fix: resolve HIGH severity security vulnerabilities

lcovar · lcovar · commit c7b2a6446bc4 · 2025-12-02T15:27:36.000-08:00
Add yarn resolutions to fix the following vulnerabilities: - validator (GHSA-vghf-hv5q-vc2g): ReDoS vulnerability in isEmail - Resolved by forcing validator@13.15.23 for tronweb dependency - valibot (GHSA-vqpr-j7v3-hqw9): ReDoS vulnerability in EMOJI_REGEX - Resolved by forcing valibot@1.2.0 for @iota/iota-sdk dependency Ticket: BG-0
diff --git a/package.json b/package.json
@@ -108,7 +108,9 @@
     "request": "npm:@cypress/request@3.0.9",
     "**/avalanche/store2": "2.14.4",
     "webpack-dev-server": "5.2.1",
-    "memfs": "4.46.0"
+    "memfs": "4.46.0",
+    "**/tronweb/**/validator": "13.15.23",
+    "**/valibot": "1.2.0"
   },
   "workspaces": [
     "modules/*"
diff --git a/yarn.lock b/yarn.lock
@@ -20634,10 +20634,10 @@ v8-compile-cache@^2.0.3:
   resolved "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz"
   integrity sha512-ocyWc3bAHBB/guyqJQVI5o4BZkPhznPYUG2ea80Gond/BgNWpap8TOmLSeeQG7bnh2KMISxskdADG59j7zruhw==
 
-valibot@^0.36.0:
-  version "0.36.0"
-  resolved "https://registry.npmjs.org/valibot/-/valibot-0.36.0.tgz"
-  integrity sha512-CjF1XN4sUce8sBK9TixrDqFM7RwNkuXdJu174/AwmQUB62QbCQADg5lLe8ldBalFgtj1uKj+pKwDJiNo4Mn+eQ==
+valibot@1.2.0, valibot@^0.36.0:
+  version "1.2.0"
+  resolved "https://registry.npmjs.org/valibot/-/valibot-1.2.0.tgz#8fc720d9e4082ba16e30a914064a39619b2f1d6f"
+  integrity sha512-mm1rxUsmOxzrwnX5arGS+U4T25RdvpPjPN4yR0u9pUBov9+zGVtO84tif1eY4r6zWxVxu3KzIyknJy3rxfRZZg==
 
 validate-npm-package-license@3.0.4, validate-npm-package-license@^3.0.1, validate-npm-package-license@^3.0.4:
   version "3.0.4"
@@ -20657,10 +20657,10 @@ validate-npm-package-name@^5.0.0:
   resolved "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz"
   integrity sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ==
 
-validator@^13.7.0:
-  version "13.15.15"
-  resolved "https://registry.npmjs.org/validator/-/validator-13.15.15.tgz"
-  integrity sha512-BgWVbCI72aIQy937xbawcs+hrVaN/CZ2UwutgaJ36hGqRrLNM+f5LUT/YPRbo8IV/ASeFzXszezV+y2+rq3l8A==
+validator@13.15.23, validator@^13.7.0:
+  version "13.15.23"
+  resolved "https://registry.npmjs.org/validator/-/validator-13.15.23.tgz#59a874f84e4594588e3409ab1edbe64e96d0c62d"
+  integrity sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw==
 
 varuint-bitcoin@^1.0.1, varuint-bitcoin@^1.0.4, varuint-bitcoin@^1.1.2:
   version "1.1.2"
