From 2968fcaadd739d14838e4b4d1c261cbedd5d0f72 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 18 Feb 2025 23:33:58 +0000 Subject: [PATCH] fix: packages/bitcore-wallet-service/package.json & packages/bitcore-wallet-service/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086 --- .../bitcore-wallet-service/package-lock.json | 112 ++++++++++++++---- packages/bitcore-wallet-service/package.json | 2 +- 2 files changed, 89 insertions(+), 25 deletions(-) diff --git a/packages/bitcore-wallet-service/package-lock.json b/packages/bitcore-wallet-service/package-lock.json index 8b34279feec..9b1a5251ace 100644 --- a/packages/bitcore-wallet-service/package-lock.json +++ b/packages/bitcore-wallet-service/package-lock.json @@ -1,6 +1,6 @@ { "name": "bitcore-wallet-service", - "version": "8.5.1", + "version": "8.6.0", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -472,6 +472,11 @@ "tweetnacl": "^0.14.3" } }, + "bech32": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/bech32/-/bech32-2.0.0.tgz", + "integrity": "sha512-LcknSilhIGatDAsY1ak2I8VtGaHNhgMSYVxFrGLXv+xLHytaKZKcaUJJUE7qmBr7h33o5YQwP55pMI0xmkpJwg==" + }, "better-assert": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz", @@ -480,11 +485,35 @@ "callsite": "1.0.0" } }, + "bigi": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/bigi/-/bigi-1.4.2.tgz", + "integrity": "sha512-ddkU+dFIuEIW8lE7ZwdIAf2UPoM90eaprg5m3YXAVVTmKlqV/9BX4A2M8BOK2yOq6/VgZFVhK6QAxJebhlbhzw==" + }, "bindings": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.3.1.tgz", "integrity": "sha512-i47mqjF9UbjxJhxGf+pZ6kSxrnI3wBLlnGI2ArWJ4r0VrvDS7ZYXkprq/pLaBWYq4GM0r4zdHY+NNRqEMU7uew==" }, + "bip-schnorr": { + "version": "0.6.4", + "resolved": "https://registry.npmjs.org/bip-schnorr/-/bip-schnorr-0.6.4.tgz", + "integrity": "sha512-dNKw7Lea8B0wMIN4OjEmOk/Z5qUGqoPDY0P2QttLqGk1hmDPytLWW8PR5Pb6Vxy6CprcdEgfJpOjUu+ONQveyg==", + "requires": { + "bigi": "^1.4.2", + "ecurve": "^1.0.6", + "js-sha256": "^0.9.0", + "randombytes": "^2.1.0", + "safe-buffer": "^5.2.1" + }, + "dependencies": { + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + } + } + }, "bip66": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/bip66/-/bip66-1.1.5.tgz", @@ -494,16 +523,18 @@ } }, "bitcore-lib": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/bitcore-lib/-/bitcore-lib-8.5.1.tgz", - "integrity": "sha512-q7rQ4YIwuydX4CmosV3w0i5JrS2A+J0eC95vQaOB57OW8EvortC01jexsmtdDyIwOSkBWN1LU215v6cEYDvNEA==", + "version": "8.25.47", + "resolved": "https://registry.npmjs.org/bitcore-lib/-/bitcore-lib-8.25.47.tgz", + "integrity": "sha512-qDZr42HuP4P02I8kMGZUx/vvwuDsz8X3rQxXLfM0BtKzlQBcbSM7ycDkDN99Xc5jzpd4fxNQyyFXOmc6owUsrQ==", "requires": { + "bech32": "=2.0.0", + "bip-schnorr": "=0.6.4", "bn.js": "=4.11.8", "bs58": "^4.0.1", "buffer-compare": "=1.1.1", - "elliptic": "=6.4.0", + "elliptic": "^6.5.3", "inherits": "=2.0.1", - "lodash": "=4.17.15" + "lodash": "^4.17.20" }, "dependencies": { "inherits": { @@ -514,17 +545,16 @@ } }, "bitcore-lib-cash": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/bitcore-lib-cash/-/bitcore-lib-cash-8.5.1.tgz", - "integrity": "sha512-syHi5uQ6Ax3jbRi2qXf6kRKSjG9V/GsFkTwsp5phXefqzfFp/fY9JTLSVcm+5hK7DDg8n0A/tA04eC7fSLDEaA==", + "version": "10.0.28", + "resolved": "https://registry.npmjs.org/bitcore-lib-cash/-/bitcore-lib-cash-10.0.28.tgz", + "integrity": "sha512-hz4I8N4oqDY2eaCYZIX7uDe7safS+hj+AJjThrY2mBbN4RTrl2eDwuokHqd4iny9tbBzUq5ochiQ+4q4YQUwlg==", "requires": { - "bitcore-lib": "^8.5.1", "bn.js": "=4.11.8", "bs58": "^4.0.1", "buffer-compare": "=1.1.1", - "elliptic": "=6.4.0", + "elliptic": "^6.5.3", "inherits": "=2.0.1", - "lodash": "=4.17.15" + "lodash": "^4.17.20" }, "dependencies": { "inherits": { @@ -931,23 +961,44 @@ "safer-buffer": "^2.1.0" } }, + "ecurve": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/ecurve/-/ecurve-1.0.6.tgz", + "integrity": "sha512-/BzEjNfiSuB7jIWKcS/z8FK9jNjmEWvUV2YZ4RLSmcDtP7Lq0m6FvDuSnJpBlDpGRpfRQeTLGLBI8H+kEv0r+w==", + "requires": { + "bigi": "^1.1.0", + "safe-buffer": "^5.0.1" + } + }, "ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, "elliptic": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz", - "integrity": "sha1-ysmvh2LIWDYYcAPI3+GT5eLq5d8=", + "version": "6.6.1", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.1.tgz", + "integrity": "sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==", "requires": { - "bn.js": "^4.4.0", - "brorand": "^1.0.1", + "bn.js": "^4.11.9", + "brorand": "^1.1.0", "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.0", - "inherits": "^2.0.1", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.0" + "hmac-drbg": "^1.0.1", + "inherits": "^2.0.4", + "minimalistic-assert": "^1.0.1", + "minimalistic-crypto-utils": "^1.0.1" + }, + "dependencies": { + "bn.js": { + "version": "4.12.1", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.1.tgz", + "integrity": "sha512-k8TVBiPkPJT9uHLdOKfFpqcfprwBFOAAXXozRubr7R7PfIuKvQlzcI4M0pALeqXN09vdaMbUdUj+pass+uULAg==" + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + } } }, "email-validator": { @@ -1591,6 +1642,11 @@ } } }, + "js-sha256": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz", + "integrity": "sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA==" + }, "js-tokens": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz", @@ -1725,9 +1781,9 @@ } }, "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash.get": { "version": "4.4.2", @@ -2225,6 +2281,14 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, + "randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "requires": { + "safe-buffer": "^5.1.0" + } + }, "range-parser": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz", diff --git a/packages/bitcore-wallet-service/package.json b/packages/bitcore-wallet-service/package.json index b7bb1955202..df3a7e84b5b 100644 --- a/packages/bitcore-wallet-service/package.json +++ b/packages/bitcore-wallet-service/package.json @@ -25,7 +25,7 @@ "@sendgrid/mail": "^6.3.1", "async": "^0.9.2", "bitcore-lib": "^8.6.0", - "bitcore-lib-cash": "^8.6.0", + "bitcore-lib-cash": "^10.0.28", "body-parser": "^1.11.0", "compression": "^1.6.2", "email-validator": "^1.0.1",