Skip to content

/ brave-browser

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cryptowallet shows known dependency vulnerabilities #5831

Closed
diracdeltas opened this issue Aug 28, 2019 · 1 comment
Closed

cryptowallet shows known dependency vulnerabilities #5831

diracdeltas opened this issue Aug 28, 2019 · 1 comment
Labels
feature/crypto-wallets priority/P2 security

Comments

@diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Aug 28, 2019

in https://github.com/brave/ethereum-remote-client running 'yarn audit' shows the following:

yarn audit v1.17.3
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m marked                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=0.7.0                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m jsdoc                                                        �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m jsdoc > marked                                               �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/1076                        �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m critical      �[90m│�[39m Arbitrary Code Execution                                     �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m eslint-utils                                                 �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=1.4.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m addons-linter                                                �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m addons-linter > eslint > eslint-utils                        �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/1118                        �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m critical      �[90m│�[39m Arbitrary Code Execution                                     �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m eslint-utils                                                 �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=1.4.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m eslint                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m eslint > eslint-utils                                        �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/1118                        �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m braces                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=2.3.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m gulp-stylefmt                                                �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m gulp-stylefmt > stylefmt > stylelint > micromatch > braces   �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/786                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m braces                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=2.3.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m gulp-stylefmt                                                �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m gulp-stylefmt > stylefmt > stylelint-order > stylelint >     �[90m│�[39m
�[90m│�[39m               �[90m│�[39m micromatch > braces                                          �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/786                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m braces                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=2.3.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m gulp-watch                                                   �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m gulp-watch > anymatch > micromatch > braces                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/786                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m braces                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=2.3.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m qunitjs                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m qunitjs > chokidar > anymatch > micromatch > braces          �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/786                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m braces                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=2.3.1                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m qunitjs                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m qunitjs > findup-sync > micromatch > braces                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/786                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Insecure Credential Storage                                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m web3                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m No patch available                                           �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m abi-decoder                                                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m abi-decoder > web3                                           �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/877                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Insecure Credential Storage                                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m web3                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m No patch available                                           �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m gaba                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m gaba > web3                                                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/877                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Insecure Credential Storage                                  �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m web3                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m No patch available                                           �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m web3                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m web3                                                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/877                         �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
�[90m┌───────────────�[39m�[90m┬──────────────────────────────────────────────────────────────┐�[39m
�[90m│�[39m low           �[90m│�[39m Regular Expression Denial of Service                         �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Package       �[90m│�[39m marked                                                       �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Patched in    �[90m│�[39m >=0.7.0                                                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Dependency of �[90m│�[39m @storybook/addon-info                                        �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m Path          �[90m│�[39m @storybook/addon-info > marksy > marked                      �[90m│�[39m
�[90m├───────────────�[39m�[90m┼──────────────────────────────────────────────────────────────┤�[39m
�[90m│�[39m More info     �[90m│�[39m https://www.npmjs.com/advisories/1076                        �[90m│�[39m
�[90m└───────────────�[39m�[90m┴──────────────────────────────────────────────────────────────┘�[39m
12 vulnerabilities found - Packages audited: 235673
Severity: 10 Low | 2 Critical
Done in 2.09s.
diracdeltas added a commit to brave/ethereum-remote-client that referenced this issue Aug 29, 2019
@diracdeltas
Fix for critical severity yarn audit errors
Loading status checks…
4e1eca4 
Partial fix for brave/brave-browser#5831
@diracdeltas diracdeltas mentioned this issue Aug 29, 2019
Merged
@ryanml
Copy link
Member

@ryanml ryanml commented Sep 10, 2019

Fixed via: brave/ethereum-remote-client#62
@ryanml ryanml closed this Sep 10, 2019
ryanml added a commit to brave/ethereum-remote-client that referenced this issue Dec 5, 2019
@diracdeltas @ryanml
Fix for critical severity yarn audit errors
6bd0c5c 
Partial fix for brave/brave-browser#5831
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature/crypto-wallets priority/P2 security
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@diracdeltas @ryanml
You can’t perform that action at this time.