aitbc

oib/aitbc

Fork 0

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	452a692f2d	build(deps): bump the npm_and_yarn group across 3 directories with 4 updates Bumps the npm_and_yarn group with 2 updates in the /contracts directory: [lodash](https://github.com/lodash/lodash) and [cookie](https://github.com/jshttp/cookie). Bumps the npm_and_yarn group with 1 update in the /packages/js/aitbc-sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /packages/solidity/aitbc-token directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1) Removes `cookie` Updates `undici` from 5.29.0 to 6.25.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0) Updates `undici` from 5.29.0 to 6.25.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0) Updates `vite` from 8.0.3 to 8.0.9 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.9/packages/vite) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.25.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.25.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-20 14:40:00 +00:00
aitbc	928aa5ebcd	security: fix critical vulnerabilities in JavaScript packages Some checks failed Package Tests / test-python-packages (map[name:aitbc-agent-sdk path:packages/py/aitbc-agent-sdk]) (push) Has been cancelled Details Package Tests / test-python-packages (map[name:aitbc-core path:packages/py/aitbc-core]) (push) Has been cancelled Details Package Tests / test-python-packages (map[name:aitbc-crypto path:packages/py/aitbc-crypto]) (push) Has been cancelled Details Package Tests / test-python-packages (map[name:aitbc-sdk path:packages/py/aitbc-sdk]) (push) Has been cancelled Details Package Tests / test-javascript-packages (map[name:aitbc-sdk-js path:packages/js/aitbc-sdk]) (push) Has been cancelled Details Package Tests / test-javascript-packages (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled Details Security Scanning / security-scan (push) Has been cancelled Details Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled Details Smart Contract Tests / test-solidity (map[name:zk-circuits path:apps/zk-circuits]) (push) Has been cancelled Details Smart Contract Tests / lint-solidity (push) Has been cancelled Details JavaScript SDK Tests / test-js-sdk (push) Has been cancelled Details Integration Tests / test-service-integration (push) Has been cancelled Details - Update JS SDK vitest from 1.6.0 to 4.1.2 (fixes esbuild vulnerability) - Update Solidity contracts solidity-coverage from 0.8.17 to 0.8.4 - Apply npm audit fix --force to resolve breaking changes - Reduced total vulnerabilities from 48 to 29 - JS SDK now has 0 vulnerabilities (previously 4 moderate) - Solidity contracts reduced from 41 to 29 vulnerabilities - Remaining 29 are mostly legacy ethers v5 dependencies in Hardhat ecosystem Security improvements: - Fixed esbuild development server vulnerability - Fixed serialize-javascript RCE and DoS vulnerabilities - Updated lodash and other vulnerable dependencies - Python dependencies remain secure (0 vulnerabilities)	2026-03-31 16:41:42 +02:00

Author

SHA1

Message

Date

dependabot[bot]

452a692f2d

build(deps): bump the npm_and_yarn group across 3 directories with 4 updates

Bumps the npm_and_yarn group with 2 updates in the /contracts directory: [lodash](https://github.com/lodash/lodash) and [cookie](https://github.com/jshttp/cookie).
Bumps the npm_and_yarn group with 1 update in the /packages/js/aitbc-sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /packages/solidity/aitbc-token directory: [lodash](https://github.com/lodash/lodash).


Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1)

Removes `cookie`

Updates `undici` from 5.29.0 to 6.25.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0)

Updates `undici` from 5.29.0 to 6.25.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0)

Updates `vite` from 8.0.3 to 8.0.9
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.9/packages/vite)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.25.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 6.25.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

2026-04-20 14:40:00 +00:00

aitbc

928aa5ebcd

security: fix critical vulnerabilities in JavaScript packages

Package Tests / test-python-packages (map[name:aitbc-agent-sdk path:packages/py/aitbc-agent-sdk]) (push) Has been cancelled

Details

Package Tests / test-python-packages (map[name:aitbc-core path:packages/py/aitbc-core]) (push) Has been cancelled

Details

Package Tests / test-python-packages (map[name:aitbc-crypto path:packages/py/aitbc-crypto]) (push) Has been cancelled

Details

Package Tests / test-python-packages (map[name:aitbc-sdk path:packages/py/aitbc-sdk]) (push) Has been cancelled

Details

Package Tests / test-javascript-packages (map[name:aitbc-sdk-js path:packages/js/aitbc-sdk]) (push) Has been cancelled

Details

Package Tests / test-javascript-packages (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled

Details

Security Scanning / security-scan (push) Has been cancelled

Details

Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled

Details

Smart Contract Tests / test-solidity (map[name:zk-circuits path:apps/zk-circuits]) (push) Has been cancelled

Details

Smart Contract Tests / lint-solidity (push) Has been cancelled

Details

JavaScript SDK Tests / test-js-sdk (push) Has been cancelled

Details

Integration Tests / test-service-integration (push) Has been cancelled

Details

- Update JS SDK vitest from 1.6.0 to 4.1.2 (fixes esbuild vulnerability)
- Update Solidity contracts solidity-coverage from 0.8.17 to 0.8.4
- Apply npm audit fix --force to resolve breaking changes
- Reduced total vulnerabilities from 48 to 29
- JS SDK now has 0 vulnerabilities (previously 4 moderate)
- Solidity contracts reduced from 41 to 29 vulnerabilities
- Remaining 29 are mostly legacy ethers v5 dependencies in Hardhat ecosystem

Security improvements:
- Fixed esbuild development server vulnerability
- Fixed serialize-javascript RCE and DoS vulnerabilities
- Updated lodash and other vulnerable dependencies
- Python dependencies remain secure (0 vulnerabilities)

2026-03-31 16:41:42 +02:00

2 Commits