MetaMask
/
metamask-mobile
mirror of https://github.com/MetaMask/metamask-mobile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Patch recent disclosures (#3641)

Browse Source 
* patch vulns

* use number for skip

* remove unused params
pull/3623/head^2
ricky 1 year ago committed by GitHub
parent d0609899a3
commit 4ed68481d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 27 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      package.json
  2. 3
      scripts/yarn-audit.sh
  3. 59
      yarn.lock

7
package.json
Unescape View File

@ -3,7 +3,7 @@
"version": "4.0.0",
"private": true,
"scripts": {
"audit:ci": "./scripts/yarn-audit.sh audit dependencies",
"audit:ci": "./scripts/yarn-audit.sh",
"watch": "./scripts/build.sh watcher watch",
"watch:clean": "./scripts/build.sh watcher clean",
"clean:ios": "rm -rf ios/build",
@ -68,6 +68,7 @@
]
},
"resolutions": {
"**/nanoid": "^3.1.31",
"**/json-schema": "^0.4.0",
"@sentry/react-native/**/xmldom": "^0.6.0",
"@walletconnect/**/ws": "^7.4.6",
@ -76,7 +77,7 @@
"**/pac-resolver": "^5.0.0",
"**/ansi-regex": "^5.0.1",
"**/immer": "^9.0.6",
"**/node-fetch": "^2.6.1",
"**/node-fetch": "^2.6.7",
"**/node-notifier": "^8.0.1",
"**/lodash": "^4.17.21",
"**/ua-parser-js": "^0.7.24",
@ -117,7 +118,7 @@
"@walletconnect/client": "^1.5.1",
"@walletconnect/utils": "^1.5.1",
"asyncstorage-down": "4.2.0",
"axios": "^0.21.2",
"axios": "^0.25",
"babel-plugin-transform-inline-environment-variables": "0.4.3",
"babel-plugin-transform-remove-console": "6.9.4",
"base-64": "1.0.0",

3
scripts/yarn-audit.sh
Unescape View File

@ -3,10 +3,9 @@
set -u
set -o pipefail
# yarn audit --level moderate --groups dependencies
# use `improved-yarn-audit` since that allows for exclude
# exclude `ws` until we can come up with a better solution
yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1005099
yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1005099,1006820
audit_status="$?"
# Use a bitmask to ignore INFO and LOW severity audit results

59
yarn.lock
Unescape View File

@ -3778,12 +3778,12 @@ aws4@^1.8.0:
resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.11.0.tgz#d61f46d83b2519250e2784daf5b09479a8b41c59"
integrity sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==
axios@^0.21.2:
version "0.21.4"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg==
axios@^0.25:
version "0.25.0"
resolved "https://registry.yarnpkg.com/axios/-/axios-0.25.0.tgz#349cfbb31331a9b4453190791760a8d35b093e0a"
integrity sha512-cD8FOb0tRH3uuEe6+evtAbgJtfxr7ly3fQjYcMcuPlgkwVS9xboaVIpcDV+cYQe+yGykgwZCs1pzjntcGa6l5g==
dependencies:
follow-redirects "^1.14.0"
follow-redirects "^1.14.7"
babel-core@7.0.0-bridge.0, babel-core@^7.0.0-bridge.0:
version "7.0.0-bridge.0"
@ -7741,10 +7741,10 @@ flow-parser@^0.121.0:
resolved "https://registry.yarnpkg.com/flow-parser/-/flow-parser-0.121.0.tgz#9f9898eaec91a9f7c323e9e992d81ab5c58e618f"
integrity sha512-1gIBiWJNR0tKUNv8gZuk7l9rVX06OuLzY9AoGio7y/JT4V1IZErEMEq2TJS+PFcw/y0RshZ1J/27VfK1UQzYVg==
follow-redirects@^1.14.0:
version "1.14.4"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.4.tgz#838fdf48a8bbdd79e52ee51fb1c94e3ed98b9379"
integrity sha512-zwGkiSXC1MUJG/qmeIFH2HBJx9u0V46QGUe3YR1fXG8bXQxq7fLj0RjLZQ5nubr9qNJUZrH+xUcwXEoXNpfS+g==
follow-redirects@^1.14.7:
version "1.14.7"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685"
integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ==
for-in@^1.0.2:
version "1.0.2"
@ -8680,11 +8680,6 @@ internal-slot@^1.0.3:
has "^1.0.3"
side-channel "^1.0.4"
intl@^1.2.5:
version "1.2.5"
resolved "https://registry.yarnpkg.com/intl/-/intl-1.2.5.tgz#82244a2190c4e419f8371f5aa34daa3420e2abde"
integrity sha1-giRKIZDE5Bn4Nx9ao02qNCDiq94=
invariant@2.2.4, invariant@^2.2.2, invariant@^2.2.4:
version "2.2.4"
resolved "https://registry.yarnpkg.com/invariant/-/invariant-2.2.4.tgz#610f3c92c9359ce1db616e538008d23ff35158e6"
@ -11020,10 +11015,10 @@ nano-json-stream-parser@^0.1.2:
resolved "https://registry.yarnpkg.com/nano-json-stream-parser/-/nano-json-stream-parser-0.1.2.tgz#0cc8f6d0e2b622b479c40d499c46d64b755c6f5f"
integrity sha1-DMj20OK2IrR5xA1JnEbWS3Vcb18=
nanoid@^3.1.12, nanoid@^3.1.15:
version "3.1.23"
resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.23.tgz#f744086ce7c2bc47ee0a8472574d5c78e4183a81"
integrity sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==
nanoid@^3.1.12, nanoid@^3.1.15, nanoid@^3.1.31:
version "3.2.0"
resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.2.0.tgz#62667522da6673971cca916a6d3eff3f415ff80c"
integrity sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA==
nanomatch@^1.2.9:
version "1.2.13"
@ -11133,10 +11128,12 @@ node-emoji@1.8.1:
dependencies:
lodash.toarray "^4.4.0"
node-fetch@2.1.2, node-fetch@2.6.1, node-fetch@^2.0.0-alpha.8, node-fetch@^2.2.0, node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@~1.7.1:
version "2.6.1"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
node-fetch@2.1.2, node-fetch@2.6.1, node-fetch@^2.0.0-alpha.8, node-fetch@^2.2.0, node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.7, node-fetch@~1.7.1:
version "2.6.7"
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
dependencies:
whatwg-url "^5.0.0"
node-gyp-build@^4.2.0:
version "4.2.3"
@ -14796,6 +14793,11 @@ tr46@^2.1.0:
dependencies:
punycode "^2.1.1"
tr46@~0.0.3:
version "0.0.3"
resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=
traverse@~0.6.3:
version "0.6.6"
resolved "https://registry.yarnpkg.com/traverse/-/traverse-0.6.6.tgz#cbdf560fd7b9af632502fed40f918c157ea97137"
@ -15576,6 +15578,11 @@ web3@1.6.1, web3@^0.20.7:
web3-shh "1.6.1"
web3-utils "1.6.1"
webidl-conversions@^3.0.0:
version "3.0.1"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=
webidl-conversions@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff"
@ -15629,6 +15636,14 @@ whatwg-url-without-unicode@8.0.0-3:
punycode "^2.1.1"
webidl-conversions "^5.0.0"
whatwg-url@^5.0.0:
version "5.0.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
dependencies:
tr46 "~0.0.3"
webidl-conversions "^3.0.0"
whatwg-url@^8.0.0, whatwg-url@^8.5.0:
version "8.7.0"
resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.7.0.tgz#656a78e510ff8f3937bc0bcbe9f5c0ac35941b77"

Write Preview
Loading…
Cancel
Save