From 8978768890b945d36d78eedb0019d877ca327dca Mon Sep 17 00:00:00 2001
From: Pawel Zelawski <pawel.zelawski@outlook.com>
Date: Thu, 10 Apr 2025 19:08:03 +0200
Subject: fix(deps): override elliptic and lodash to fix vulnerabilities
- Add npm overrides for elliptic (^6.6.1) and lodash (^4.17.21) in package.json.
- This resolves multiple security vulnerabilities reported by GitHub Dependabot in these transitive dependencies, inherited via digibyte-message.
- Updates package-lock.json to reflect the overridden versions.
---
package-lock.json | 47 ++++++++++++++++++++++++++---------------------
package.json | 4 ++++
2 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 5dd28ee..31d3e66 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "digiid-ts",
- "version": "0.1.0",
+ "version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "digiid-ts",
- "version": "0.1.0",
+ "version": "1.0.0",
"license": "MIT",
"dependencies": {
"digibyte-message": "github:digicontributer/bitcore-message#9d9c8ad30158db25f683e2dee746a14a9d7ec8a0"
@@ -933,13 +933,6 @@
"concat-map": "0.0.1"
}
},
- "node_modules/@microsoft/api-extractor/node_modules/lodash": {
- "version": "4.17.21",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
- "dev": true,
- "license": "MIT"
- },
"node_modules/@microsoft/api-extractor/node_modules/lru-cache": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
@@ -2506,20 +2499,32 @@
"license": "MIT"
},
"node_modules/elliptic": {
- "version": "6.4.0",
- "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.0.tgz",
- "integrity": "sha512-s8oifyiQMQi+n/gJuw37WK3D1aVOWIgj59+DBsg48eJPo34QZWl2cl9kL4SI/W94/AdMFAyXG+QnSzbXQ+iJ1w==",
+ "version": "6.6.1",
+ "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.1.tgz",
+ "integrity": "sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==",
"license": "MIT",
"dependencies": {
- "bn.js": "^4.4.0",
- "brorand": "^1.0.1",
+ "bn.js": "^4.11.9",
+ "brorand": "^1.1.0",
"hash.js": "^1.0.0",
- "hmac-drbg": "^1.0.0",
- "inherits": "^2.0.1",
- "minimalistic-assert": "^1.0.0",
- "minimalistic-crypto-utils": "^1.0.0"
+ "hmac-drbg": "^1.0.1",
+ "inherits": "^2.0.4",
+ "minimalistic-assert": "^1.0.1",
+ "minimalistic-crypto-utils": "^1.0.1"
}
},
+ "node_modules/elliptic/node_modules/bn.js": {
+ "version": "4.12.1",
+ "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.1.tgz",
+ "integrity": "sha512-k8TVBiPkPJT9uHLdOKfFpqcfprwBFOAAXXozRubr7R7PfIuKvQlzcI4M0pALeqXN09vdaMbUdUj+pass+uULAg==",
+ "license": "MIT"
+ },
+ "node_modules/elliptic/node_modules/inherits": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+ "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+ "license": "ISC"
+ },
"node_modules/emoji-regex": {
"version": "9.2.2",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
@@ -3482,9 +3487,9 @@
}
},
"node_modules/lodash": {
- "version": "4.17.4",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
- "integrity": "sha512-6X37Sq9KCpLSXEh8uM12AKYlviHPNNk4RxiGBn4cmKGJinbXBneWIV7iE/nXkM928O7ytHcHb6+X6Svl0f4hXg==",
+ "version": "4.17.21",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
"license": "MIT"
},
"node_modules/lodash.merge": {
diff --git a/package.json b/package.json
index 79849c5..8468c97 100644
--- a/package.json
+++ b/package.json
@@ -72,5 +72,9 @@
},
"dependencies": {
"digibyte-message": "github:digicontributer/bitcore-message#9d9c8ad30158db25f683e2dee746a14a9d7ec8a0"
+ },
+ "overrides": {
+ "elliptic": "^6.6.1",
+ "lodash": "^4.17.21"
}
}
--
cgit v1.2.3