Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update tweetnacl dependency to 1.0.3 explicitly #26907

Merged
merged 1 commit into from
Aug 3, 2022
Merged

chore: update tweetnacl dependency to 1.0.3 explicitly #26907

merged 1 commit into from
Aug 3, 2022

Conversation

steveluscher
Copy link
Contributor

@steveluscher steveluscher commented Aug 3, 2022
edited
Loading

Problem

tweetnacl prior to version 1.0.3 had a security vulnerability. Despite the fact that the lockfile of web3.js specifies that we import 1.0.3, the package file itself doesn't set 1.0.3 as a lower bound on what we'll accept.

Summary of Changes

  • Set v1.0.3 as the lowest version of tweetnacl that we'll accept.
cd web3.js

git clean -dfx .
npx npm@latest i
git add package.json
git add package-lock.json
git commit
git reset --hard

git clean -dfx .
npx yarn@latest
git add yarn.lock
git commit --amend

Addresses solana-labs/solana-web3.js#1103.

@codecov
Copy link

codecov bot commented Aug 3, 2022
edited
Loading

Codecov Report

Merging #26907 (eb70fd6) into master (1165a7f) will decrease coverage by 4.3%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           master   solana-labs/solana#26907       +/-   ##
===========================================
- Coverage    81.9%    77.5%     -4.4%     
===========================================
  Files         631       42      -589     
  Lines      174252     2465   -171787     
  Branches        0      352      +352     
===========================================
- Hits       142728     1911   -140817     
+ Misses      31524      424    -31100     
- Partials        0      130      +130

@solana-labs solana-labs deleted a comment from paulmillr Aug 3, 2022
@steveluscher steveluscher merged commit 5260015 into solana-labs:master Aug 3, 2022
@steveluscher steveluscher deleted the explicit-103-tweetnacl branch August 3, 2022 17:52
This was referenced Sep 1, 2022
Open
Open
Open
Open
This was referenced Sep 6, 2022
Open
Open
Open
This was referenced Sep 10, 2022
Open
Open
Open
Open
@Balantion2020 Balantion2020 mentioned this pull request Sep 15, 2022
Open
This was referenced Sep 16, 2022
Open
Open
Open
Open
@Digiminey Digiminey mentioned this pull request Oct 11, 2024
Open
This was referenced Oct 13, 2024
Open
Open
@Digiminey Digiminey mentioned this pull request Oct 18, 2024
Open
This was referenced Oct 20, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@steveluscher