Swap out ethereumjs-abi for @metamask/abi-utils#273
Conversation
package.json
Outdated
| } | ||
| }, | ||
| "resolutions": { | ||
| "@metamask/abi-utils": "portal:/Users/morten/Development/MetaMask/abi-utils" |
There was a problem hiding this comment.
This is temporary while waiting on a new release of abi-utils.
e868fd0 to
0e6a7bd
Compare
|
New dependency changes detected. Learn more about Socket for GitHub ↗︎ 🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again. Bot CommandsTo ignore an alert, reply with a comment starting with
|
| Package | Location | Source |
|---|---|---|
| @metamask/utils@3.6.0 (added) | package.json | package.json via @metamask/abi-utils@1.2.0 |
| superstruct@1.0.3 (added) | package.json | package.json via @metamask/abi-utils@1.2.0, @metamask/utils@3.6.0 |
⚠️ Unmaintained
Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed.
Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.
| Package | Last Publish Date | Source |
|---|---|---|
| @types/debug@4.1.7 (added) | 7/24/2021, 8:01:42 AM | package.json via @metamask/abi-utils@1.2.0, @metamask/utils@3.6.0 |
| @types/ms@0.7.31 (added) | 9/4/2019, 8:48:44 PM | package.json via @metamask/abi-utils@1.2.0, @metamask/utils@3.6.0 |
Pull request alert summary
| Issue | Status |
|---|---|
| Critical CVE | ✅ 0 issues |
| CVE | ✅ 0 issues |
| Mild CVE | ✅ 0 issues |
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script confusion | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Filesystem access | ✅ 0 issues |
| Network access | ✅ 0 issues |
| Shell access | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| GitHub dependency | ✅ 0 issues |
| No bug tracker | ✅ 0 issues |
| No contributors or author data | |
| No README | ✅ 0 issues |
| Deprecated | ✅ 0 issues |
| New author | ✅ 0 issues |
| Unstable ownership | ✅ 0 issues |
| Non-existent author | ✅ 0 issues |
| Unmaintained | |
| Unpublished package | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
| AI detected security risk | ✅ 0 issues |
| AI warning | ✅ 0 issues |
📊 Modified Dependency Overview:
| ➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|
| @metamask/utils@3.6.0 | None | +3 |
metamaskbot |
| @metamask/abi-utils@1.2.0 | None | +4 |
metamaskbot |
🚮 Removed packages: bn.js@4.12.0
ethereumjs-abi for abi-utilsethereumjs-abi for @metamask/abi-utils
6e224f5 to
b0f0f70
Compare
This removes the inlined
ethereumjs-abipackage in favour of@metamask/abi-utils. That also means that we can get rid of theBN.jsdependency.It's still a work in progress. The
abi-utilslibrary is much more strict thanethereumjs-abi, so a lot of values are failing to encode right now. There also seems to be a difference in signatures for certain values, which I have yet to figure out.