From 5bfbd36921d0299f5013a67e2aedd1ae6a6cb2de Mon Sep 17 00:00:00 2001
From: blockiosaurus <blockiosaurus@gmail.com>
Date: Tue, 14 Nov 2023 14:02:15 -0500
Subject: [PATCH] Updating to address crypto package exploit.

---
 packages/js/package.json |  4 ++--
 pnpm-lock.yaml           | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/packages/js/package.json b/packages/js/package.json
index d1fd6da58..a87f9d36e 100644
--- a/packages/js/package.json
+++ b/packages/js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@metaplex-foundation/js",
-  "version": "0.20.0",
+  "version": "0.20.1",
   "sideEffects": false,
   "module": "dist/esm/index.mjs",
   "main": "dist/cjs/index.cjs",
@@ -64,7 +64,7 @@
     "eventemitter3": "^4.0.7",
     "lodash.clonedeep": "^4.5.0",
     "lodash.isequal": "^4.5.0",
-    "merkletreejs": "^0.2.32",
+    "merkletreejs": "^0.3.11",
     "mime": "^3.0.0",
     "node-fetch": "^2.6.7"
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 691c4d807..182c273cf 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -228,8 +228,8 @@ importers:
         specifier: ^4.5.0
         version: 4.5.0
       merkletreejs:
-        specifier: ^0.2.32
-        version: 0.2.32
+        specifier: ^0.3.11
+        version: 0.3.11
       mime:
         specifier: ^3.0.0
         version: 3.0.0
@@ -5337,8 +5337,8 @@ packages:
       which: 2.0.2
     dev: true
 
-  /crypto-js@3.3.0:
-    resolution: {integrity: sha512-DIT51nX0dCfKltpRiXV+/TVZq+Qq2NgF4644+K7Ttnla7zEzqc+kjJyiB96BHNyUTBxyjzRcZYpUdZa+QAqi6Q==}
+  /crypto-js@4.2.0:
+    resolution: {integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==}
     dev: false
 
   /csv-generate@3.4.3:
@@ -7858,13 +7858,13 @@ packages:
     engines: {node: '>= 8'}
     dev: true
 
-  /merkletreejs@0.2.32:
-    resolution: {integrity: sha512-TostQBiwYRIwSE5++jGmacu3ODcKAgqb0Y/pnIohXS7sWxh1gCkSptbmF1a43faehRDpcHf7J/kv0Ml2D/zblQ==}
+  /merkletreejs@0.3.11:
+    resolution: {integrity: sha512-LJKTl4iVNTndhL+3Uz/tfkjD0klIWsHlUzgtuNnNrsf7bAlXR30m+xYB7lHr5Z/l6e/yAIsr26Dabx6Buo4VGQ==}
     engines: {node: '>= 7.6.0'}
     dependencies:
       bignumber.js: 9.1.1
       buffer-reverse: 1.0.1
-      crypto-js: 3.3.0
+      crypto-js: 4.2.0
       treeify: 1.1.0
       web3-utils: 1.8.1
     dev: false