From 542e77462b6c052fa4356da7f0f921e35dea5195 Mon Sep 17 00:00:00 2001 From: alexloiko <13203602+alexloiko@users.noreply.github.com> Date: Fri, 15 Sep 2023 19:37:24 +0300 Subject: [PATCH] ALL-2604 Snyk fixes (#923) * ALL-2604 Class validator, transformer and url-parser updates * ALL-2604 Class validator, transformer and url-parser updates. Version * ALL-2604 Fixed long warning of optional dependency --------- Co-authored-by: Oleksandr Loiko --- package.json | 11 +++++---- src/connector/tatum.ts | 8 +++---- src/helpers/index.ts | 6 ++--- yarn.lock | 51 +++++++++++++++++++++++++++++------------- 4 files changed, 49 insertions(+), 27 deletions(-) diff --git a/package.json b/package.json index e633eaf90c..2b994fb7c0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@tatumio/tatum-v1", - "version": "1.37.36", + "version": "1.37.37", "description": "Tatum API client allows browsers and Node.js clients to interact with Tatum API.", "main": "dist/src/index.js", "repository": "https://github.com/tatumio/tatum-js", @@ -61,8 +61,8 @@ "cardano-crypto.js": "^6.0.0", "cashaddrjs": "^0.4.4", "caver-js": "1.8.2", - "class-transformer": "^0.2.3", - "class-validator": "0.13.0", + "class-transformer": "^0.5.1", + "class-validator": "^0.14.0", "coininfo": "^5.1.0", "dedent-js": "^1.0.1", "ed25519-hd-key": "^1.1.2", @@ -78,7 +78,7 @@ "stellar-sdk": "^8.1.0", "thorify": "^1.5.2", "tronweb": "^3.2.2", - "url-parse": "^1.5.3", + "url-parse": "^1.5.10", "web3": "^1.7.0", "web3-eth": "^1.7.0" }, @@ -116,5 +116,8 @@ ], "coverageDirectory": "../coverage", "testEnvironment": "node" + }, + "resolutions": { + "scrypt": "github:barrysteyn/node-scrypt#fb60a8d3c158fe115a624b5ffa7480f3a24b03fb" } } diff --git a/src/connector/tatum.ts b/src/connector/tatum.ts index ecc8a21885..3526cdca7c 100644 --- a/src/connector/tatum.ts +++ b/src/connector/tatum.ts @@ -1,13 +1,13 @@ import a from 'axios'; import axiosRetry, {isNetworkOrIdempotentRequestError} from 'axios-retry'; import {plainToClass} from 'class-transformer'; -import {ClassType} from 'class-transformer/ClassTransformer'; import {validateOrReject} from 'class-validator'; import FormData from 'form-data'; import http from 'http'; import https from 'https'; import { version } from '../../package.json' import {TATUM_API_URL, TATUM_RETRIES, TATUM_RETRY_DELAY} from '../constants'; +import {ClassConstructor} from "class-transformer/types/interfaces"; export const axios = a.create({ httpAgent: new http.Agent({keepAlive: true}), @@ -31,7 +31,7 @@ export const get = async (url: string): Promise => { } // eslint-disable-next-line @typescript-eslint/ban-types -export const post = async (url: string, body?: U, classType?: ClassType): Promise => { +export const post = async (url: string, body?: U, classType?: ClassConstructor): Promise => { await validateBody(body, classType); const {data} = await axios.post(`${baseUrl()}${url}`, body, headers()); return data; @@ -46,7 +46,7 @@ export const postMultiForm = async (url: string, body: FormData): Promise = }; // eslint-disable-next-line @typescript-eslint/ban-types -export const put = async (url: string, body?: U, classType?: ClassType): Promise => { +export const put = async (url: string, body?: U, classType?: ClassConstructor): Promise => { await validateBody(body, classType) const { data } = await axios.put(`${baseUrl()}${url}`, body, headers()) return data @@ -57,7 +57,7 @@ export const httpDelete = async (url: string): Promise => { } // eslint-disable-next-line @typescript-eslint/ban-types -export const validateBody = async (body: U, classType?: ClassType): Promise => { +export const validateBody = async (body: U, classType?: ClassConstructor): Promise => { if (classType) { const classInstance = plainToClass(classType, body) await validateOrReject(classInstance) diff --git a/src/helpers/index.ts b/src/helpers/index.ts index fdb1d9b295..74f0c4aec6 100644 --- a/src/helpers/index.ts +++ b/src/helpers/index.ts @@ -1,4 +1,4 @@ -import { ClassType } from 'class-transformer/ClassTransformer'; +import { ClassConstructor } from 'class-transformer'; import Web3 from 'web3'; import { bscBroadcast, @@ -74,7 +74,7 @@ export const helperGetWeb3Client = (testnet: boolean, chain: Currency, provider? }; // eslint-disable-next-line @typescript-eslint/ban-types -export const helperPrepareSCCall = async (testnet: boolean, body: any, clazz: ClassType, methodName: string, params: any[], methodSig?: string, +export const helperPrepareSCCall = async (testnet: boolean, body: any, clazz: ClassConstructor, methodName: string, params: any[], methodSig?: string, provider?: string, abi: any[] = listing.abi) => { let r: SmartContractMethodInvocation | CeloSmartContractMethodInvocation; if (body.chain === Currency.CELO) { @@ -129,4 +129,4 @@ export const normalizeAddress = (chain: Currency, address: string) => { default: return address } -} \ No newline at end of file +} diff --git a/yarn.lock b/yarn.lock index e7dfb1e844..9ef7052ee4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2113,6 +2113,11 @@ resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.6.3.tgz#31ca2e997bf13a0fffca30a25747d5b9f7dbb7de" integrity sha512-fWG42pMJOL4jKsDDZZREnXLjc3UE0R8LOJfARWYg6U966rxDT7TYejYzLnUF5cvSObGg34nd0+H2wHHU5Omdfw== +"@types/validator@^13.7.10": + version "13.11.1" + resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.11.1.tgz#6560af76ed54490e68c42f717ab4e742ba7be74b" + integrity sha512-d/MUkJYdOeKycmm75Arql4M5+UuXmf4cHdHKsyw1GcvnNgL6s77UkgSgJ8TE/rI5PYsnwYq5jkcWBLuN/MpQ1A== + "@types/websocket@^1.0.5": version "1.0.5" resolved "https://registry.yarnpkg.com/@types/websocket/-/websocket-1.0.5.tgz#3fb80ed8e07f88e51961211cd3682a3a4a81569c" @@ -3655,10 +3660,10 @@ class-is@^1.1.0: resolved "https://registry.yarnpkg.com/class-is/-/class-is-1.1.0.tgz#9d3c0fba0440d211d843cec3dedfa48055005825" integrity sha512-rhjH9AG1fvabIDoGRVH587413LPjTZgmDF9fOFCbFJQV4yuocX1mHxxvXI4g3cGwbVY9wAYIoKlg1N79frJKQw== -class-transformer@^0.2.3: - version "0.2.3" - resolved "https://registry.yarnpkg.com/class-transformer/-/class-transformer-0.2.3.tgz#598c92ca71dcca73f91ccb875d74a3847ccfa32d" - integrity sha512-qsP+0xoavpOlJHuYsQJsN58HXSl8Jvveo+T37rEvCEeRfMWoytAyR0Ua/YsFgpM6AZYZ/og2PJwArwzJl1aXtQ== +class-transformer@^0.5.1: + version "0.5.1" + resolved "https://registry.yarnpkg.com/class-transformer/-/class-transformer-0.5.1.tgz#24147d5dffd2a6cea930a3250a677addf96ab336" + integrity sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw== class-utils@^0.3.5: version "0.3.6" @@ -3670,13 +3675,14 @@ class-utils@^0.3.5: isobject "^3.0.0" static-extend "^0.1.1" -class-validator@0.13.0: - version "0.13.0" - resolved "https://registry.yarnpkg.com/class-validator/-/class-validator-0.13.0.tgz#87770a90e4f9ac1a928631ae58dc6920299052ff" - integrity sha512-PNu14GiCXGqVKrCa7VJbDkA3wgB7ORdVwiK+DexcV0Dbk3UKLeHuD2Pn/BbhiFCcIf7GqChapnpZKaGFfdfVCQ== +class-validator@^0.14.0: + version "0.14.0" + resolved "https://registry.yarnpkg.com/class-validator/-/class-validator-0.14.0.tgz#40ed0ecf3c83b2a8a6a320f4edb607be0f0df159" + integrity sha512-ct3ltplN8I9fOwUd8GrP8UQixwff129BkEtuWDKL5W45cQuLd19xqmTLu5ge78YDm/fdje6FMt0hGOhl0lii3A== dependencies: - libphonenumber-js "^1.7.57" - validator "^13.1.1" + "@types/validator" "^13.7.10" + libphonenumber-js "^1.10.14" + validator "^13.7.0" cliui@^6.0.0: version "6.0.0" @@ -7318,10 +7324,10 @@ libp2p-crypto@^0.19.0: uint8arrays "^3.0.0" ursa-optional "^0.10.1" -libphonenumber-js@^1.7.57: - version "1.9.23" - resolved "https://registry.yarnpkg.com/libphonenumber-js/-/libphonenumber-js-1.9.23.tgz#e28babdaaaf7e09fbaf23a1c714166fa63001ea3" - integrity sha512-+qWSwPyJWSV9ukb7Iu21WpWEP7irFWR1ojoYykL2itAfXKj9FjsTjS6PPZoPUOZk+1kxliHjwsilqA1TNeOhuQ== +libphonenumber-js@^1.10.14: + version "1.10.44" + resolved "https://registry.yarnpkg.com/libphonenumber-js/-/libphonenumber-js-1.10.44.tgz#6709722461173e744190494aaaec9c1c690d8ca8" + integrity sha512-svlRdNBI5WgBjRC20GrCfbFiclbF0Cx+sCcQob/C1r57nsoq0xg8r65QbTyVyweQIlB33P+Uahyho6EMYgcOyQ== lines-and-columns@^1.1.6: version "1.1.6" @@ -10581,7 +10587,7 @@ url-parse-lax@^3.0.0: dependencies: prepend-http "^2.0.0" -url-parse@^1.4.3, url-parse@^1.5.1, url-parse@^1.5.3: +url-parse@^1.4.3, url-parse@^1.5.1: version "1.5.3" resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.3.tgz#71c1303d38fb6639ade183c2992c8cc0686df862" integrity sha512-IIORyIQD9rvj0A4CLWsHkBBJuNqWpFQe224b6j9t/ABmquIS0qDU2pY6kl6AuOrL5OkCXHMCFNe1jBcuAggjvQ== @@ -10589,6 +10595,14 @@ url-parse@^1.4.3, url-parse@^1.5.1, url-parse@^1.5.3: querystringify "^2.1.1" requires-port "^1.0.0" +url-parse@^1.5.10: + version "1.5.10" + resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1" + integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ== + dependencies: + querystringify "^2.1.1" + requires-port "^1.0.0" + url-set-query@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/url-set-query/-/url-set-query-1.0.0.tgz#016e8cfd7c20ee05cafe7795e892bd0702faa339" @@ -10715,11 +10729,16 @@ validate-npm-package-license@^3.0.1: spdx-correct "^3.0.0" spdx-expression-parse "^3.0.0" -validator@^13.1.1, validator@^13.6.0: +validator@^13.6.0: version "13.7.0" resolved "https://registry.yarnpkg.com/validator/-/validator-13.7.0.tgz#4f9658ba13ba8f3d82ee881d3516489ea85c0857" integrity sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw== +validator@^13.7.0: + version "13.11.0" + resolved "https://registry.yarnpkg.com/validator/-/validator-13.11.0.tgz#23ab3fd59290c61248364eabf4067f04955fbb1b" + integrity sha512-Ii+sehpSfZy+At5nPdnyMhx78fEoPDkR2XW/zimHEL3MyGJQOCQ7WeP20jPYRz7ZCpcKLB21NxuXHF3bxjStBQ== + varint@5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/varint/-/varint-5.0.0.tgz#d826b89f7490732fabc0c0ed693ed475dcb29ebf"