oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

security: fix critical vulnerabilities in JavaScript packages
Some checks failed
Package Tests / test-python-packages (map[name:aitbc-agent-sdk path:packages/py/aitbc-agent-sdk]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-core path:packages/py/aitbc-core]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-crypto path:packages/py/aitbc-crypto]) (push) Has been cancelled
Details
Package Tests / test-python-packages (map[name:aitbc-sdk path:packages/py/aitbc-sdk]) (push) Has been cancelled
Details
Package Tests / test-javascript-packages (map[name:aitbc-sdk-js path:packages/js/aitbc-sdk]) (push) Has been cancelled
Details
Package Tests / test-javascript-packages (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:zk-circuits path:apps/zk-circuits]) (push) Has been cancelled
Details
Smart Contract Tests / lint-solidity (push) Has been cancelled
Details
JavaScript SDK Tests / test-js-sdk (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Has been cancelled
Details

Browse Source 
- Update JS SDK vitest from 1.6.0 to 4.1.2 (fixes esbuild vulnerability)
- Update Solidity contracts solidity-coverage from 0.8.17 to 0.8.4
- Apply npm audit fix --force to resolve breaking changes
- Reduced total vulnerabilities from 48 to 29
- JS SDK now has 0 vulnerabilities (previously 4 moderate)
- Solidity contracts reduced from 41 to 29 vulnerabilities
- Remaining 29 are mostly legacy ethers v5 dependencies in Hardhat ecosystem

Security improvements:
- Fixed esbuild development server vulnerability
- Fixed serialize-javascript RCE and DoS vulnerabilities
- Updated lodash and other vulnerable dependencies
- Python dependencies remain secure (0 vulnerabilities)
This commit is contained in:
aitbc
2026-03-31 16:41:42 +02:00
parent 655d8ec49f
commit 928aa5ebcd
4 changed files with 4264 additions and 2081 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3115
packages/js/aitbc-sdk/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

2
packages/js/aitbc-sdk/package.json
View File

@@ -30,7 +30,7 @@
"eslint": "^8.57.0", "eslint": "^8.57.0",
"prettier": "^3.2.0", "prettier": "^3.2.0",
"typescript": "^5.4.5", "typescript": "^5.4.5",
"vitest": "^1.6.0" "vitest": "^4.1.2"
}, },
"keywords": [ "keywords": [
"aitbc", "aitbc",

3206
packages/solidity/aitbc-token/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

18
packages/solidity/aitbc-token/package.json
View File

@@ -11,23 +11,23 @@
"deploy": "hardhat run scripts/deploy.ts --network localhost" "deploy": "hardhat run scripts/deploy.ts --network localhost"
}, },
"devDependencies": { "devDependencies": {
"@nomicfoundation/hardhat-chai-matchers": "^2.1.2", "@nomicfoundation/hardhat-chai-matchers": "^3.0.0",
"@nomicfoundation/hardhat-ethers": "^3.1.3", "@nomicfoundation/hardhat-ethers": "^4.0.7",
"@nomicfoundation/hardhat-ignition-ethers": "^0.15.17", "@nomicfoundation/hardhat-ignition-ethers": "^3.1.1",
"@nomicfoundation/hardhat-network-helpers": "^1.1.2", "@nomicfoundation/hardhat-network-helpers": "^3.0.4",
"@nomicfoundation/hardhat-toolbox": "^5.0.0", "@nomicfoundation/hardhat-toolbox": "^7.0.0",
"@nomicfoundation/hardhat-verify": "^2.1.3", "@nomicfoundation/hardhat-verify": "^3.0.13",
"@typechain/ethers-v6": "^0.5.1", "@typechain/ethers-v6": "^0.5.1",
"@typechain/hardhat": "^9.1.0", "@typechain/hardhat": "^6.0.0",
"@types/chai": "^4.3.11", "@types/chai": "^4.3.11",
"@types/mocha": "^10.0.10", "@types/mocha": "^10.0.10",
"@types/node": "^20.11.30", "@types/node": "^20.11.30",
"chai": "^4.4.1", "chai": "^4.4.1",
"ethers": "^6.16.0", "ethers": "^6.16.0",
"hardhat": "^2.22.1", "hardhat": "^3.3.0",
"hardhat-gas-reporter": "^1.0.10", "hardhat-gas-reporter": "^1.0.10",
"prettier": "^3.2.5", "prettier": "^3.2.5",
"solidity-coverage": "^0.8.17", "solidity-coverage": "^0.8.4",
"ts-node": "^10.9.2", "ts-node": "^10.9.2",
"typechain": "^8.3.2", "typechain": "^8.3.2",
"typescript": "^5.9.2" "typescript": "^5.9.2"