fix: bump and dedupe vulnerable packages [LW-12987, LW-12986] #1890

przemyslaw-wlodek · 2025-06-02T16:25:25Z

Checklist

JIRA1, JIRA2

Proposed solution

See commit messages.

Testing

Please test features/providers related to:

Maestro BTC (the only place we use axios directly in Lace)
Ada Handle
Stake pools
Tx Submit

przemyslaw-wlodek · 2025-06-02T16:25:42Z

apps/browser-extension-wallet/src/utils/pgp.ts

    signingKeys: privateKeys,
    format: 'binary',
    config: {
-      deflateLevel: 9


See: openpgpjs/openpgpjs#1717

lace-bot · 2025-06-02T16:48:22Z

Allure Report

allure-report-publisher generated test report!

processReports: ✅ test report for 6ff1c281

	passed	failed	skipped	flaky	total	result
Total	33	0	4	0	37	✅

szymonmaslowski

LGTM.

pczeglik-iohk

Looks good.

sonarqubecloud · 2025-06-03T11:44:37Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

przemyslaw-wlodek self-assigned this Jun 2, 2025

przemyslaw-wlodek requested review from a team as code owners June 2, 2025 16:25

przemyslaw-wlodek commented Jun 2, 2025

View reviewed changes

przemyslaw-wlodek force-pushed the fix/LW-12987-LW-12986-bump-and-dedupe-vulnerable-packages branch from f3d1723 to 5269918 Compare June 2, 2025 16:54

szymonmaslowski approved these changes Jun 2, 2025

View reviewed changes

przemyslaw-wlodek force-pushed the fix/LW-12987-LW-12986-bump-and-dedupe-vulnerable-packages branch from 5269918 to 1ddaba0 Compare June 2, 2025 21:26

pczeglik-iohk approved these changes Jun 3, 2025

View reviewed changes

przemyslaw-wlodek enabled auto-merge (squash) June 3, 2025 09:36

przemyslaw-wlodek force-pushed the fix/LW-12987-LW-12986-bump-and-dedupe-vulnerable-packages branch from 1ddaba0 to c9829ce Compare June 3, 2025 09:46

wklos-iohk approved these changes Jun 3, 2025

View reviewed changes

przemyslaw-wlodek added 2 commits June 3, 2025 13:43

fix: bump and dedupe axios (CVE-2025-27152)

13ac61f

fix: bump openpgp (CVE-2025-47934)

6ff1c28

przemyslaw-wlodek force-pushed the fix/LW-12987-LW-12986-bump-and-dedupe-vulnerable-packages branch from c9829ce to 6ff1c28 Compare June 3, 2025 11:43

przemyslaw-wlodek disabled auto-merge June 3, 2025 15:31

pczeglik-iohk merged commit 963e9ea into main Jun 4, 2025
30 checks passed

pczeglik-iohk deleted the fix/LW-12987-LW-12986-bump-and-dedupe-vulnerable-packages branch June 4, 2025 08:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: bump and dedupe vulnerable packages [LW-12987, LW-12986] #1890

fix: bump and dedupe vulnerable packages [LW-12987, LW-12986] #1890

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix: bump and dedupe vulnerable packages [LW-12987, LW-12986] #1890

fix: bump and dedupe vulnerable packages [LW-12987, LW-12986] #1890

Uh oh!

Conversation

Checklist

Proposed solution

Testing

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Allure Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Quality Gate passed

Uh oh!

Uh oh!

Uh oh!