Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RED-113: Dependabot explorer: web3-utils Prototype Pollution vulnerability #10

Open
wants to merge 14 commits into
base: dev
Choose a base branch
from

Conversation

dnlbui
Copy link
Contributor

@dnlbui dnlbui commented Jun 5, 2024

https://linear.app/shm/issue/RED-113/dependabot-explorer-web3-utils-prototype-pollution-vulnerability

Summary:

  1. Updated Dependencies:

    • Upgrade packages: axios from 1.4.0 to 1.6.0, ejs from 3.1.9 to 3.1.10, next from 13.3.4 to 13.5.6, node-sass from 7.0.3 to 9.0.0, and web3 from 4.0.2 to 4.8.0. Along with @babel/code-frame, @babel/generator, @babel/helper-environment-visitor, and @babel/helper-function-name to their latest releases.
  2. New Component for Client-side only rendering of Tooltip to address Prop 'dangerouslySetInnerHTML' did not match warning:

    • Add ClientOnlyTooltip component in src/frontend/components for tooltips that only render
  3. HTML Tag Change to address unrecognized tag warning

    • Change HTML tags since <session> not a valid tag when used in Dashboard.tsx as JSX
  4. Configuration Adjustments to Address import warning:

    • Update tsconfig.json so all files under src are correctly included.
  5. Set a default color when mode is undefined

Copy link

linear bot commented Jun 5, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant