Skip to content

[Snyk] Fix for 2 vulnerabilities #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
internetbuilder wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #139

internetbuilder wants to merge 1 commit into from

Conversation

@internetbuilder
Copy link
Owner

@internetbuilder internetbuilder commented Oct 15, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • libs/remix-debug/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 701/1000
Why? Recently disclosed, Has a fix available, CVSS 8.3		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8172694		 Yes No Known Exploit
high severity 828/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8187303		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @ethereumjs/vm The new version differs by 231 commits.

See the full diff

Package name: @remix-project/remix-astwalker The new version differs by 250 commits.
  • 8d1e0c7 contine polling if contract address not available
  • 8c90936 fix event subscribing walletconnect
  • b0e44b8 fix spamming the network
  • d4850df add try/catch and increase polling interval
  • 3028b9f fix printing context values
  • a9a9f09 fix e2e test
  • 49ec740 return error from gasEstimate if EvmError
  • 1e9049d fix wallet connect
  • 677bbfb add more type for safety
  • 3d5aa36 language btn style changes
  • aabce09 fix encoding boolean
  • c1a5683 update Semaphore workspace readme
  • c9505ee change cursor to pointer for the dropdown
  • c61e6c2 fix text color for dropdown items
  • 7162de3 fix dropdown issues
  • f94a982 tooltips while dragging
  • ae4e927 show tooltip on button
  • 6c563c3 Ensure url is consistent for circom dev deps
  • 3639634 updated contribution file
  • 47c0021 Update README.md
  • 68a226e Update README.md - Fix Discord invite link expiration
  • b68ee6d Rename helloWorld.sol to HelloWorld.sol
  • 1e7516e update text
  • 6fcb8e9 natspec

See the full diff

Package name: web3 The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@internetbuilder @snyk-bot