Snyk fix 1a42f46a3694152c28f6d1d4dc5aea44#196
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [express](https://github.com/expressjs/express). Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>
[skip ci]
…ity-group-e0cd778f82
…yarn-security-group-e0cd778f82 Bump the npm_and_yarn group across 1 directory with 1 update
Snyk has created this PR to upgrade @tanstack/react-query from 5.45.1 to 5.64.2. See this package in npm: @tanstack/react-query See this project in Snyk: https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
…9e16dcb9a2eda9 Snyk upgrade 03178c54d4c54014129e16dcb9a2eda9
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js). Updates `next` from 15.4.2 to 15.4.7 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.2...v15.4.7) --- updated-dependencies: - dependency-name: next dependency-version: 15.4.7 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: [happy-dom](https://github.com/capricorn86/happy-dom). Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) Updates `happy-dom` from 17.6.3 to 20.0.0 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v17.6.3...v20.0.0) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 20.0.0 to 20.0.2 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.0.0...v20.0.2) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...re-1.0.0/lib/signals-implicit-mode/lib/sequence-v3/lib/openzeppelin-contracts/certora/run.js
Fixed
Show fixed
Hide fixed
| protected path = '/rpc/Builder/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
| protected path = '/rpc/IdentityInstrument/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
| protected path = '/rpc/Indexer/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
| protected path = '/rpc/Collections/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
| protected path = '/rpc/Admin/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
| protected path = '/rpc/Relayer/' | ||
|
|
||
| constructor(hostname: string, fetch: Fetch) { | ||
| this.hostname = hostname.replace(/\/*$/, '') |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High library
wagmi-project/packages/sequence-core-1.0.0/packages/wallet/dapp-client/src/DappTransport.ts
Fixed
Show fixed
Hide fixed
...roject/packages/sequence-core-1.0.0/packages/wallet/primitives-cli/src/subcommands/server.ts
Fixed
Show fixed
Hide fixed
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Summary of ChangesHello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request includes a variety of updates, from dependency upgrades and improved randomness to enhanced error handling and project setup configurations. It also introduces new documentation and issue templates to improve project maintainability and developer experience. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request applies several important security fixes, such as using cryptographically secure random number generators for nonces and IDs, and preventing the leakage of internal error details. These changes are valuable improvements.
However, the pull request also includes a large number of unrelated changes that appear to be a mistake. The README.md has been completely replaced with content from the wagmi project, and an entire wagmi-project directory has been added. These changes are inconsistent with the PR's title of a 'Snyk fix' and are highly confusing.
I've added comments on a few specific issues related to these new files, such as the incorrect README content, inconsistent package manager usage in the Azure pipeline, a placeholder email in the security policy, and a duplicated CircleCI config.
I recommend splitting this PR to only include the security fixes and reverting the unrelated changes to keep the commit history clean and focused.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
…ession for hostnames Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
…rough a stack trace Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
9 participants
No description provided.