v3-client icon indicating copy to clipboard operation
v3-client copied to clipboard

Published 20 hours ago verified publisher icon dydxprotocol

Potential vulnerabilities with dependencies

Open snowkidind opened this issue 2 years ago • 1 comments

Please update this packages' dependencies.

Potential vulnerabilities

dependency using should use
ethers 5.0.18 5.6.9
web3 1.3.0 1.7.5

Errors generated by npm audit:

: Insecure Credential Storage in web3 : Arbitrary Code Execution in underscore : Use of a Broken or Risky Cryptographic Algorithm : ReDoS in Sec-Websocket-Protocol header : Got allows a redirect to a UNIX socket

snowkidind avatar Aug 03 '22 07:08 snowkidind

This module should indeed really update those dependencies. It causes many problems when trying to use it along with a newer web3 when it is needed in projects. Is is planned by the team ? Regards

svax974 avatar Jan 15 '23 13:01 svax974