From 3c0212deca885d3bead2449c6eaa870f39c184cc Mon Sep 17 00:00:00 2001 From: iketw <121973632+iketw@users.noreply.github.com> Date: Fri, 27 Oct 2023 13:46:20 -0400 Subject: [PATCH] =?UTF-8?q?Revert=20"[SDK/Wallets]=20Override=20crypto-js?= =?UTF-8?q?=20to=20use=20latest=20version=20to=20fix=20vulnera=E2=80=A6=20?= =?UTF-8?q?(#1854)"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 467c9eeedc24c2822e648dccefbd056dacea6392. --- package.json | 3 +- packages/sdk/package.json | 2 +- packages/wallets/package.json | 4 +- pnpm-lock.yaml | 115 +++++++++------------------------- 4 files changed, 32 insertions(+), 92 deletions(-) diff --git a/package.json b/package.json index 60173bee949..6926177221d 100644 --- a/package.json +++ b/package.json @@ -68,8 +68,7 @@ "semver@<7.5.2": ">=7.5.2", "json5@<1.0.2": ">=1.0.2", "protobufjs@>=6.10.0 <7.2.4": ">=7.2.4", - "tough-cookie@<4.1.3": ">=4.1.3", - "crypto-js": "4.2.0" + "tough-cookie@<4.1.3": ">=4.1.3" } } } diff --git a/packages/sdk/package.json b/packages/sdk/package.json index 5a7e9af77ca..28d2b11ec39 100644 --- a/packages/sdk/package.json +++ b/packages/sdk/package.json @@ -144,7 +144,7 @@ "buffer": "^6.0.3", "eventemitter3": "^5.0.1", "fast-deep-equal": "^3.1.3", - "merkletreejs": "0.2.32", + "merkletreejs": "^0.2.24", "tiny-invariant": "^1.2.0", "tweetnacl": "^1.0.3", "uuid": "^9.0.1", diff --git a/packages/wallets/package.json b/packages/wallets/package.json index cac7a263788..d46f4c134ae 100644 --- a/packages/wallets/package.json +++ b/packages/wallets/package.json @@ -428,7 +428,7 @@ "asn1.js": "5.4.1", "bn.js": "5.2.0", "buffer": "^6.0.3", - "crypto-js": "^4.2.0", + "crypto-js": "^4.1.1", "eth-provider": "^0.13.6", "ethereumjs-util": "^7.1.3", "eventemitter3": "^5.0.1", @@ -473,7 +473,7 @@ "@preconstruct/cli": "2.7.0", "@thirdweb-dev/tsconfig": "workspace:*", "@types/bn.js": "^5.1.1", - "@types/crypto-js": "^4.1.3", + "@types/crypto-js": "^4.1.1", "abitype": "^0.2.5", "babel-plugin-transform-inline-environment-variables": "^0.4.4", "bs58": "^5.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a1f90862b1b..f1ddea3d1af 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,9 +1,5 @@ lockfileVersion: '6.0' -settings: - autoInstallPeers: true - excludeLinksFromLockfile: false - overrides: got@<11.8.5: '>=11.8.5' glob-parent@<5.1.2: '>=5.1.2' @@ -18,7 +14,6 @@ overrides: json5@<1.0.2: '>=1.0.2' protobufjs@>=6.10.0 <7.2.4: '>=7.2.4' tough-cookie@<4.1.3: '>=4.1.3' - crypto-js: 4.2.0 importers: @@ -162,7 +157,7 @@ importers: version: link:../eslint-config-thirdweb eslint-plugin-import: specifier: ^2.26.0 - version: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + version: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-inclusive-language: specifier: ^2.2.0 version: 2.2.0 @@ -606,7 +601,7 @@ importers: version: 0.0.4(eslint@8.45.0) eslint-plugin-import: specifier: ^2.26.0 - version: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + version: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-inclusive-language: specifier: ^2.2.0 version: 2.2.0 @@ -730,7 +725,7 @@ importers: version: 0.0.4(eslint@8.45.0) eslint-plugin-import: specifier: ^2.26.0 - version: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + version: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-inclusive-language: specifier: ^2.2.0 version: 2.2.0 @@ -909,7 +904,7 @@ importers: version: 6.0.3 eslint-plugin-import: specifier: ^2.26.0 - version: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + version: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-inclusive-language: specifier: ^2.2.0 version: 2.2.0 @@ -1029,7 +1024,7 @@ importers: specifier: ^3.1.3 version: 3.1.3 merkletreejs: - specifier: 0.2.32 + specifier: ^0.2.24 version: 0.2.32 tiny-invariant: specifier: ^1.2.0 @@ -1127,7 +1122,7 @@ importers: version: 0.0.4(eslint@8.45.0) eslint-plugin-import: specifier: ^2.26.0 - version: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + version: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-inclusive-language: specifier: ^2.2.0 version: 2.2.0 @@ -1428,8 +1423,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 crypto-js: - specifier: 4.2.0 - version: 4.2.0 + specifier: ^4.1.1 + version: 4.1.1 eth-provider: specifier: ^0.13.6 version: 0.13.6 @@ -1474,8 +1469,8 @@ importers: specifier: ^5.1.1 version: 5.1.1 '@types/crypto-js': - specifier: ^4.1.3 - version: 4.1.3 + specifier: ^4.1.1 + version: 4.1.1 abitype: specifier: ^0.2.5 version: 0.2.5(typescript@5.1.6)(zod@3.22.3) @@ -12060,8 +12055,8 @@ packages: '@types/node': 18.17.1 dev: true - /@types/crypto-js@4.1.3: - resolution: {integrity: sha512-YP1sYYayLe7Eg5oXyLLvOLfxBfZ5Fgpz6sVWkpB18wDMywCLPWmqzRz+9gyuOoLF0fzDTTFwlyNbx7koONUwqA==} + /@types/crypto-js@4.1.1: + resolution: {integrity: sha512-BG7fQKZ689HIoc5h+6D2Dgq1fABRa0RbBWKBd9SP/MVRVXROflpm5fhwyATX5duFmbStzyzyycPB8qUYKDH3NA==} dev: true /@types/debug@4.1.7: @@ -15727,8 +15722,12 @@ packages: engines: {node: '>=8'} dev: true - /crypto-js@4.2.0: - resolution: {integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==} + /crypto-js@3.3.0: + resolution: {integrity: sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q==} + dev: false + + /crypto-js@4.1.1: + resolution: {integrity: sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==} dev: false /crypto-random-string@1.0.0: @@ -17134,7 +17133,7 @@ packages: eslint: 8.45.0 eslint-import-resolver-node: 0.3.7 eslint-import-resolver-typescript: 3.5.3(eslint-plugin-import@2.27.5)(eslint@8.45.0) - eslint-plugin-import: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + eslint-plugin-import: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-jsx-a11y: 6.7.1(eslint@8.45.0) eslint-plugin-react: 7.33.0(eslint@8.45.0) eslint-plugin-react-hooks: 5.0.0-canary-7118f5dd7-20230705(eslint@8.45.0) @@ -17170,7 +17169,7 @@ packages: confusing-browser-globals: 1.0.11 eslint: 8.45.0 eslint-plugin-flowtype: 8.0.3(@babel/plugin-syntax-flow@7.22.5)(@babel/plugin-transform-react-jsx@7.22.5)(eslint@8.45.0) - eslint-plugin-import: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint@8.45.0) + eslint-plugin-import: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) eslint-plugin-jest: 25.7.0(@typescript-eslint/eslint-plugin@5.60.1)(eslint@8.45.0)(jest@27.5.1)(typescript@5.1.6) eslint-plugin-jsx-a11y: 6.7.1(eslint@8.45.0) eslint-plugin-react: 7.33.0(eslint@8.45.0) @@ -17214,7 +17213,7 @@ packages: debug: 4.3.4(supports-color@8.1.1) enhanced-resolve: 5.12.0 eslint: 8.45.0 - eslint-plugin-import: 2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0) + eslint-plugin-import: 2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0) get-tsconfig: 4.4.0 globby: 13.1.3 is-core-module: 2.11.0 @@ -17251,35 +17250,6 @@ packages: eslint-import-resolver-typescript: 3.5.3(eslint-plugin-import@2.27.5)(eslint@8.45.0) transitivePeerDependencies: - supports-color - dev: false - - /eslint-module-utils@2.7.4(@typescript-eslint/parser@6.2.0)(eslint-import-resolver-node@0.3.7)(eslint@8.45.0): - resolution: {integrity: sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA==} - engines: {node: '>=4'} - peerDependencies: - '@typescript-eslint/parser': '*' - eslint: '*' - eslint-import-resolver-node: '*' - eslint-import-resolver-typescript: '*' - eslint-import-resolver-webpack: '*' - peerDependenciesMeta: - '@typescript-eslint/parser': - optional: true - eslint: - optional: true - eslint-import-resolver-node: - optional: true - eslint-import-resolver-typescript: - optional: true - eslint-import-resolver-webpack: - optional: true - dependencies: - '@typescript-eslint/parser': 6.2.0(eslint@8.45.0)(typescript@5.1.6) - debug: 3.2.7 - eslint: 8.45.0 - eslint-import-resolver-node: 0.3.7 - transitivePeerDependencies: - - supports-color /eslint-plugin-better-tree-shaking@0.0.4(eslint@8.45.0): resolution: {integrity: sha512-Silr3osATHKt3i4SNhqIV52hvZKNvhxs042vlPsw4pUfOkOI9eCZIFg+Q5qZ2zFSNWRAfLbXfG0oHCIz7CbN7w==} @@ -17336,7 +17306,7 @@ packages: requireindex: 1.1.0 dev: true - /eslint-plugin-import@2.27.5(@typescript-eslint/parser@5.60.1)(eslint@8.45.0): + /eslint-plugin-import@2.27.5(@typescript-eslint/parser@5.60.1)(eslint-import-resolver-typescript@3.5.3)(eslint@8.45.0): resolution: {integrity: sha512-LmEt3GVofgiGuiE+ORpnvP+kAm3h6MLZJ4Q5HCyHADofsb4VzXFsRiWj3c0OFiV+3DWFh0qg3v9gcPlfc3zRow==} engines: {node: '>=4'} peerDependencies: @@ -17367,39 +17337,6 @@ packages: - eslint-import-resolver-typescript - eslint-import-resolver-webpack - supports-color - dev: false - - /eslint-plugin-import@2.27.5(@typescript-eslint/parser@6.2.0)(eslint@8.45.0): - resolution: {integrity: sha512-LmEt3GVofgiGuiE+ORpnvP+kAm3h6MLZJ4Q5HCyHADofsb4VzXFsRiWj3c0OFiV+3DWFh0qg3v9gcPlfc3zRow==} - engines: {node: '>=4'} - peerDependencies: - '@typescript-eslint/parser': '*' - eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 - peerDependenciesMeta: - '@typescript-eslint/parser': - optional: true - dependencies: - '@typescript-eslint/parser': 6.2.0(eslint@8.45.0)(typescript@5.1.6) - array-includes: 3.1.6 - array.prototype.flat: 1.3.1 - array.prototype.flatmap: 1.3.1 - debug: 3.2.7 - doctrine: 2.1.0 - eslint: 8.45.0 - eslint-import-resolver-node: 0.3.7 - eslint-module-utils: 2.7.4(@typescript-eslint/parser@6.2.0)(eslint-import-resolver-node@0.3.7)(eslint@8.45.0) - has: 1.0.3 - is-core-module: 2.11.0 - is-glob: 4.0.3 - minimatch: 3.1.2 - object.values: 1.1.6 - resolve: 1.22.1 - semver: 7.5.3 - tsconfig-paths: 3.14.2 - transitivePeerDependencies: - - eslint-import-resolver-typescript - - eslint-import-resolver-webpack - - supports-color /eslint-plugin-inclusive-language@2.2.0: resolution: {integrity: sha512-RzPeSjuw1NYiTSQyFzYl2uTDgiPQWDUmFCiGAMCITmXN627DsWZ9rR4KNzrb8vnk/gLL5qdYr8oxh44xsrcO5Q==} @@ -22560,7 +22497,7 @@ packages: dependencies: bignumber.js: 9.1.1 buffer-reverse: 1.0.1 - crypto-js: 4.2.0 + crypto-js: 3.3.0 treeify: 1.1.0 web3-utils: 1.8.2 dev: false @@ -25428,7 +25365,7 @@ packages: engines: {node: '>=12.0.0'} hasBin: true peerDependencies: - protobufjs: '>=7.2.4' + protobufjs: ^7.0.0 dependencies: chalk: 4.1.2 escodegen: 1.14.3 @@ -30235,3 +30172,7 @@ packages: /zod@3.22.3: resolution: {integrity: sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==} + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false