Closed lucanicoladebiasi closed 3 months ago
Lines | Statements | Branches | Functions |
---|---|---|---|
100% (3412/3412) | 100% (794/794) | 100% (705/705) |
Title | Tests | Skipped | Failures | Errors | Time |
---|---|---|---|---|---|
core | 498 | 0 :zzz: | 0 :x: | 0 :fire: | 1m 6s :stopwatch: |
network | 658 | 0 :zzz: | 0 :x: | 0 :fire: | 3m 55s :stopwatch: |
errors | 48 | 0 :zzz: | 0 :x: | 0 :fire: | 10.553s :stopwatch: |
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@babel/code-frame@7.24.6, npm/@babel/core@7.24.6, npm/@babel/generator@7.24.6, npm/@babel/helper-plugin-utils@7.24.6, npm/@babel/parser@7.24.6, npm/@babel/runtime@7.24.6, npm/@babel/template@7.24.6, npm/@babel/types@7.24.6, npm/@eslint-community/regexpp@4.10.0, npm/@nomicfoundation/hardhat-chai-matchers@2.0.6, npm/@nomicfoundation/hardhat-network-helpers@1.0.10, npm/@nomicfoundation/hardhat-verify@2.0.7, npm/@types/node@20.12.13, npm/@types/node@20.14.1, npm/deep-eql@4.1.3, npm/hardhat@2.22.4, npm/prettier@3.2.5, npm/tailwindcss@3.4.3, npm/tsup@8.0.2, npm/turbo@1.13.3
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Alert | Package | Note |
---|---|---|
High entropy strings | npm/jiti@1.21.0 |
|
High entropy strings | npm/jiti@1.21.0 |
|
High entropy strings | npm/prettier@3.2.5 |
|
Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Please inspect these strings to check if these strings are benign. Maintainers should clarify the purpose and existence of high entropy strings if there is a legitimate purpose.
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/jiti@1.21.0
@SocketSecurity ignore npm/prettier@3.2.5
@SocketSecurity ignore npm/jiti@1.21.0 npm/prettier@3.2.5
Description
The code at
packages/core/src/certificate/certificate.ts
match
method to verify if any binary encoded certificate matches with signer's address and signature,verify
method to usematch
, this method explicits the transformation from certificate trough its JSON/string to its binary encoding used to compute the hash to match signer's address with signature. representationFixes # 943
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
yarn test:solo
Test Configuration:
Checklist: