Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update deps with reported security vulnerabilities (first pass) #742

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

arcoraven
Copy link
Contributor

@arcoraven arcoraven commented Oct 29, 2024

PR-Codex overview

This PR updates various dependencies in the package.json and yarn.lock files, ensuring the project uses the latest versions of several packages, particularly those related to AWS SDK and related utilities.

Detailed summary

  • Updated @aws-sdk/client-kms from ^3.398.0 to ^3.679.0
  • Updated @fastify/cookie from ^8.3.0 to ^9.2.0
  • Updated body-parser from ^1.20.2 to ^1.20.3
  • Updated cookie from ^0.5.0 to ^0.7.0
  • Updated cookie-parser from ^1.4.6 to ^1.4.7
  • Updated dd-trace from ^5.19.0 to ^5.23.0
  • Updated @bull-board/api, @bull-board/fastify, and @bull-board/ui from 5.21.1 to 5.23.0
  • Updated several AWS SDK related packages to 3.679.0
  • Updated @smithy packages to various newer versions
  • Removed deprecated dependencies and specific versions from yarn.lock

The following files were skipped due to too many changes: yarn.lock

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

"@bull-board/fastify": "^5.21.1",
"@cloud-cryptographic-wallet/cloud-kms-signer": "^0.1.2",
"@cloud-cryptographic-wallet/signer": "^0.0.5",
"@fastify/basic-auth": "^5.1.1",
"@fastify/cookie": "^8.3.0",
"@fastify/cookie": "^9.2.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only major version bump and impacts thirdweb-dev/auth:
=> Found "@thirdweb-dev/auth#@fastify/[email protected]"

I tested dashboard auth and access token auth to confirm there were no breaking changes.

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@aws-crypto/[email protected] None +4 143 kB aws-crypto-tools-ci-bot
npm/@aws-crypto/[email protected] None 0 129 kB aws-crypto-tools-ci-bot
npm/@aws-crypto/[email protected] None 0 28.4 kB aws-crypto-tools-ci-bot
npm/@aws-crypto/[email protected] None 0 30.7 kB aws-crypto-tools-ci-bot
npm/@aws-sdk/[email protected] None 0 1.69 MB aws-sdk-bot
npm/@aws-sdk/[email protected] None 0 283 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 201 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 450 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 78.3 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 19.9 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 27 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 50.2 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 36.4 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] shell 0 24.2 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 36 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 32.5 kB aws-sdk-bot
npm/@aws-sdk/[email protected] None 0 19.1 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 19.5 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 18.8 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 36.6 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 24.3 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 35.3 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 51.9 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 50.3 kB amzn-oss, aws-sdk-bot, kuhe, ...2 more
npm/@aws-sdk/[email protected] None 0 19.7 kB aws-sdk-bot
npm/@aws-sdk/[email protected] None 0 21.7 kB aws-sdk-bot
npm/@bull-board/[email protected] eval 0 65.9 kB felixmosh
npm/@bull-board/[email protected] None 0 12.5 kB felixmosh
npm/@bull-board/[email protected] None 0 3.36 MB felixmosh
npm/@datadog/[email protected] Transitive: environment, filesystem +1 18.7 MB datadog
npm/@datadog/[email protected] eval, filesystem 0 2.51 MB datadog
npm/@datadog/[email protected] None 0 12.3 MB datadog
npm/@fastify/[email protected] None 0 95 kB matteo.collina
npm/@smithy/[email protected] None 0 19.7 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] None +1 295 kB smithy-team
npm/@smithy/[email protected] None +2 203 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] network 0 33.8 kB smithy-team
npm/@smithy/[email protected] None 0 18 kB smithy-team
npm/@smithy/[email protected] None 0 16.1 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] None 0 18.5 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] Transitive: environment, filesystem +2 124 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] None +2 294 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] None 0 43 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] environment +1 62 kB smithy-team
npm/@smithy/[email protected] network +1 110 kB smithy-team
npm/@smithy/[email protected] None 0 16.4 kB smithy-team
npm/@smithy/[email protected] None 0 23.1 kB smithy-team
npm/@smithy/[email protected] None 0 96.1 kB smithy-team
npm/@smithy/[email protected] None 0 23.4 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] Transitive: environment, network +1 88.1 kB smithy-team, trivikr-aws
npm/@smithy/[email protected] None 0 77.3 kB smithy-team
npm/@smithy/[email protected] None 0 17.1 kB smithy-team
npm/@smithy/[email protected] Transitive: network +1 100 kB smithy-team, trivikr-aws
npm/[email protected] None +2 40.3 kB defunctzombie, dougwilson, ulisesgascon
npm/[email protected] environment, eval, filesystem, network, shell, unsafe +2 2.27 MB datadog
npm/[email protected] None 0 172 kB amitgupta
npm/[email protected] unsafe 0 113 kB nodejs-foundation

🚮 Removed packages: npm/@aws-crypto/[email protected], npm/@aws-crypto/[email protected], npm/@aws-crypto/[email protected], npm/@aws-crypto/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@bull-board/[email protected], npm/@bull-board/[email protected], npm/@bull-board/[email protected], npm/@datadog/[email protected], npm/@datadog/[email protected], npm/@datadog/[email protected], npm/@fastify/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/@smithy/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

"cookie": "^0.5.0",
"cookie-parser": "^1.4.6",
"cookie": "^0.7.0",
"cookie-parser": "^1.4.7",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i would recommend using strict versions here rather than ^ ones. you never know what patch update is gonna get sneaked in there otherwise

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants