From d1018c98c319b87fb5dc10c9f146ae0b9cc66039 Mon Sep 17 00:00:00 2001 From: Luis Covarrubias Date: Tue, 2 Dec 2025 15:26:34 -0800 Subject: [PATCH] fix: resolve HIGH severity security vulnerabilities Add yarn resolutions to fix the following vulnerabilities: - validator (GHSA-vghf-hv5q-vc2g): ReDoS vulnerability in isEmail - Resolved by forcing validator@13.15.23 for tronweb dependency - valibot (GHSA-vqpr-j7v3-hqw9): ReDoS vulnerability in EMOJI_REGEX - Resolved by forcing valibot@1.2.0 for @iota/iota-sdk dependency Ticket: BG-0 --- package.json | 3 ++- yarn.lock | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 40e7064f6e..0cad1c56e8 100644 --- a/package.json +++ b/package.json @@ -109,7 +109,8 @@ "**/avalanche/store2": "2.14.4", "webpack-dev-server": "5.2.1", "memfs": "4.46.0", - "**/iota-sdk/**/valibot": "1.2.0" + "**/iota-sdk/**/valibot": "1.2.0", + "**/tronweb/**/validator": "13.15.23" }, "workspaces": [ "modules/*" diff --git a/yarn.lock b/yarn.lock index acd859bf1f..87a4eb1375 100644 --- a/yarn.lock +++ b/yarn.lock @@ -20803,10 +20803,10 @@ validate-npm-package-name@^5.0.0: resolved "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz" integrity sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ== -validator@^13.7.0: - version "13.15.15" - resolved "https://registry.npmjs.org/validator/-/validator-13.15.15.tgz" - integrity sha512-BgWVbCI72aIQy937xbawcs+hrVaN/CZ2UwutgaJ36hGqRrLNM+f5LUT/YPRbo8IV/ASeFzXszezV+y2+rq3l8A== +validator@13.15.23, validator@^13.7.0: + version "13.15.23" + resolved "https://registry.npmjs.org/validator/-/validator-13.15.23.tgz#59a874f84e4594588e3409ab1edbe64e96d0c62d" + integrity sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw== varuint-bitcoin@^1.0.1, varuint-bitcoin@^1.0.4, varuint-bitcoin@^1.1.2: version "1.1.2"