Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore(deps): ensure we pull elliptic >= 6.6.1 #6495

Merged
merged 1 commit into from
Feb 17, 2025
Merged

chore(deps): ensure we pull elliptic >= 6.6.1 #6495

merged 1 commit into from
Feb 17, 2025

Conversation

jeanregisser
Copy link
Member

Description

Addresses GHSA-vjh7-7g9h-fjfh

Test plan

  • Tests pass

Related issues

Backwards compatibility

Yes

Network scalability

If a new NetworkId and/or Network are added in the future, the changes in this PR will:

  • Continue to work without code changes, OR trigger a compilation error (guaranteeing we find it when a new network is added)

jeanregisser
jeanregisser commented Feb 17, 2025
View reviewed changes
package.json
@@ -283,6 +283,7 @@
"yargs": "^17.7.2"
},
"resolutions": {
"elliptic": "^6.6.1",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to use a resolution, because the funding scripts uses ethers 5 because of the mento-sdk. And ethers 5 has a fixed dependency on elliptic@6.5.4

sviderock
sviderock approved these changes Feb 17, 2025
View reviewed changes
Copy link
Contributor

@sviderock sviderock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Thank you for figuring this out!

@codecov Codecov
Copy link

codecov bot commented Feb 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.04%. Comparing base (3aa776c) to head (a94d73b).
Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #6495   +/-   ##
=======================================
  Coverage   89.04%   89.04%           
=======================================
  Files         732      732           
  Lines       31847    31847           
  Branches     6139     6139           
=======================================
  Hits        28358    28358           
  Misses       3442     3442           
  Partials       47       47

see 1 file with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3aa776c...a94d73b. Read the comment docs.

@jeanregisser jeanregisser added this pull request to the merge queue Feb 17, 2025
Merged via the queue into main with commit 6ecfc3c Feb 17, 2025
15 checks passed
@jeanregisser jeanregisser deleted the jeanregisser/fix-elliptic-vuln-check branch February 17, 2025 14:57
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bakoushin bakoushin bakoushin approved these changes

@sviderock sviderock sviderock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeanregisser @bakoushin @sviderock