Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Trezor library #20640

Closed
spylogsster opened this issue Jan 23, 2022 · 5 comments · Fixed by brave/brave-core#11960
Closed

Update Trezor library #20640

spylogsster opened this issue Jan 23, 2022 · 5 comments · Fixed by brave/brave-core#11960
Assignees
@spylogsster
Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude
Milestone
1.36.x - Release

Comments

@spylogsster
Copy link

spylogsster commented Jan 23, 2022
edited

There is audit issue with node-fetch

└─┬ trezor-connect@8.2.1-extended
  ├─┬ @trezor/rollout@1.2.1
  │ └─┬ cross-fetch@3.1.4
  │   └── node-fetch@2.6.1
  ├── node-fetch@2.6.7
  └─┬ trezor-link@1.7.3
    └── node-fetch@2.6.7 deduped

GHSA-r683-j2x4-v87g
@spylogsster spylogsster self-assigned this Jan 23, 2022
@spylogsster spylogsster added this to Untriaged in Wallet via automation Jan 23, 2022
@spylogsster spylogsster moved this from Untriaged to In Review in Wallet Jan 23, 2022
@spylogsster
Copy link
Author

Waiting for this fix lquixada/cross-fetch#118

This was referenced Jan 23, 2022
Merged
Merged
@imsys
Copy link

imsys commented Jan 23, 2022

@spylogsster cross-fetch 3.1.5 already fixes it by using node-fetch 2.6.7, that is a backport of the patch. node-fetch/node-fetch@1ef4b56
Just the warning was not fixed for node-fetch 2.6.7 yet.

@imsys
Copy link

imsys commented Jan 23, 2022

Edit: the warning is already fixed, and should show cross-fetch 3.1.5 and node-fetch 2.6.7 as having the patched version.

@Daniel4SE
Copy link

Can you fix the issue of #20634, I also meet that problem

Wallet automation moved this from In Review to Closed Jan 23, 2022
@spylogsster spylogsster added this to the 1.36.x - Nightly milestone Jan 23, 2022
@LaurenWags LaurenWags added the feature/web3/wallet Integrating Ethereum+ wallet support label Feb 2, 2022
@srirambv
Copy link
Contributor

Brave 1.36.90 Chromium: 98.0.4758.87 (Official Build) beta (64-bit)
Revision e4cd00f135fb4d8edc64c8aa6ecbe7cc79ebb3b2-refs/branch-heads/4758@{#1002}
OS ☑️ Linux ☑️ Windows 11 Version Dev
(Build 22523.1000) 		☑️ macOS Version 12.0.1
(Build 21C52)

@bbondy bbondy removed this from Closed in Wallet Mar 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spylogsster spylogsster

Labels
feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude
Projects
Web3
Archived in project
Milestone
1.36.x - Release
Development

Successfully merging a pull request may close this issue.

Update trezor-connect dependency brave/brave-core
6 participants
@bbondy @imsys @spylogsster @srirambv @LaurenWags @Daniel4SE