ALL-2604 Snyk fixes (#923)

* ALL-2604 Class validator, transformer and url-parser updates

* ALL-2604 Class validator, transformer and url-parser updates. Version

* ALL-2604 Fixed long warning of optional dependency

---------

Co-authored-by: Oleksandr Loiko <oleksandr.loiko@tatum.io>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tatumio/tatum-v1",
-  "version": "1.37.36",
+  "version": "1.37.37",
   "description": "Tatum API client allows browsers and Node.js clients to interact with Tatum API.",
   "main": "dist/src/index.js",
   "repository": "https://github.com/tatumio/tatum-js",
@@ -61,8 +61,8 @@
     "cardano-crypto.js": "^6.0.0",
     "cashaddrjs": "^0.4.4",
     "caver-js": "1.8.2",
-    "class-transformer": "^0.2.3",
-    "class-validator": "0.13.0",
+    "class-transformer": "^0.5.1",
+    "class-validator": "^0.14.0",
     "coininfo": "^5.1.0",
     "dedent-js": "^1.0.1",
     "ed25519-hd-key": "^1.1.2",
@@ -78,7 +78,7 @@
     "stellar-sdk": "^8.1.0",
     "thorify": "^1.5.2",
     "tronweb": "^3.2.2",
-    "url-parse": "^1.5.3",
+    "url-parse": "^1.5.10",
     "web3": "^1.7.0",
     "web3-eth": "^1.7.0"
   },
@@ -116,5 +116,8 @@
     ],
     "coverageDirectory": "../coverage",
     "testEnvironment": "node"
+  },
+  "resolutions": {
+    "scrypt": "github:barrysteyn/node-scrypt#fb60a8d3c158fe115a624b5ffa7480f3a24b03fb"
   }
 }

src/connector/tatum.ts

@@ -1,13 +1,13 @@
 import a from 'axios';
 import axiosRetry, {isNetworkOrIdempotentRequestError} from 'axios-retry';
 import {plainToClass} from 'class-transformer';
-import {ClassType} from 'class-transformer/ClassTransformer';
 import {validateOrReject} from 'class-validator';
 import FormData from 'form-data';
 import http from 'http';
 import https from 'https';
 import { version } from '../../package.json'
 import {TATUM_API_URL, TATUM_RETRIES, TATUM_RETRY_DELAY} from '../constants';
+import {ClassConstructor} from "class-transformer/types/interfaces";
 
 export const axios = a.create({
   httpAgent: new http.Agent({keepAlive: true}),
@@ -31,7 +31,7 @@ export const get = async <T>(url: string): Promise<T> => {
 }
 
 // eslint-disable-next-line @typescript-eslint/ban-types
-export const post = async <T extends object, U, V>(url: string, body?: U, classType?: ClassType<T>): Promise<V> => {
+export const post = async <T extends object, U, V>(url: string, body?: U, classType?: ClassConstructor<T>): Promise<V> => {
   await validateBody(body, classType);
   const {data} = await axios.post(`${baseUrl()}${url}`, body, headers());
   return data;
@@ -46,7 +46,7 @@ export const postMultiForm = async (url: string, body: FormData): Promise<any> =
 };
 
 // eslint-disable-next-line @typescript-eslint/ban-types
-export const put = async <T extends object, U, V>(url: string, body?: U, classType?: ClassType<T>): Promise<V> => {
+export const put = async <T extends object, U, V>(url: string, body?: U, classType?: ClassConstructor<T>): Promise<V> => {
   await validateBody(body, classType)
   const { data } = await axios.put(`${baseUrl()}${url}`, body, headers())
   return data
@@ -57,7 +57,7 @@ export const httpDelete = async (url: string): Promise<void> => {
 }
 
 // eslint-disable-next-line @typescript-eslint/ban-types
-export const validateBody = async <T extends object, U>(body: U, classType?: ClassType<T>): Promise<void> => {
+export const validateBody = async <T extends object, U>(body: U, classType?: ClassConstructor<T>): Promise<void> => {
   if (classType) {
     const classInstance = plainToClass(classType, body)
     await validateOrReject(classInstance)

src/helpers/index.ts

@@ -1,4 +1,4 @@
-import { ClassType } from 'class-transformer/ClassTransformer';
+import { ClassConstructor } from 'class-transformer';
 import Web3 from 'web3';
 import {
     bscBroadcast,
@@ -74,7 +74,7 @@ export const helperGetWeb3Client = (testnet: boolean, chain: Currency, provider?
 };
 
 // eslint-disable-next-line @typescript-eslint/ban-types
-export const helperPrepareSCCall = async (testnet: boolean, body: any, clazz: ClassType<object>, methodName: string, params: any[], methodSig?: string,
+export const helperPrepareSCCall = async (testnet: boolean, body: any, clazz: ClassConstructor<object>, methodName: string, params: any[], methodSig?: string,
                                           provider?: string, abi: any[] = listing.abi) => {
   let r: SmartContractMethodInvocation | CeloSmartContractMethodInvocation;
   if (body.chain === Currency.CELO) {
@@ -129,4 +129,4 @@ export const normalizeAddress = (chain: Currency, address: string) => {
         default:
             return address
     }
-}
+}

yarn.lock

@@ -2113,6 +2113,11 @@
   resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.6.3.tgz#31ca2e997bf13a0fffca30a25747d5b9f7dbb7de"
   integrity sha512-fWG42pMJOL4jKsDDZZREnXLjc3UE0R8LOJfARWYg6U966rxDT7TYejYzLnUF5cvSObGg34nd0+H2wHHU5Omdfw==
 
+"@types/validator@^13.7.10":
+  version "13.11.1"
+  resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.11.1.tgz#6560af76ed54490e68c42f717ab4e742ba7be74b"
+  integrity sha512-d/MUkJYdOeKycmm75Arql4M5+UuXmf4cHdHKsyw1GcvnNgL6s77UkgSgJ8TE/rI5PYsnwYq5jkcWBLuN/MpQ1A==
+
 "@types/websocket@^1.0.5":
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/@types/websocket/-/websocket-1.0.5.tgz#3fb80ed8e07f88e51961211cd3682a3a4a81569c"
@@ -3655,10 +3660,10 @@ class-is@^1.1.0:
   resolved "https://registry.yarnpkg.com/class-is/-/class-is-1.1.0.tgz#9d3c0fba0440d211d843cec3dedfa48055005825"
   integrity sha512-rhjH9AG1fvabIDoGRVH587413LPjTZgmDF9fOFCbFJQV4yuocX1mHxxvXI4g3cGwbVY9wAYIoKlg1N79frJKQw==
 
-class-transformer@^0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/class-transformer/-/class-transformer-0.2.3.tgz#598c92ca71dcca73f91ccb875d74a3847ccfa32d"
-  integrity sha512-qsP+0xoavpOlJHuYsQJsN58HXSl8Jvveo+T37rEvCEeRfMWoytAyR0Ua/YsFgpM6AZYZ/og2PJwArwzJl1aXtQ==
+class-transformer@^0.5.1:
+  version "0.5.1"
+  resolved "https://registry.yarnpkg.com/class-transformer/-/class-transformer-0.5.1.tgz#24147d5dffd2a6cea930a3250a677addf96ab336"
+  integrity sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw==
 
 class-utils@^0.3.5:
   version "0.3.6"
@@ -3670,13 +3675,14 @@ class-utils@^0.3.5:
     isobject "^3.0.0"
     static-extend "^0.1.1"
 
-class-validator@0.13.0:
-  version "0.13.0"
-  resolved "https://registry.yarnpkg.com/class-validator/-/class-validator-0.13.0.tgz#87770a90e4f9ac1a928631ae58dc6920299052ff"
-  integrity sha512-PNu14GiCXGqVKrCa7VJbDkA3wgB7ORdVwiK+DexcV0Dbk3UKLeHuD2Pn/BbhiFCcIf7GqChapnpZKaGFfdfVCQ==
+class-validator@^0.14.0:
+  version "0.14.0"
+  resolved "https://registry.yarnpkg.com/class-validator/-/class-validator-0.14.0.tgz#40ed0ecf3c83b2a8a6a320f4edb607be0f0df159"
+  integrity sha512-ct3ltplN8I9fOwUd8GrP8UQixwff129BkEtuWDKL5W45cQuLd19xqmTLu5ge78YDm/fdje6FMt0hGOhl0lii3A==
   dependencies:
-    libphonenumber-js "^1.7.57"
-    validator "^13.1.1"
+    "@types/validator" "^13.7.10"
+    libphonenumber-js "^1.10.14"
+    validator "^13.7.0"
 
 cliui@^6.0.0:
   version "6.0.0"
@@ -7318,10 +7324,10 @@ libp2p-crypto@^0.19.0:
     uint8arrays "^3.0.0"
     ursa-optional "^0.10.1"
 
-libphonenumber-js@^1.7.57:
-  version "1.9.23"
-  resolved "https://registry.yarnpkg.com/libphonenumber-js/-/libphonenumber-js-1.9.23.tgz#e28babdaaaf7e09fbaf23a1c714166fa63001ea3"
-  integrity sha512-+qWSwPyJWSV9ukb7Iu21WpWEP7irFWR1ojoYykL2itAfXKj9FjsTjS6PPZoPUOZk+1kxliHjwsilqA1TNeOhuQ==
+libphonenumber-js@^1.10.14:
+  version "1.10.44"
+  resolved "https://registry.yarnpkg.com/libphonenumber-js/-/libphonenumber-js-1.10.44.tgz#6709722461173e744190494aaaec9c1c690d8ca8"
+  integrity sha512-svlRdNBI5WgBjRC20GrCfbFiclbF0Cx+sCcQob/C1r57nsoq0xg8r65QbTyVyweQIlB33P+Uahyho6EMYgcOyQ==
 
 lines-and-columns@^1.1.6:
   version "1.1.6"
@@ -10581,14 +10587,22 @@ url-parse-lax@^3.0.0:
   dependencies:
     prepend-http "^2.0.0"
 
-url-parse@^1.4.3, url-parse@^1.5.1, url-parse@^1.5.3:
+url-parse@^1.4.3, url-parse@^1.5.1:
   version "1.5.3"
   resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.3.tgz#71c1303d38fb6639ade183c2992c8cc0686df862"
   integrity sha512-IIORyIQD9rvj0A4CLWsHkBBJuNqWpFQe224b6j9t/ABmquIS0qDU2pY6kl6AuOrL5OkCXHMCFNe1jBcuAggjvQ==
   dependencies:
     querystringify "^2.1.1"
     requires-port "^1.0.0"
 
+url-parse@^1.5.10:
+  version "1.5.10"
+  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1"
+  integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==
+  dependencies:
+    querystringify "^2.1.1"
+    requires-port "^1.0.0"
+
 url-set-query@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/url-set-query/-/url-set-query-1.0.0.tgz#016e8cfd7c20ee05cafe7795e892bd0702faa339"
@@ -10715,11 +10729,16 @@ validate-npm-package-license@^3.0.1:
     spdx-correct "^3.0.0"
     spdx-expression-parse "^3.0.0"
 
-validator@^13.1.1, validator@^13.6.0:
+validator@^13.6.0:
   version "13.7.0"
   resolved "https://registry.yarnpkg.com/validator/-/validator-13.7.0.tgz#4f9658ba13ba8f3d82ee881d3516489ea85c0857"
   integrity sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==
 
+validator@^13.7.0:
+  version "13.11.0"
+  resolved "https://registry.yarnpkg.com/validator/-/validator-13.11.0.tgz#23ab3fd59290c61248364eabf4067f04955fbb1b"
+  integrity sha512-Ii+sehpSfZy+At5nPdnyMhx78fEoPDkR2XW/zimHEL3MyGJQOCQ7WeP20jPYRz7ZCpcKLB21NxuXHF3bxjStBQ==
+
 varint@5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/varint/-/varint-5.0.0.tgz#d826b89f7490732fabc0c0ed693ed475dcb29ebf"