chore: updates vulnerable dependencies #923

rhyslbw · 2024-02-16T12:59:35Z

Result of npm audit fix. Includes fix for GHSA-78xj-cgh5-2h22

renanvalentin · 2024-02-16T13:05:47Z

does it also needs to update the package.json?

rhyslbw · 2024-02-16T13:07:34Z

No @renanvalentin, it's an indirect dependency

pczeglik-iohk · 2024-02-16T13:15:56Z

@renanvalentin @rhyslbw I believe we do not need to bump-up any version as this change is related to @trezor/connect-web package:

λ npm ls ip-address
nami-wallet@3.7.0 /Users/piotrczeglik/Work/PROJECTS/NAMI/nami
└─┬ @trezor/connect-web@9.1.5
  └─┬ @trezor/connect@9.1.5
    └─┬ @trezor/blockchain-link@2.1.18
      └─┬ socks-proxy-agent@6.1.1
        └─┬ socks@2.7.3
          └── ip-address@9.0.5

and we have this dependency defined as "@trezor/connect-web": "^9.0.11" (note ^), so we are good, no need to update package.json. Once package-lock.json merged it will keep this dependency version locked :)

chore: updates vulnerable dependencies

be75f8f

rhyslbw requested review from DominikGuzei, renanvalentin and lucas-barros February 16, 2024 13:03

lucas-barros approved these changes Feb 16, 2024

View reviewed changes

renanvalentin approved these changes Feb 16, 2024

View reviewed changes

rhyslbw merged commit 70b00fb into main Feb 16, 2024
1 check passed

rhyslbw deleted the chore/update-deps branch February 16, 2024 13:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: updates vulnerable dependencies #923

chore: updates vulnerable dependencies #923

rhyslbw commented Feb 16, 2024

renanvalentin commented Feb 16, 2024

rhyslbw commented Feb 16, 2024

pczeglik-iohk commented Feb 16, 2024

chore: updates vulnerable dependencies #923

chore: updates vulnerable dependencies #923

Conversation

rhyslbw commented Feb 16, 2024

renanvalentin commented Feb 16, 2024

rhyslbw commented Feb 16, 2024

pczeglik-iohk commented Feb 16, 2024