Skip to content

Commit 618c374

Browse files
georgewrmarshallgeorgewrmarshall
authored
fix: socket security vulnerabilities (#468)
## **Description** This PR addresses critical security vulnerabilities identified by Socket Security scanning tool, particularly focusing on the critical and high issues that aren't supply chain attacks, which we are protected against by lavamoat ## **Related issues** Fixes: #467 ## **Manual testing steps** 1. Go to the [Socket Report](https://socket.dev/dashboard/org/MetaMask/sbom/8cbf5ef7-aad0-4b7b-8e49-3659e293bda1?action=error%2Cmonitor%2Cwarn) 2. Check that the versions that have been updated in the resolutions section address versions with vulnerabilities ## **Screenshots/Recordings** Vulnerabilities addressed <img width="1260" alt="Screenshot 2025-03-06 at 2 56 59 PM" src="https://github.com/user-attachments/assets/bd3524d7-89d5-4968-8928-dd26e182c2dc" /> <img width="1211" alt="Screenshot 2025-03-06 at 3 16 05 PM" src="https://github.com/user-attachments/assets/0b09323b-1243-4a7a-b143-e15317e612d0" /> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (security, dependencies) ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. ``` Would you like me to make any adjustments to this PR description?
1 parent 69db7da commit 618c374

File tree

2 files changed

+582
-568
lines changed

2 files changed

+582
-568
lines changed

package.json

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,17 @@
4646
"pre-push": "yarn lint"
4747
},
4848
"resolutions": {
49+
"minimist": "1.2.8",
50+
"plist": "3.0.5",
51+
"@xmldom/xmldom": "0.7.7",
52+
"@babel/traverse": "7.25.9",
53+
"simple-plist": "1.3.1",
54+
"shell-quote": "1.7.3",
55+
"cross-spawn": "7.0.5",
56+
"node-fetch": "3.1.1",
57+
"json5": "2.2.2",
58+
"merge": "2.1.1",
59+
"semver": "7.5.2",
4960
"braces": "^3.0.3",
5061
"[email protected]": "^6.5.7",
5162
"fast-xml-parser@^4.3.4": "^4.4.1",

0 commit comments

Comments
 (0)