From df29cf78ede37a2e1267d8385a1f10c18b50465f Mon Sep 17 00:00:00 2001 From: Ivan Shumkov Date: Wed, 7 Sep 2022 13:04:54 +0300 Subject: [PATCH] fix: security vulnerability in elliptic library (#501) * fix: security vulnerability in elliptic library * chore: yarn cache (cherry picked from commit a8e55d955318ede104e97315ace478fffe2c370a) --- .pnp.cjs | 33 ++++++++++++----------- packages/dapi/package.json | 2 +- packages/dash-spv/package.json | 2 +- packages/dashmate/package.json | 2 +- packages/js-dapi-client/package.json | 2 +- packages/js-dash-sdk/package.json | 2 +- packages/js-dpp/package.json | 2 +- packages/js-drive/package.json | 2 +- packages/platform-test-suite/package.json | 2 +- packages/wallet-lib/package.json | 2 +- yarn.lock | 33 ++++++++++++----------- 11 files changed, 43 insertions(+), 41 deletions(-) diff --git a/.pnp.cjs b/.pnp.cjs index 719e11c476a..e2010762507 100755 --- a/.pnp.cjs +++ b/.pnp.cjs @@ -2273,7 +2273,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@dashevo/dapi", "workspace:packages/dapi"],\ ["@dashevo/dapi-client", "workspace:packages/js-dapi-client"],\ ["@dashevo/dapi-grpc", "workspace:packages/dapi-grpc"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dashd-rpc", "npm:2.3.1"],\ ["@dashevo/dp-services-ctl", "https://github.com/dashevo/js-dp-services-ctl.git#commit=3976076b0018c5b4632ceda4c752fc597f27a640"],\ ["@dashevo/dpp", "workspace:packages/js-dpp"],\ @@ -2316,7 +2316,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@babel/core", "npm:7.16.0"],\ ["@dashevo/dapi-grpc", "workspace:packages/dapi-grpc"],\ ["@dashevo/dash-spv", "workspace:packages/dash-spv"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dpp", "workspace:packages/js-dpp"],\ ["@dashevo/grpc-common", "workspace:packages/js-grpc-common"],\ ["@grpc/grpc-js", "npm:1.4.4"],\ @@ -2403,7 +2403,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@dashevo/dash-spv", "workspace:packages/dash-spv"],\ ["@dashevo/dark-gravity-wave", "npm:1.1.1"],\ ["@dashevo/dash-util", "npm:2.0.3"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["eslint", "npm:7.32.0"],\ ["eslint-config-airbnb-base", "virtual:595d7482cc8ddf98ee6aef33fc48b46393554ab5f17f851ef62e6e39315e53666c3e66226b978689aa0bc7f1e83a03081511a21db1c381362fe67614887077f9#npm:14.2.1"],\ ["eslint-plugin-import", "virtual:595d7482cc8ddf98ee6aef33fc48b46393554ab5f17f851ef62e6e39315e53666c3e66226b978689aa0bc7f1e83a03081511a21db1c381362fe67614887077f9#npm:2.25.3"],\ @@ -2427,10 +2427,10 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { }]\ ]],\ ["@dashevo/dashcore-lib", [\ - ["npm:0.19.39", {\ - "packageLocation": "./.yarn/cache/@dashevo-dashcore-lib-npm-0.19.39-b28e06588f-e441cf46a9.zip/node_modules/@dashevo/dashcore-lib/",\ + ["npm:0.19.41", {\ + "packageLocation": "./.yarn/cache/@dashevo-dashcore-lib-npm-0.19.41-627817059a-4bc913c7ed.zip/node_modules/@dashevo/dashcore-lib/",\ "packageDependencies": [\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/x11-hash-js", "npm:1.0.2"],\ ["@types/node", "npm:12.20.37"],\ ["bloom-filter", "npm:0.2.0"],\ @@ -2438,9 +2438,10 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["bn.js", "npm:4.12.0"],\ ["bs58", "npm:4.0.1"],\ ["elliptic", "npm:6.5.3"],\ - ["eslint-config-prettier", "virtual:b28e06588f8884ad00999d9ef1772f24cee4941229e01144c8d0ec740c177a99fec30f4d4abc3e4fed61ea09a8dd1831c34fb8ad78b40153cc83d898499b5720#npm:8.3.0"],\ + ["eslint-config-prettier", "virtual:627817059a04417ce0d2c3dbbd1777d300ef4f1cc829538ceba81bb9cc42af8c20463a6728461712170e0653ef974eaffedab5e14f92a755678425ac68ff4b53#npm:8.3.0"],\ ["inherits", "npm:2.0.1"],\ ["lodash", "npm:4.17.21"],\ + ["ripemd160", "npm:2.0.2"],\ ["unorm", "npm:1.6.0"]\ ],\ "linkType": "HARD"\ @@ -2515,7 +2516,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@apidevtools/json-schema-ref-parser", "npm:8.0.0"],\ ["@babel/core", "npm:7.16.0"],\ ["@babel/preset-env", "virtual:58fb68f2aed20e5e0f2e48520ab903ae9bb3440369bfd5e912034003cf27c5aae368649fc5620dd2acbed578131f3a0975e75b838d77d12335fb0412e24026c6#npm:7.16.4"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dashpay-contract", "workspace:packages/dashpay-contract"],\ ["@dashevo/dpns-contract", "workspace:packages/dpns-contract"],\ ["@dashevo/feature-flags-contract", "workspace:packages/feature-flags-contract"],\ @@ -2583,7 +2584,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ["@dashevo/drive", "workspace:packages/js-drive"],\ ["@dashevo/abci", "https://github.com/dashevo/js-abci.git#commit=8806ff71cdac918f79920b1373824653f15698c5"],\ ["@dashevo/dapi-grpc", "workspace:packages/dapi-grpc"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dashd-rpc", "npm:2.3.1"],\ ["@dashevo/dashpay-contract", "workspace:packages/dashpay-contract"],\ ["@dashevo/dp-services-ctl", "https://github.com/dashevo/js-dp-services-ctl.git#commit=3976076b0018c5b4632ceda4c752fc597f27a640"],\ @@ -2731,7 +2732,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageDependencies": [\ ["@dashevo/platform-test-suite", "workspace:packages/platform-test-suite"],\ ["@dashevo/dapi-client", "workspace:packages/js-dapi-client"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dpns-contract", "workspace:packages/dpns-contract"],\ ["@dashevo/dpp", "workspace:packages/js-dpp"],\ ["@dashevo/feature-flags-contract", "workspace:packages/feature-flags-contract"],\ @@ -2839,7 +2840,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageDependencies": [\ ["@dashevo/wallet-lib", "workspace:packages/wallet-lib"],\ ["@dashevo/dapi-client", "workspace:packages/js-dapi-client"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dpp", "workspace:packages/js-dpp"],\ ["@dashevo/grpc-common", "workspace:packages/js-grpc-common"],\ ["assert", "npm:2.0.0"],\ @@ -7491,7 +7492,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageDependencies": [\ ["dash", "workspace:packages/js-dash-sdk"],\ ["@dashevo/dapi-client", "workspace:packages/js-dapi-client"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dashpay-contract", "workspace:packages/dashpay-contract"],\ ["@dashevo/dpns-contract", "workspace:packages/dpns-contract"],\ ["@dashevo/dpp", "workspace:packages/js-dpp"],\ @@ -7575,7 +7576,7 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { "packageLocation": "./packages/dashmate/",\ "packageDependencies": [\ ["dashmate", "workspace:packages/dashmate"],\ - ["@dashevo/dashcore-lib", "npm:0.19.39"],\ + ["@dashevo/dashcore-lib", "npm:0.19.41"],\ ["@dashevo/dashd-rpc", "npm:2.3.1"],\ ["@dashevo/dashpay-contract", "workspace:packages/dashpay-contract"],\ ["@dashevo/dpns-contract", "workspace:packages/dpns-contract"],\ @@ -8759,10 +8760,10 @@ function $$SETUP_STATE(hydrateRuntimeState, basePath) { ],\ "linkType": "SOFT"\ }],\ - ["virtual:b28e06588f8884ad00999d9ef1772f24cee4941229e01144c8d0ec740c177a99fec30f4d4abc3e4fed61ea09a8dd1831c34fb8ad78b40153cc83d898499b5720#npm:8.3.0", {\ - "packageLocation": "./.yarn/__virtual__/eslint-config-prettier-virtual-ee5d0e0f8d/0/cache/eslint-config-prettier-npm-8.3.0-f540cd1f53-df4cea3032.zip/node_modules/eslint-config-prettier/",\ + ["virtual:627817059a04417ce0d2c3dbbd1777d300ef4f1cc829538ceba81bb9cc42af8c20463a6728461712170e0653ef974eaffedab5e14f92a755678425ac68ff4b53#npm:8.3.0", {\ + "packageLocation": "./.yarn/__virtual__/eslint-config-prettier-virtual-4f8d5ecf6d/0/cache/eslint-config-prettier-npm-8.3.0-f540cd1f53-df4cea3032.zip/node_modules/eslint-config-prettier/",\ "packageDependencies": [\ - ["eslint-config-prettier", "virtual:b28e06588f8884ad00999d9ef1772f24cee4941229e01144c8d0ec740c177a99fec30f4d4abc3e4fed61ea09a8dd1831c34fb8ad78b40153cc83d898499b5720#npm:8.3.0"],\ + ["eslint-config-prettier", "virtual:627817059a04417ce0d2c3dbbd1777d300ef4f1cc829538ceba81bb9cc42af8c20463a6728461712170e0653ef974eaffedab5e14f92a755678425ac68ff4b53#npm:8.3.0"],\ ["@types/eslint", null],\ ["eslint", null]\ ],\ diff --git a/packages/dapi/package.json b/packages/dapi/package.json index ec10cabec1b..cbee185ffb4 100644 --- a/packages/dapi/package.json +++ b/packages/dapi/package.json @@ -34,7 +34,7 @@ }, "dependencies": { "@dashevo/dapi-grpc": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dashd-rpc": "^2.3.1", "@dashevo/dpp": "workspace:~", "@dashevo/grpc-common": "workspace:~", diff --git a/packages/dash-spv/package.json b/packages/dash-spv/package.json index 47538d615d9..90bf59cbcb5 100644 --- a/packages/dash-spv/package.json +++ b/packages/dash-spv/package.json @@ -13,7 +13,7 @@ "dependencies": { "@dashevo/dark-gravity-wave": "^1.1.1", "@dashevo/dash-util": "^2.0.3", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "levelup": "^4.4.0", "memdown": "^5.1.0" }, diff --git a/packages/dashmate/package.json b/packages/dashmate/package.json index 6ea2adce7c5..3c6d4e14e2d 100644 --- a/packages/dashmate/package.json +++ b/packages/dashmate/package.json @@ -46,7 +46,7 @@ }, "homepage": "https://github.com/dashevo/dashmate#readme", "dependencies": { - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dashd-rpc": "^2.3.1", "@dashevo/dashpay-contract": "workspace:~", "@dashevo/dpns-contract": "workspace:~", diff --git a/packages/js-dapi-client/package.json b/packages/js-dapi-client/package.json index 2bae10626a0..302b86daa7f 100644 --- a/packages/js-dapi-client/package.json +++ b/packages/js-dapi-client/package.json @@ -28,7 +28,7 @@ "dependencies": { "@dashevo/dapi-grpc": "workspace:~", "@dashevo/dash-spv": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dpp": "workspace:~", "@dashevo/grpc-common": "workspace:~", "@grpc/grpc-js": "^1.3.7", diff --git a/packages/js-dash-sdk/package.json b/packages/js-dash-sdk/package.json index 64325bf4839..d21be2dabf1 100644 --- a/packages/js-dash-sdk/package.json +++ b/packages/js-dash-sdk/package.json @@ -36,7 +36,7 @@ "homepage": "https://github.com/dashevo/DashJS#readme", "dependencies": { "@dashevo/dapi-client": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dashpay-contract": "workspace:~", "@dashevo/dpns-contract": "workspace:~", "@dashevo/dpp": "workspace:~", diff --git a/packages/js-dpp/package.json b/packages/js-dpp/package.json index 38fc9400a52..35c7094c2da 100644 --- a/packages/js-dpp/package.json +++ b/packages/js-dpp/package.json @@ -83,7 +83,7 @@ }, "dependencies": { "@apidevtools/json-schema-ref-parser": "^8.0.0", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dashpay-contract": "workspace:~", "@dashevo/dpns-contract": "workspace:~", "@dashevo/feature-flags-contract": "workspace:~", diff --git a/packages/js-drive/package.json b/packages/js-drive/package.json index 68e82ba3515..2e6755253f8 100644 --- a/packages/js-drive/package.json +++ b/packages/js-drive/package.json @@ -67,7 +67,7 @@ "dependencies": { "@dashevo/abci": "github:dashevo/js-abci#v0.22-dev", "@dashevo/dapi-grpc": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dashd-rpc": "^2.3.1", "@dashevo/dashpay-contract": "workspace:~", "@dashevo/dpns-contract": "workspace:~", diff --git a/packages/platform-test-suite/package.json b/packages/platform-test-suite/package.json index 6c6be7380f8..6079a285ca4 100644 --- a/packages/platform-test-suite/package.json +++ b/packages/platform-test-suite/package.json @@ -21,7 +21,7 @@ "homepage": "https://github.com/dashevo/platform-test-suite#readme", "dependencies": { "@dashevo/dapi-client": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dpns-contract": "workspace:~", "@dashevo/dpp": "workspace:~", "@dashevo/feature-flags-contract": "workspace:~", diff --git a/packages/wallet-lib/package.json b/packages/wallet-lib/package.json index 457f21244c5..1c19a853039 100644 --- a/packages/wallet-lib/package.json +++ b/packages/wallet-lib/package.json @@ -43,7 +43,7 @@ "homepage": "https://github.com/dashevo/wallet-lib#readme", "dependencies": { "@dashevo/dapi-client": "workspace:~", - "@dashevo/dashcore-lib": "~0.19.39", + "@dashevo/dashcore-lib": "~0.19.41", "@dashevo/dpp": "workspace:~", "@dashevo/grpc-common": "workspace:~", "cbor": "^8.0.0", diff --git a/yarn.lock b/yarn.lock index 8ff1d2a6d3d..e7f491d9279 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1292,7 +1292,7 @@ __metadata: "@babel/core": ^7.15.5 "@dashevo/dapi-grpc": "workspace:~" "@dashevo/dash-spv": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dpp": "workspace:~" "@dashevo/grpc-common": "workspace:~" "@grpc/grpc-js": ^1.3.7 @@ -1366,7 +1366,7 @@ __metadata: dependencies: "@dashevo/dapi-client": "workspace:~" "@dashevo/dapi-grpc": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dashd-rpc": ^2.3.1 "@dashevo/dp-services-ctl": "github:dashevo/js-dp-services-ctl#v0.19-dev" "@dashevo/dpp": "workspace:~" @@ -1413,7 +1413,7 @@ __metadata: dependencies: "@dashevo/dark-gravity-wave": ^1.1.1 "@dashevo/dash-util": ^2.0.3 - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 eslint: ^7.32.0 eslint-config-airbnb-base: ^14.2.1 eslint-plugin-import: ^2.24.2 @@ -1434,22 +1434,23 @@ __metadata: languageName: node linkType: hard -"@dashevo/dashcore-lib@npm:~0.19.39": - version: 0.19.39 - resolution: "@dashevo/dashcore-lib@npm:0.19.39" +"@dashevo/dashcore-lib@npm:~0.19.41": + version: 0.19.41 + resolution: "@dashevo/dashcore-lib@npm:0.19.41" dependencies: "@dashevo/x11-hash-js": ^1.0.2 "@types/node": ^12.12.47 bloom-filter: ^0.2.0 bls-signatures: ^0.2.5 - bn.js: =4.11.8 + bn.js: ^4.12.0 bs58: =4.0.1 - elliptic: 6.5.3 + elliptic: ^6.5.4 eslint-config-prettier: ^8.3.0 inherits: =2.0.1 lodash: ^4.17.20 + ripemd160: ^2.0.2 unorm: ^1.6.0 - checksum: e441cf46a95bc777d9b5d966d05cbf423bea1d8a6721493f94973f7d500c870fc2f55f20cc5feecfb6784bf8617b4342e4cade784ece3cad2263510dfc7a440d + checksum: 4bc913c7ed4ee0c800fd6b481c722422d8345798493a50e833f62b880c963e3aec9941e95ec161c16bbafef7157d31277ac22386b9a4c6cf5cf69ce1322e1c14 languageName: node linkType: hard @@ -1515,7 +1516,7 @@ __metadata: "@apidevtools/json-schema-ref-parser": ^8.0.0 "@babel/core": ^7.15.5 "@babel/preset-env": ^7.15.4 - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dashpay-contract": "workspace:~" "@dashevo/dpns-contract": "workspace:~" "@dashevo/feature-flags-contract": "workspace:~" @@ -1581,7 +1582,7 @@ __metadata: dependencies: "@dashevo/abci": "github:dashevo/js-abci#v0.22-dev" "@dashevo/dapi-grpc": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dashd-rpc": ^2.3.1 "@dashevo/dashpay-contract": "workspace:~" "@dashevo/dp-services-ctl": "github:dashevo/js-dp-services-ctl#v0.19-dev" @@ -1705,7 +1706,7 @@ __metadata: resolution: "@dashevo/platform-test-suite@workspace:packages/platform-test-suite" dependencies: "@dashevo/dapi-client": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dpns-contract": "workspace:~" "@dashevo/dpp": "workspace:~" "@dashevo/feature-flags-contract": "workspace:~" @@ -1817,7 +1818,7 @@ __metadata: resolution: "@dashevo/wallet-lib@workspace:packages/wallet-lib" dependencies: "@dashevo/dapi-client": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dpp": "workspace:~" "@dashevo/grpc-common": "workspace:~" assert: ^2.0.0 @@ -5634,7 +5635,7 @@ __metadata: resolution: "dash@workspace:packages/js-dash-sdk" dependencies: "@dashevo/dapi-client": "workspace:~" - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dashpay-contract": "workspace:~" "@dashevo/dpns-contract": "workspace:~" "@dashevo/dpp": "workspace:~" @@ -5706,7 +5707,7 @@ __metadata: version: 0.0.0-use.local resolution: "dashmate@workspace:packages/dashmate" dependencies: - "@dashevo/dashcore-lib": ~0.19.39 + "@dashevo/dashcore-lib": ~0.19.41 "@dashevo/dashd-rpc": ^2.3.1 "@dashevo/dashpay-contract": "workspace:~" "@dashevo/dpns-contract": "workspace:~" @@ -12781,7 +12782,7 @@ fsevents@~2.3.2: languageName: node linkType: hard -"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1": +"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1, ripemd160@npm:^2.0.2": version: 2.0.2 resolution: "ripemd160@npm:2.0.2" dependencies: