codesandbox-ci[bot]
commented
5 months ago This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
Closed andrewkmin closed 5 months ago
codesandbox-ci[bot]
commented
5 months ago This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
socket-security[bot]
commented
5 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@safe-global/protocol-kit@3.0.1 | Transitive: environment, eval, filesystem, network | +83 |
15.9 MB | dasanra |
| npm/@safe-global/safe-core-sdk-types@4.0.1 | Transitive: environment, eval, filesystem, network | +44 |
8.52 MB | dasanra |
| npm/@typechain/web3-v1@6.0.7 | filesystem Transitive: environment, eval, network, shell, unsafe | +336 |
42.1 MB | ethereum-ts-bot |
🚮 Removed packages: npm/@safe-global/protocol-kit@2.0.0, npm/@safe-global/safe-core-sdk-types@3.0.1
Summary & Motivation
$title
The with-gnosis example is the only part of this repo impacted by this vulnerability. As a result, we patch the relevant packages, but remove the typecheck for now (see README)
Relevant gh issue https://github.com/safe-global/safe-core-sdk/issues/698
How I Tested These Changes
Did you add a changeset?
If updating one of our packages, you'll likely need to add a changeset to your PR. To do so, run
pnpm changeset.pnpm changesetwill generate a file where you should write a human friendly message about the changes. Note how this (example) includes the package name (should be auto added by the command) along with the type of semver change (major.minor.patch) (which you should set).These changes will be used at release time to determine what packages to publish and how to bump their version. For more context see this comment.