.86 MB
npm/@aws-sdk/types@3.577.0	None	`+1`	284 kB	aws-sdk-bot
npm/@babel/helper-plugin-utils@7.24.6	None	`0`	127 kB	nicolo-ribaudo
npm/@babel/runtime@7.24.6	None	`+1`	277 kB	nicolo-ribaudo
npm/@emotion/serialize@1.1.4	environment	`+5`	1.34 MB	emotion-release-bot
npm/@eslint-community/regexpp@4.10.0	None	`0`	431 kB	eslint-community-bot
npm/@fastify/error@3.4.1	None	`0`	18.5 kB	jsumners
npm/@fastify/swagger@8.14.0	None	`+2`	348 kB	climba03003
npm/@fastify/type-provider-typebox@3.6.0	None	`0`	25.5 kB	matteo.collina
npm/@fastify/websocket@8.3.1	Transitive: environment, network	`+3`	1.04 MB	matteo.collina
npm/@google-cloud/kms@4.4.0	environment Transitive: filesystem, network, shell	`+33`	11.9 MB	google-wombot
npm/@grpc/proto-loader@0.7.13	filesystem	`+6`	339 kB	murgatroid99
npm/@humanwhocodes/object-schema@2.0.3	None	`0`	23.3 kB	nzakas
npm/@jridgewell/resolve-uri@3.1.2	None	`0`	53.2 kB	jridgewell
npm/@lit-labs/ssr-dom-shim@1.2.0	environment	`0`	35.7 kB	lit-robot
npm/@lit/reactive-element@1.6.3	None	`0`	788 kB	lit-robot
npm/@motionone/animation@10.17.0	None	`+1`	50.9 kB	popmotion
npm/@motionone/dom@10.17.0	None	`+2`	531 kB	popmotion
npm/@motionone/types@10.17.0	None	`0`	15.4 kB	popmotion
npm/@motionone/utils@10.17.0	None	`+1`	40.7 kB	popmotion
npm/@prisma/client@5.14.0	environment, filesystem, shell	`0`	9 MB	prismabot
npm/@t3-oss/env-core@0.6.1	environment	`0`	25.8 kB	juliusmarminge
npm/@thirdweb-dev/auth@4.1.88	Transitive: environment, eval, filesystem, network	`+203`	151 MB
npm/@thirdweb-dev/sdk@4.0.90	Transitive: environment, filesystem, network	`+37`	124 MB
npm/@thirdweb-dev/service-utils@0.4.30	environment Transitive: network	`+1`	219 kB	jnsdls
npm/@types/babel__traverse@7.20.6	None	`0`	84.1 kB	types
npm/@types/cli-progress@3.11.5	None	`0`	12.9 kB	types
npm/@types/cookie@0.5.4	None	`0`	9.45 kB	types
npm/@types/express@4.17.21	None	`+9`	61.4 kB	types
npm/@types/jest@29.5.12	None	`0`	78.7 kB	types
npm/@types/json-schema@7.0.15	None	`0`	31.7 kB	types
npm/@types/node-cron@3.0.11	None	`0`	6.23 kB	types
npm/@types/node@18.19.33	None	`0`	1.97 MB	types
npm/@types/pg@8.11.6	None	`+9`	102 kB	types
npm/@types/uuid@9.0.8	None	`0`	6.74 kB	types
npm/@types/ws@8.5.10	None	`0`	21.7 kB	types
npm/@typescript-eslint/eslint-plugin@5.62.0	Transitive: environment, eval, filesystem, unsafe	`+56`	10.4 MB	jameshenry
npm/@typescript-eslint/parser@5.62.0	Transitive: environment, eval, filesystem, unsafe	`+52`	10.4 MB	jameshenry
npm/axios@1.7.2	network Transitive: environment, filesystem	`+4`	2.21 MB	jasonsaayman
npm/bignumber.js@9.1.2	None	`0`	351 kB	mikemcl
npm/braces@3.0.3	None	`+1`	61.4 kB	jonschlinkert
npm/bullmq@5.7.14	environment, filesystem, network, shell Transitive: eval, unsafe	`+10`	4.07 MB	manast
npm/commander@11.1.0	environment, filesystem, shell	`0`	177 kB	abetomo
npm/debug@4.3.5	None	`0`	0 B
npm/dotenv@16.4.5	environment, filesystem	`0`	79.1 kB	motdotla
npm/duplexify@4.1.3	None	`+1`	22.8 kB	mafintosh
npm/escalade@3.1.2	filesystem	`0`	11.6 kB	lukeed
npm/eslint-config-prettier@8.10.0	None	`0`	19.9 kB	lydell
npm/eslint-visitor-keys@3.4.3	None	`0`	32.3 kB	eslintbot
npm/eslint@9.3.0	environment Transitive: eval, filesystem, unsafe	`+40`	7.62 MB	eslintbot
npm/espree@9.6.1	None	`+1`	98 kB	eslintbot
npm/fast-json-stringify@5.16.0	eval Transitive: unsafe	`+4`	585 kB	matteo.collina
npm/fast-redact@3.5.0	eval	`0`	92.7 kB	matteo.collina
npm/fast-uri@2.3.0	None	`0`	64.4 kB	eomm
npm/fastify-plugin@4.5.1	None	`0`	40.3 kB	matteo.collina
npm/fastify@4.27.0	Transitive: environment, eval, filesystem, unsafe	`+30`	5.84 MB	matteo.collina
npm/fastq@1.17.1	None	`0`	41.9 kB	matteo.collina
npm/has-tostringtag@1.0.2	None	`+1`	38.2 kB	ljharb
npm/http-status-codes@2.3.0	None	`0`	223 kB	prettymuchbryce
npm/keyv@4.5.4	None	`+1`	33.2 kB	jaredwray
npm/micromatch@4.0.7	None	`0`	56.3 kB	paulmillr
npm/mlly@1.7.0	None	`+2`	563 kB	pi0
npm/node-cron@3.0.3	shell	`+1`	184 kB	merencia
npm/node-gyp-build@4.8.1	environment, filesystem	`0`	13.4 kB	mafintosh
npm/pg-protocol@1.6.1	None	`0`	188 kB	brianc
npm/pg@8.11.5	environment, network Transitive: filesystem	`+10`	245 kB	brianc
npm/picocolors@1.0.1	environment	`0`	5.15 kB	alexeyraspopov
npm/pino-pretty@10.3.1	environment Transitive: filesystem	`+11`	936 kB	matteo.collina
npm/pino@8.21.0	environment, unsafe Transitive: eval	`+11`	1.46 MB	matteo.collina
npm/rfdc@1.3.1	None	`0`	25.2 kB	matteo.collina
npm/thirdweb@5.26.0	Transitive: environment, eval, filesystem, network, unsafe	`+187`	116 MB
npm/ts-jest@29.1.4	environment, filesystem, unsafe Transitive: eval, network, shell	`+50`	2 MB	kul
npm/ts-node@10.9.2	environment, filesystem, unsafe	`+12`	1.39 MB	blakeembrey
npm/typescript@5.4.5	None	`0`	32.4 MB	typescript-bot
npm/uc.micro@2.1.0	None	`0`	13.3 kB	vitaly
npm/viem@1.21.4	network Transitive: environment	`+7`	9.26 MB	jmoxey
npm/which-typed-array@1.1.15	None	`+5`	122 kB	ljharb
npm/word-wrap@1.2.5	None	`0`	11.8 kB	jonschlinkert

🚮 Removed packages: npm/@aws-sdk/client-kms@3.398.0, npm/@aws-sdk/types@3.398.0, npm/@babel/code-frame@7.23.5, npm/@babel/core@7.23.6, npm/@babel/generator@7.23.6, npm/@babel/helper-module-imports@7.22.15, npm/@babel/parser@7.23.6, npm/@babel/runtime@7.24.1, npm/@babel/template@7.22.15, npm/@babel/types@7.23.6, npm/@emotion/serialize@1.1.3, npm/@fastify/swagger@8.9.0, npm/@fastify/type-provider-typebox@3.2.0, npm/@fastify/websocket@8.2.0, npm/@floating-ui/utils@0.2.1, npm/@google-cloud/kms@4.0.0, npm/@lit-labs/ssr-dom-shim@1.1.1, npm/@lit/reactive-element@1.6.2, npm/@prisma/client@5.14.0-dev.65, npm/@smithy/credential-provider-imds@2.0.5, npm/@smithy/property-provider@2.0.5, npm/@smithy/shared-ini-file-loader@2.0.5, npm/@t3-oss/env-core@0.6.0, npm/@thirdweb-dev/auth@4.1.87, npm/@thirdweb-dev/chains@0.1.77, npm/@thirdweb-dev/sdk@4.0.89, npm/@thirdweb-dev/service-utils@0.4.28, npm/@types/babel__traverse@7.20.4, npm/@types/cli-progress@3.11.3, npm/@types/cookie@0.5.1, npm/@types/express@4.17.17, npm/@types/jest@29.5.11, npm/@types/json-schema@7.0.11, npm/@types/mime@1.3.2, npm/@types/node-cron@3.0.8, npm/@types/node@18.16.6, npm/@types/pg@8.6.6, npm/@types/uuid@9.0.1, npm/@types/ws@8.5.5, npm/@typescript-eslint/eslint-plugin@5.59.5, npm/@typescript-eslint/parser@5.59.5, npm/acorn@8.8.2, npm/bignumber.js@9.1.1, npm/bullmq@5.7.8, npm/call-bind@1.0.2, npm/commander@11.0.0, npm/dotenv@16.0.3, npm/duplexify@4.1.2, npm/eslint-config-prettier@8.8.0, npm/eslint-visitor-keys@3.4.1, npm/eslint@8.40.0, npm/espree@9.5.2, npm/fast-redact@3.2.0, npm/fast-uri@2.2.0, npm/fastify-plugin@4.5.0, npm/fastify@4.17.0, npm/get-intrinsic@1.2.1, npm/http-status-codes@2.2.0, npm/is-core-module@2.12.1, npm/mlly@1.6.1, npm/node-cron@3.0.2, npm/node-gyp-build@4.6.0, npm/pg-protocol@1.6.0, npm/pg@8.11.3, npm/pino-pretty@10.0.0, npm/pino@8.15.1, npm/resolve@1.22.2, npm/rfdc@1.3.0, npm/thirdweb@5.25.1, npm/ts-jest@29.1.1, npm/ts-node@10.9.1, npm/typescript@5.1.3, npm/uc.micro@1.0.6, npm/viem@1.14.0, npm/which-typed-array@1.1.11, npm/word-wrap@1.2.3

View full report↗︎

farhanW3 commented 5 months ago

yarn audit doesn't show any vulnerabilities now

thirdweb-dev / engine

SOC2: Fixing vulnerabilities #541

PR-Codex overview

Detailed summary