updated dependencies for walletconnect to work in dev mode

[trepca]

No description provided.

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/node@18.19.15	None	+1	3.95 MB	types
npm/@walletconnect/sign-client@2.11.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+171	30.5 MB	bkrem, boidushya, chris13524, ...8 more
npm/@walletconnect/types@2.11.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+124	19.6 MB	bkrem, boidushya, chris13524, ...8 more
npm/@walletconnect/utils@2.11.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+152	22.7 MB	bkrem, boidushya, chris13524, ...8 more
npm/electron@28.2.2	Transitive: environment, eval, filesystem, network, shell	+72	10.7 MB	electron-nightly, electronhq

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
AI warning	npm/untun@0.1.3	Notes: The code appears to have risky practices such as downloading and executing binaries without validation and potential code execution via execSync. It does not contain obvious malware, but there is a risk associated with executing downloaded binaries and scripts without proper validation or integrity checks. Confidence: 1.00 Severity: 0.60	packages/gui/package.json

View full report↗︎

Next steps

What are AI warnings?

AI has found some unusual behaviors which could indicate a security risk

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/untun@0.1.3

[ChiaMineJP]

Checking Electron Release Note (from 27.0.0 to 29.0.1) ...
https://releases.electronjs.org/releases/stable

Found changes which might affect chia-blockchain-gui

• Apply module search paths restriction on worker and child process. #41137 (Also in 27, 29)

Electron now released 29.0.1 so we also have an option to specify Electron version to "29.0.1" in the package.json

I'll test new Electron behavior on several platforms like

• Windows 10
• m1 MacOS (14 Sonoma)
• Ubuntu 22.04
• Fedora 39

[ChiaMineJP]

I tested new Electron whether it can be launched without problems on the following OSes.

• m1 MacOS (14 Sonoma)
• Windows 10
• Ubuntu 22.04
• Fedora 39 (npm run electron works to launch GUI but npx lerna run dev:skipLocales --scope=@chia-network/gui didn't work. But this is not a regression since the base branch (main) has the same issue)

So upgrading Electron is fine by me.
And one change request.
Please add the new package-lock.json along with this package.json. Without it, everytime we run npm install, npm generates new uncommited package-lock.json