Switch to pnpm and add min age #1
Conversation
![semgrep-code-monad-developers[bot]](https://avatars.githubusercontent.com/u/191391794?s=60&v=4){kind=small}
pnpm-lock.yaml
Outdated
| '@coinbase/[email protected]': | ||
| resolution: {integrity: sha512-N/A2DRIf0Y3PHc1XAMvbBUu4zisna6qAdqABMZwBMNEfWrXpAwx16pZGkYCLGE+Rvv1edbcB2LYDRnACNcmCiw==} | ||
|
|
||
| '@coinbase/[email protected]': |
There was a problem hiding this comment.
Risk: Affected versions of @coinbase/wallet-sdk are vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior. Outdated versions of the Coinbase Wallet SDK are vulnerable to potential security risks due to the absence of critical updates. While this vulnerability does not directly compromise user keys, smart contracts, or funds, it may expose applications that rely on the SDK to threats via unpatched security weaknesses. Users are advised to upgrade to version >= 4.3.0 to mitigate these risks.
Fix: Upgrade this library to at least version 4.3.0 at monad-china101-demo/pnpm-lock.yaml:394.
Reference(s): GHSA-8rgj-285w-qcq4
🥳 Fixed in commit 75921af 🥳
pnpm-lock.yaml
Outdated
| resolution: {integrity: sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==} | ||
| engines: {node: '>=6.9.0'} | ||
|
|
||
| '@babel/[email protected]': |
There was a problem hiding this comment.
Risk: Affected versions of @babel/traverse, babel-traverse, @babel/plugin-transform-runtime, @babel/preset-env, @babel/helper-define-polyfill-provider, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-corejs3, babel-plugin-polyfill-es-shims, and babel-plugin-polyfill-regenerator are vulnerable to Incomplete List Of Disallowed Inputs. An attacker can exploit a vulnerability in the internal Babel methods path.evaluate() or path.evaluateTruthy() by compiling specially crafted code, potentially resulting in arbitrary code execution during compilation. babel-traverse does not have a fix version. If you are using babel-traverse, switch to @babel/traverse.
Manual Review Advice: A vulnerability from this advisory is reachable if you use Babel to compile untrusted JavaScript
Fix: Upgrade this library to at least version 7.23.2 at monad-china101-demo/pnpm-lock.yaml:371.
Reference(s): GHSA-67hx-6x53-jw92, CVE-2023-45133
🎈 Fixed in commit 75921af 🎈
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
No description provided.