oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

security: fix critical vulnerabilities in JavaScript packages
Some checks failed
Package Tests / test-python-packages (map[name:aitbc-agent-sdk path:packages/py/aitbc-agent-sdk]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-core path:packages/py/aitbc-core]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-crypto path:packages/py/aitbc-crypto]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-sdk path:packages/py/aitbc-sdk]) (push) Has been cancelled
Details
Package Tests / test-javascript-packages (map[name:aitbc-sdk-js path:packages/js/aitbc-sdk]) (push) Has been cancelled
Details
Package Tests / test-javascript-packages (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:zk-circuits path:apps/zk-circuits]) (push) Has been cancelled
Details
Smart Contract Tests / lint-solidity (push) Has been cancelled
Details
JavaScript SDK Tests / test-js-sdk (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Has been cancelled
Details

Browse Source 
- Update JS SDK vitest from 1.6.0 to 4.1.2 (fixes esbuild vulnerability)
- Update Solidity contracts solidity-coverage from 0.8.17 to 0.8.4
- Apply npm audit fix --force to resolve breaking changes
- Reduced total vulnerabilities from 48 to 29
- JS SDK now has 0 vulnerabilities (previously 4 moderate)
- Solidity contracts reduced from 41 to 29 vulnerabilities
- Remaining 29 are mostly legacy ethers v5 dependencies in Hardhat ecosystem

Security improvements:
- Fixed esbuild development server vulnerability
- Fixed serialize-javascript RCE and DoS vulnerabilities
- Updated lodash and other vulnerable dependencies
- Python dependencies remain secure (0 vulnerabilities)
This commit is contained in:
aitbc
2026-03-31 16:41:42 +02:00
parent 655d8ec49f
commit 928aa5ebcd
4 changed files with 4264 additions and 2081 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3115
packages/js/aitbc-sdk/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

2
packages/js/aitbc-sdk/package.json
View File

@@ -30,7 +30,7 @@
"eslint": "^8.57.0",
"prettier": "^3.2.0",
"typescript": "^5.4.5",
"vitest": "^1.6.0"
"vitest": "^4.1.2"
},
"keywords": [
"aitbc",