security: fix uuid vulnerability in contracts via npm overrides
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Node Failover Simulation / failover-test (push) Has been cancelled
Contract Performance Benchmarks / benchmark-gas-usage (push) Successful in 1m27s
Contract Performance Benchmarks / benchmark-execution-time (push) Successful in 1m15s
Contract Performance Benchmarks / benchmark-throughput (push) Successful in 1m22s
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Successful in 2s
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Successful in 5s
Cross-Chain Functionality Tests / test-cross-chain-bridge (push) Has been skipped
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Successful in 10s
Cross-Chain Functionality Tests / aggregate-results (push) Has been skipped
Smart Contract Tests / test-solidity (map[name:aitbc-contracts path:contracts]) (push) Failing after 1m7s
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 19s
Smart Contract Tests / test-foundry (push) Failing after 25s
Smart Contract Tests / lint-solidity (push) Successful in 25s
Smart Contract Tests / deploy-contracts (push) Successful in 1m41s
Contract Performance Benchmarks / compare-benchmarks (push) Successful in 2s
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Node Failover Simulation / failover-test (push) Has been cancelled
Contract Performance Benchmarks / benchmark-gas-usage (push) Successful in 1m27s
Contract Performance Benchmarks / benchmark-execution-time (push) Successful in 1m15s
Contract Performance Benchmarks / benchmark-throughput (push) Successful in 1m22s
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Successful in 2s
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Successful in 5s
Cross-Chain Functionality Tests / test-cross-chain-bridge (push) Has been skipped
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Successful in 10s
Cross-Chain Functionality Tests / aggregate-results (push) Has been skipped
Smart Contract Tests / test-solidity (map[name:aitbc-contracts path:contracts]) (push) Failing after 1m7s
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 19s
Smart Contract Tests / test-foundry (push) Failing after 25s
Smart Contract Tests / lint-solidity (push) Successful in 25s
Smart Contract Tests / deploy-contracts (push) Successful in 1m41s
Contract Performance Benchmarks / compare-benchmarks (push) Successful in 2s
- Add npm overrides to force uuid to ^14.0.0 (patched version) - Fixes medium severity uuid vulnerability (GHSA-mpjj-7v5q-gv8h) Note: 37 remaining vulnerabilities in contracts are related to hardhat ecosystem dependencies (elliptic, undici, serialize-javascript, tmp) and require major version upgrades that could break smart contract tests. These should be addressed in a separate upgrade effort.
This commit is contained in:
aitbc
@@ -21,5 +21,8 @@
|
||||
"ts-node": "^10.9.2",
|
||||
"typechain": "^8.3.2",
|
||||
"typescript": "^6.0.3"
|
||||
},
|
||||
"overrides": {
|
||||
"uuid": "^14.0.0"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user