Skip to content

Commit c1ee597

Browse files
yanxue-22yanxue-22
authored
Merge pull request #6965 from BitGo/BG-1560-fix-serialize-javascript
build: address Serialize-JavaScript XSS vulnerability GHSA-76p7-773f-…
2 parents bceefbc + d35616e commit c1ee597

File tree

3 files changed

+22
-21
lines changed

3 files changed

+22
-21
lines changed

modules/web-demo/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@
8181
"@types/styled-components": "5.1.25",
8282
"chai": "^4.3.6",
8383
"clean-webpack-plugin": "^3.0.0",
84-
"copy-webpack-plugin": "^8.1.1",
84+
"copy-webpack-plugin": "9.0.1",
8585
"css-loader": "^5.2.4",
8686
"cypress": "13.7.1",
8787
"eslint-plugin-cypress": "^2.15.1",

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,8 @@
9696
"form-data": "^4.0.4",
9797
"**/avalanche/**/ws": "8.18.3",
9898
"**/ethers/**/ws": "7.5.10",
99-
"**/swarm-js/**/ws": "5.2.4"
99+
"**/swarm-js/**/ws": "5.2.4",
100+
"serialize-javascript": "^6.0.2"
100101
},
101102
"workspaces": [
102103
"modules/*"

yarn.lock

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -7482,9 +7482,9 @@ aws4@^1.8.0:
74827482
integrity sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==
74837483

74847484
[email protected], [email protected], [email protected], axios@^0.21.2, axios@^0.26.1, axios@^1.0.0, axios@^1.12.0, axios@^1.3.1:
7485-
version "1.12.0"
7486-
resolved "https://registry.npmjs.org/axios/-/axios-1.12.0.tgz#11248459be05a5ee493485628fa0e4323d0abfc3"
7487-
integrity sha512-oXTDccv8PcfjZmPGlWsPSwtOJCZ/b6W5jAMCNcfwJbCzDckwG0jrYJFaWH1yvivfCXjVzV/SPDEhMB3Q+DSurg==
7485+
version "1.12.1"
7486+
resolved "https://registry.npmjs.org/axios/-/axios-1.12.1.tgz#0747b39c5b615f81f93f2c138e6d82a71426937f"
7487+
integrity sha512-Kn4kbSXpkFHCGE6rBFNwIv0GQs4AvDT80jlveJDKFxjbTYMUeB4QtsdPCv6H8Cm19Je7IU6VFtRl2zWZI0rudQ==
74887488
dependencies:
74897489
follow-redirects "^1.15.6"
74907490
form-data "^4.0.4"
@@ -9203,18 +9203,18 @@ cookiejar@^2.1.0, cookiejar@^2.1.1, cookiejar@^2.1.4:
92039203
resolved "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz"
92049204
integrity sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==
92059205

9206-
copy-webpack-plugin@^8.1.1:
9207-
version "8.1.1"
9208-
resolved "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-8.1.1.tgz"
9209-
integrity sha512-rYM2uzRxrLRpcyPqGceRBDpxxUV8vcDqIKxAUKfcnFpcrPxT5+XvhTxv7XLjo5AvEJFPdAE3zCogG2JVahqgSQ==
9206+
copy-webpack-plugin@9.0.1:
9207+
version "9.0.1"
9208+
resolved "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-9.0.1.tgz#b71d21991599f61a4ee00ba79087b8ba279bbb59"
9209+
integrity sha512-14gHKKdYIxF84jCEgPgYXCPpldbwpxxLbCmA7LReY7gvbaT555DgeBWBgBZM116tv/fO6RRJrsivBqRyRlukhw==
92109210
dependencies:
92119211
fast-glob "^3.2.5"
9212-
glob-parent "^5.1.1"
9212+
glob-parent "^6.0.0"
92139213
globby "^11.0.3"
92149214
normalize-path "^3.0.0"
92159215
p-limit "^3.1.0"
92169216
schema-utils "^3.0.0"
9217-
serialize-javascript "^5.0.1"
9217+
serialize-javascript "^6.0.0"
92189218

92199219
core-js-compat@^3.43.0:
92209220
version "3.45.1"
@@ -10014,7 +10014,7 @@ diff@^4.0.1:
1001410014

1001510015
diff@^5.0.0, diff@^5.2.0:
1001610016
version "5.2.0"
10017-
resolved "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz"
10017+
resolved "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531"
1001810018
integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==
1001910019

1002010020
diffie-hellman@^5.0.0, diffie-hellman@^5.0.3:
@@ -11701,7 +11701,7 @@ find-up@^4.0.0, find-up@^4.1.0:
1170111701

1170211702
find-up@^5.0.0, find-up@~5.0.0:
1170311703
version "5.0.0"
11704-
resolved "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz"
11704+
resolved "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc"
1170511705
integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==
1170611706
dependencies:
1170711707
locate-path "^6.0.0"
@@ -12185,6 +12185,13 @@ glob-parent@^5.1.1, glob-parent@^5.1.2, glob-parent@~5.1.2:
1218512185
dependencies:
1218612186
is-glob "^4.0.1"
1218712187

12188+
glob-parent@^6.0.0:
12189+
version "6.0.2"
12190+
resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3"
12191+
integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==
12192+
dependencies:
12193+
is-glob "^4.0.3"
12194+
1218812195
glob-to-regexp@^0.4.1:
1218912196
version "0.4.1"
1219012197
resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz"
@@ -18533,14 +18540,7 @@ [email protected]:
1853318540
range-parser "~1.2.1"
1853418541
statuses "2.0.1"
1853518542

18536-
serialize-javascript@^5.0.1:
18537-
version "5.0.1"
18538-
resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz"
18539-
integrity sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==
18540-
dependencies:
18541-
randombytes "^2.1.0"
18542-
18543-
serialize-javascript@^6.0.2:
18543+
serialize-javascript@^6.0.0, serialize-javascript@^6.0.2:
1854418544
version "6.0.2"
1854518545
resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz"
1854618546
integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==

0 commit comments

Comments
 (0)