Merge pull request #196 from OffchainLabs/bold-merge-npm

gzeoneth · web-flow · commit c03101fdc70a · 2024-06-28T18:12:54.000+08:00
chore: ignore npm audit issues and bump packages
diff --git a/.github/workflows/audit-ci.yml b/.github/workflows/audit-ci.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [16, 18, 20]
+        node-version: [18, 20]
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/.github/workflows/contract-tests.yml b/.github/workflows/contract-tests.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Setup node/yarn
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           cache: 'yarn'
           cache-dependency-path: '**/yarn.lock'
 
@@ -153,7 +153,7 @@ jobs:
   #     - name: Setup node/yarn
   #       uses: actions/setup-node@v3
   #       with:
-  #         node-version: 16
+  #         node-version: 18
   #         cache: 'yarn'
   #         cache-dependency-path: '**/yarn.lock'
 
@@ -184,7 +184,7 @@ jobs:
   #     - name: Setup node/yarn
   #       uses: actions/setup-node@v3
   #       with:
-  #         node-version: 16
+  #         node-version: 18
   #         cache: 'yarn'
   #         cache-dependency-path: '**/yarn.lock'
 
@@ -213,7 +213,7 @@ jobs:
       - name: Setup node/yarn
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           cache: "yarn"
           cache-dependency-path: "**/yarn.lock"
 
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -47,6 +47,14 @@
     // Exposure of sensitive information in follow-redirects
     "GHSA-74fj-2j2h-c42q",
     // Open Zeppelin: Base64 encoding may read from potentially dirty memory
-    "GHSA-9vx6-7xxf-x967"
+    "GHSA-9vx6-7xxf-x967",
+    // semver vulnerable to Regular Expression Denial of Service
+    "GHSA-c2qf-rxjj-qqgw",
+    // follow-redirects' Proxy-Authorization header kept across hosts
+    "GHSA-cxjh-pqwp-8mfp",
+    // Prototype Pollution in async
+    "GHSA-fwr7-v2mv-hh25",
+    // ws affected by a DoS when handling a request with many HTTP headers
+    "GHSA-3h5v-q93c-6h6q"
   ]
 }
diff --git a/package.json b/package.json
@@ -85,10 +85,10 @@
     "ethereum-waffle": "^4.0.10",
     "ethers": "^5.5.4",
     "hardhat": "^2.17.2",
+    "hardhat-contract-sizer": "^2.10.0",
     "hardhat-deploy": "^0.11.37",
     "hardhat-gas-reporter": "^1.0.9",
     "hardhat-ignore-warnings": "^0.2.9",
-    "hardhat-contract-sizer": "^2.10.0",
     "postinstall-postinstall": "^2.1.0",
     "prettier": "^2.5.1",
     "prettier-plugin-solidity": "^1.0.0-beta.19",
diff --git a/yarn.lock b/yarn.lock
