Skip to content

RED-113: Dependabot explorer: web3-utils Prototype Pollution vulnerability #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dnlbui wants to merge 14 commits into
base: dev
Choose a base branch
from
Open

RED-113: Dependabot explorer: web3-utils Prototype Pollution vulnerability #10

dnlbui wants to merge 14 commits into from
+670 −710

Conversation

@dnlbui
Copy link
Contributor

@dnlbui dnlbui commented Jun 5, 2024
edited
Loading

https://linear.app/shm/issue/RED-113/dependabot-explorer-web3-utils-prototype-pollution-vulnerability

Summary:

  1. Updated Dependencies:

    • Upgrade packages: axios from 1.4.0 to 1.6.0, ejs from 3.1.9 to 3.1.10, next from 13.3.4 to 13.5.6, node-sass from 7.0.3 to 9.0.0, and web3 from 4.0.2 to 4.8.0. Along with @babel/code-frame, @babel/generator, @babel/helper-environment-visitor, and @babel/helper-function-name to their latest releases.

  2. New Component for Client-side only rendering of Tooltip to address Prop 'dangerouslySetInnerHTML' did not match warning:

    • Add ClientOnlyTooltip component in src/frontend/components for tooltips that only render

  3. HTML Tag Change to address unrecognized tag warning

    • Change HTML tags since <session> not a valid tag when used in Dashboard.tsx as JSX

  4. Configuration Adjustments to Address import warning:

    • Update tsconfig.json so all files under src are correctly included.

  5. Set a default color when mode is undefined

@linear
Copy link

linear bot commented Jun 5, 2024

RED-113 Dependabot explorer: web3-utils Prototype Pollution vulnerability

Test and analyze this dependency update and fix anything it breaks

https://github.com/shardeum/explorer-server/security/dependabot/20

dnlbui added 14 commits June 20, 2024 17:26
@dnlbui
Update npm dependencies to latest versions
c5d74b4
@dnlbui
Update @babel/traverse
0156a9e
@dnlbui
Update engine.io and engine.io-parser dependencies
8ab7048
@dnlbui
Update follow-redirects dependency to version 1.15.6
cf23453
@dnlbui
Update tar dependency to version 6.2.1
fa49dc4
@dnlbui
Update caniuse-lite dependency to version 1.0.30001625
dcb1f1c
@dnlbui
Add ClientOnlyTooltip component to address Prop dangerouslySetInner…
abf561a 
…HTML` did not match.`
@dnlbui
Add ClientOnlyTooltip component and add default color when mode = und…
6027db3 
…efined
@dnlbui
Update Pagination component to use unique keys for mapped elements
c19a0f7
@dnlbui
Update Dashboard component structure to use <div> and <section> inste…
045f1d6 
…ad of unreconized html tag <session>
@dnlbui
Update tsconfig.json to include all files in src directory
040450b
@dnlbui
change back to compiling files directly in the src folder and ignore …
7a2c03b 
…files in deeper nested folders
@dnlbui
Add ClientOnlyTooltip jsdoc comment
baab42d
@dnlbui
Import React in _document.tsx to address unrecognized element
94133d5
@mhanson-github mhanson-github force-pushed the dev branch 2 times, most recently from 50265ff to fb04451 Compare April 29, 2025 01:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dnlbui