Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #43

wants to merge 1 commit into from

Conversation

Brandylee24
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/web3-onboard-demo/package.json
    • examples/web3-onboard-demo/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 170/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5		 Improper Validation of Integrity Check Value
SNYK-JS-SECP256K1-8237220		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @coinbase/wallet-sdk The new version differs by 39 commits.

See the full diff

Package name: @web3-onboard/coinbase The new version differs by 250 commits.
  • a9e91d2 Merge pull request #1830 from blocknative/release/2.24.4
  • 862669f Merge branch 'develop' into release/2.24.4
  • 9388959 Merge in latest develop
  • cc4b8b0 Bump fast-xml-parser from 4.2.4 to 4.2.5 in /docs (#1828)
  • 05c7853 Merge in latest develop and test
  • 8ce7e6f Update to latest vite and test
  • c2a8de8 Bump semver from 6.3.0 to 6.3.1 in /examples/with-ledger (#1827)
  • 452d942 Bump @ antfu/utils from 0.7.2 to 0.7.4 in /docs (#1753)
  • 24f2d5c Bump vite from 4.3.5 to 4.3.9 in /docs (#1757)
  • 92da953 Bump fast-xml-parser from 4.2.2 to 4.2.4 in /docs (#1761)
  • 63ca515 Bump semver from 6.3.0 to 6.3.1 in /examples/with-vuejs-v2 (#1826)
  • bcc4be3 Bump semver from 6.3.0 to 6.3.1 in /examples/with-nextjs (#1825)
  • 667b753 feat: update dappauth lib for compatibility (#1781)
  • 009fcd3 Merge branch 'docs' into release/2.24.4
  • f1640bc Merge branch 'main' into release/2.24.4
  • 637db65 Update docs for WC implementation
  • 4e8f66c Update Wallet Connect V2 for vite example (#1802)
  • 7cc952f Fix: Add WC validation for props, add prop to handle MetaMask usage through WC, Bump Coinbase sdk version (#1822)
  • aef4362 Merge pull request #1814 from blocknative/release/2.24.3
  • b2fa704 Merge pull request #1812 from blocknative/release/2.24.3
  • 31583e3 Merge pull request #1813 from blocknative/release/2.24.3
  • 8fd2751 Merge branch 'docs' into release/2.24.3
  • 2302d67 Merge branch 'main' into release/2.24.3
  • 83fe1f6 Remove alpha flags from docs and demo

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: examples/web3-onboard-demo/package.json & examples/web3-onboard-…
e2a8089 
…demo/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Brandylee24 @snyk-bot