From b40c7fe65936e015b2a79ef02aa4e14d7b011520 Mon Sep 17 00:00:00 2001 From: Milad Nekofar Date: Thu, 31 Oct 2024 22:38:24 +0400 Subject: [PATCH 1/3] chore(deps): add `secp256k1` and update resolutions Ensure compatibility and secure handling of dependencies. --- package.json | 1 + pnpm-lock.yaml | 35 ++++++++++++++++++----------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index c97f805..e2a10ff 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "flat": ">=5.0.1", "minimatch": ">=3.0.5", "request": ">=2.88.2", + "secp256k1": ">=4.0.4", "tough-cookie": ">=4.1.3", "word-wrap": ">=1.2.4" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f000842..ceb19db 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,6 +10,7 @@ overrides: flat: '>=5.0.1' minimatch: '>=3.0.5' request: '>=2.88.2' + secp256k1: '>=4.0.4' tough-cookie: '>=4.1.3' word-wrap: '>=1.2.4' @@ -25,7 +26,7 @@ importers: version: 5.0.2(@openzeppelin/contracts@5.0.2) '@openzeppelin/foundry-upgrades': specifier: OpenZeppelin/openzeppelin-foundry-upgrades - version: openzeppelin-foundry-upgrades@git+https://git@github.com:OpenZeppelin/openzeppelin-foundry-upgrades.git#16e0ae21e0e39049f619f2396fa28c57fad07368 + version: openzeppelin-foundry-upgrades@https://codeload.github.com/OpenZeppelin/openzeppelin-foundry-upgrades/tar.gz/16e0ae21e0e39049f619f2396fa28c57fad07368 '@openzeppelin/hardhat-upgrades': specifier: 3.4.0 version: 3.4.0(@nomicfoundation/hardhat-ethers@3.0.8(ethers@6.13.3)(hardhat@2.22.13(ts-node@10.9.2(@types/node@22.8.4)(typescript@5.6.3))(typescript@5.6.3)))(@nomicfoundation/hardhat-verify@2.0.9(hardhat@2.22.13(ts-node@10.9.2(@types/node@22.8.4)(typescript@5.6.3))(typescript@5.6.3)))(ethers@6.13.3)(hardhat@2.22.13(ts-node@10.9.2(@types/node@22.8.4)(typescript@5.6.3))(typescript@5.6.3)) @@ -34,13 +35,13 @@ importers: version: 1.40.0 ds-test: specifier: dapphub/ds-test - version: git+https://git@github.com:dapphub/ds-test.git#e282159d5170298eb2455a6c05280ab5a73a4ef0 + version: https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0 forge-std: specifier: foundry-rs/forge-std - version: git+https://git@github.com:foundry-rs/forge-std.git#1eea5bae12ae557d589f9f0f0edae2faa47cb262 + version: https://codeload.github.com/foundry-rs/forge-std/tar.gz/1eea5bae12ae557d589f9f0f0edae2faa47cb262 solidity-stringutils: specifier: github:Arachnid/solidity-stringutils - version: git+https://git@github.com:Arachnid/solidity-stringutils.git#4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461 + version: https://codeload.github.com/Arachnid/solidity-stringutils/tar.gz/4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461 devDependencies: '@nomicfoundation/hardhat-chai-matchers': specifier: 2.0.8 @@ -370,7 +371,7 @@ packages: '@nomicfoundation/hardhat-ethers@3.0.8': resolution: {integrity: sha512-zhOZ4hdRORls31DTOqg+GmEZM0ujly8GGIuRY7t7szEk2zW/arY1qDug/py8AEktT00v5K+b6RvbVog+va51IA==} peerDependencies: - ethers: ^6.1.0 + ethers: ^5.7.2 hardhat: ^2.0.0 '@nomicfoundation/hardhat-foundry@1.1.2': @@ -1208,8 +1209,8 @@ packages: resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==} engines: {node: '>=8'} - ds-test@git+https://git@github.com:dapphub/ds-test.git#e282159d5170298eb2455a6c05280ab5a73a4ef0: - resolution: {commit: e282159d5170298eb2455a6c05280ab5a73a4ef0, repo: git@github.com:dapphub/ds-test.git, type: git} + ds-test@https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0: + resolution: {tarball: https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0} version: 1.0.0 elliptic@6.5.4: @@ -1418,8 +1419,8 @@ packages: for-each@0.3.3: resolution: {integrity: sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==} - forge-std@git+https://git@github.com:foundry-rs/forge-std.git#1eea5bae12ae557d589f9f0f0edae2faa47cb262: - resolution: {commit: 1eea5bae12ae557d589f9f0f0edae2faa47cb262, repo: git@github.com:foundry-rs/forge-std.git, type: git} + forge-std@https://codeload.github.com/foundry-rs/forge-std/tar.gz/1eea5bae12ae557d589f9f0f0edae2faa47cb262: + resolution: {tarball: https://codeload.github.com/foundry-rs/forge-std/tar.gz/1eea5bae12ae557d589f9f0f0edae2faa47cb262} version: 1.9.4 form-data-encoder@2.1.4: @@ -2145,8 +2146,8 @@ packages: resolution: {integrity: sha512-VXJjc87FScF88uafS3JllDgvAm+c/Slfz06lorj2uAY34rlUu0Nt+v8wreiImcrgAjjIHp1rXpTDlLOGw29WwQ==} engines: {node: '>=18'} - openzeppelin-foundry-upgrades@git+https://git@github.com:OpenZeppelin/openzeppelin-foundry-upgrades.git#16e0ae21e0e39049f619f2396fa28c57fad07368: - resolution: {commit: 16e0ae21e0e39049f619f2396fa28c57fad07368, repo: git@github.com:OpenZeppelin/openzeppelin-foundry-upgrades.git, type: git} + openzeppelin-foundry-upgrades@https://codeload.github.com/OpenZeppelin/openzeppelin-foundry-upgrades/tar.gz/16e0ae21e0e39049f619f2396fa28c57fad07368: + resolution: {tarball: https://codeload.github.com/OpenZeppelin/openzeppelin-foundry-upgrades/tar.gz/16e0ae21e0e39049f619f2396fa28c57fad07368} version: 0.0.0 optionator@0.8.3: @@ -2579,8 +2580,8 @@ packages: peerDependencies: hardhat: ^2.11.0 - solidity-stringutils@git+https://git@github.com:Arachnid/solidity-stringutils.git#4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461: - resolution: {commit: 4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461, repo: git@github.com:Arachnid/solidity-stringutils.git, type: git} + solidity-stringutils@https://codeload.github.com/Arachnid/solidity-stringutils/tar.gz/4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461: + resolution: {tarball: https://codeload.github.com/Arachnid/solidity-stringutils/tar.gz/4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461} version: 0.0.0 sort-object-keys@1.1.3: @@ -4371,7 +4372,7 @@ snapshots: dependencies: path-type: 4.0.0 - ds-test@git+https://git@github.com:dapphub/ds-test.git#e282159d5170298eb2455a6c05280ab5a73a4ef0: {} + ds-test@https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0: {} elliptic@6.5.4: dependencies: @@ -4726,7 +4727,7 @@ snapshots: dependencies: is-callable: 1.2.7 - forge-std@git+https://git@github.com:foundry-rs/forge-std.git#1eea5bae12ae557d589f9f0f0edae2faa47cb262: {} + forge-std@https://codeload.github.com/foundry-rs/forge-std/tar.gz/1eea5bae12ae557d589f9f0f0edae2faa47cb262: {} form-data-encoder@2.1.4: {} @@ -5513,7 +5514,7 @@ snapshots: dependencies: mimic-function: 5.0.1 - openzeppelin-foundry-upgrades@git+https://git@github.com:OpenZeppelin/openzeppelin-foundry-upgrades.git#16e0ae21e0e39049f619f2396fa28c57fad07368: {} + openzeppelin-foundry-upgrades@https://codeload.github.com/OpenZeppelin/openzeppelin-foundry-upgrades/tar.gz/16e0ae21e0e39049f619f2396fa28c57fad07368: {} optionator@0.8.3: dependencies: @@ -5981,7 +5982,7 @@ snapshots: shelljs: 0.8.5 web3-utils: 1.10.4 - solidity-stringutils@git+https://git@github.com:Arachnid/solidity-stringutils.git#4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461: {} + solidity-stringutils@https://codeload.github.com/Arachnid/solidity-stringutils/tar.gz/4b2fcc43fa0426e19ce88b1f1ec16f5903a2e461: {} sort-object-keys@1.1.3: {} From db93a63513a7c3993052d6648a7531d46c339d78 Mon Sep 17 00:00:00 2001 From: Milad Nekofar Date: Thu, 31 Oct 2024 22:51:22 +0400 Subject: [PATCH 2/3] chore(deps): add `ws` to dependencies Add `ws` for WebSocket support. --- package.json | 3 ++- pnpm-lock.yaml | 17 ++--------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/package.json b/package.json index e2a10ff..b4d1655 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,8 @@ "request": ">=2.88.2", "secp256k1": ">=4.0.4", "tough-cookie": ">=4.1.3", - "word-wrap": ">=1.2.4" + "word-wrap": ">=1.2.4", + "ws": ">=7.5.10" }, "dependencies": { "@openzeppelin/contracts": "5.0.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ceb19db..0ca1bba 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -13,6 +13,7 @@ overrides: secp256k1: '>=4.0.4' tough-cookie: '>=4.1.3' word-wrap: '>=1.2.4' + ws: '>=7.5.10' importers: @@ -2948,18 +2949,6 @@ packages: wrappy@1.0.2: resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - ws@7.4.6: - resolution: {integrity: sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==} - engines: {node: '>=8.3.0'} - peerDependencies: - bufferutil: ^4.0.1 - utf-8-validate: ^5.0.2 - peerDependenciesMeta: - bufferutil: - optional: true - utf-8-validate: - optional: true - ws@7.5.10: resolution: {integrity: sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==} engines: {node: '>=8.3.0'} @@ -3230,7 +3219,7 @@ snapshots: '@ethersproject/transactions': 5.7.0 '@ethersproject/web': 5.7.1 bech32: 1.1.4 - ws: 7.4.6 + ws: 8.17.1 transitivePeerDependencies: - bufferutil - utf-8-validate @@ -6389,8 +6378,6 @@ snapshots: wrappy@1.0.2: {} - ws@7.4.6: {} - ws@7.5.10: {} ws@8.17.1: {} From de2f80a12710030cdcf0fda2cef7cc4a29adabf2 Mon Sep 17 00:00:00 2001 From: Milad Nekofar Date: Thu, 31 Oct 2024 22:52:46 +0400 Subject: [PATCH 3/3] chore(deps): update `elliptic` resolution to >=6.6.0 Ensure patched version of `elliptic` is used to address security issues. --- package.json | 1 + pnpm-lock.yaml | 31 +++---------------------------- 2 files changed, 4 insertions(+), 28 deletions(-) diff --git a/package.json b/package.json index b4d1655..78581ed 100644 --- a/package.json +++ b/package.json @@ -28,6 +28,7 @@ }, "resolutions": { "debug": ">=3.2.7", + "elliptic": ">=6.6.0", "eth-gas-reporter": ">=0.2.26", "flat": ">=5.0.1", "minimatch": ">=3.0.5", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0ca1bba..c1916b3 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -6,6 +6,7 @@ settings: overrides: debug: '>=3.2.7' + elliptic: '>=6.6.0' eth-gas-reporter: '>=0.2.26' flat: '>=5.0.1' minimatch: '>=3.0.5' @@ -1214,12 +1215,6 @@ packages: resolution: {tarball: https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0} version: 1.0.0 - elliptic@6.5.4: - resolution: {integrity: sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==} - - elliptic@6.5.6: - resolution: {integrity: sha512-mpzdtpeCLuS3BmE3pO3Cpp5bbjlOPY2Q0PgoF+Od1XZrHLYI28Xe3ossCmYCQt11FQKEYd9+PF8jymTvtWJSHQ==} - elliptic@6.6.0: resolution: {integrity: sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==} @@ -3246,7 +3241,7 @@ snapshots: '@ethersproject/logger': 5.7.0 '@ethersproject/properties': 5.7.0 bn.js: 5.2.1 - elliptic: 6.5.4 + elliptic: 6.6.0 hash.js: 1.1.7 '@ethersproject/solidity@5.7.0': @@ -4363,26 +4358,6 @@ snapshots: ds-test@https://codeload.github.com/dapphub/ds-test/tar.gz/e282159d5170298eb2455a6c05280ab5a73a4ef0: {} - elliptic@6.5.4: - dependencies: - bn.js: 4.12.0 - brorand: 1.1.0 - hash.js: 1.1.7 - hmac-drbg: 1.0.1 - inherits: 2.0.4 - minimalistic-assert: 1.0.1 - minimalistic-crypto-utils: 1.0.1 - - elliptic@6.5.6: - dependencies: - bn.js: 4.12.0 - brorand: 1.1.0 - hash.js: 1.1.7 - hmac-drbg: 1.0.1 - inherits: 2.0.4 - minimalistic-assert: 1.0.1 - minimalistic-crypto-utils: 1.0.1 - elliptic@6.6.0: dependencies: bn.js: 4.12.0 @@ -4574,7 +4549,7 @@ snapshots: '@types/bn.js': 4.11.6 bn.js: 4.12.0 create-hash: 1.2.0 - elliptic: 6.5.6 + elliptic: 6.6.0 ethereum-cryptography: 0.1.3 ethjs-util: 0.1.6 rlp: 2.2.7