diff --git a/CHANGELOG.md b/CHANGELOG.md index 020e59600..12227f83f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,7 +20,9 @@ A breaking change will get clearly marked in this log. ### Update -- Upgraded `axios` package to version `^0.21.1` from `^0.19.0` [(#608)](https://github.com/stellar/js-stellar-sdk/pull/608) +- Upgraded `axios` package to version `^0.21.1` from `^0.19.0` to fix security vulnerabilities [(#608)](https://github.com/stellar/js-stellar-sdk/pull/608) + +- Upgraded `js-stellar-base` package to version `^4.0.3` from `^4.0.0` to allow accounts with a balance of zero [(#616)](https://github.com/stellar/js-stellar-sdk/pull/616) ## [v7.0.0](https://github.com/stellar/js-stellar-sdk/compare/v6.2.0...v7.0.0) diff --git a/package.json b/package.json index 86bd5efaf..4bedff833 100644 --- a/package.json +++ b/package.json @@ -137,7 +137,7 @@ "eventsource": "^1.0.7", "lodash": "^4.17.11", "randombytes": "^2.1.0", - "stellar-base": "^4.0.0", + "stellar-base": "^4.0.3", "toml": "^2.3.0", "tslib": "^1.10.0", "urijs": "^1.19.1", diff --git a/src/utils.ts b/src/utils.ts index e52faf27c..a31b18056 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -198,6 +198,12 @@ export namespace Utils { } // verify base64 + if (!operation.value) { + throw new InvalidSep10ChallengeError( + "The transaction's operation value should not be null", + ); + } + if (Buffer.from(operation.value.toString(), "base64").length !== 48) { throw new InvalidSep10ChallengeError( "The transaction's operation value should be a 64 bytes base64 random string", diff --git a/yarn.lock b/yarn.lock index 396459927..d7360d0fe 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7777,10 +7777,10 @@ static-extend@^0.1.1: resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow= -stellar-base@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/stellar-base/-/stellar-base-4.0.0.tgz#5eb314c76a2054b4df8bcec1278b78172b0fe663" - integrity sha512-isn7FoecIcr6lr38oT132UkrYPOEsZy/XAkXteClZpuBBK2aZn0qjyyX4WAoA6cQhnJw/lQQwND+qfijRETvyg== +stellar-base@^4.0.3: + version "4.0.3" + resolved "https://registry.yarnpkg.com/stellar-base/-/stellar-base-4.0.3.tgz#03a55fd8ebbd32804d94e87f41bdc56af2a6747b" + integrity sha512-Tf1Ko86j4CgUtaiTC6H6qPZ97EziXN6SVokH4FGv5+XvBhFg4V+u9ySMlgPjFbHQumplkHiw8JQx1IZRHnrT3A== dependencies: base32.js "^0.1.0" bignumber.js "^4.0.0"