Skip to content

Commit ff331fd

Browse files
authored
updates to help with security vulnerabilities in packages (#468)
* updates to help with secutiry vulnerabilities in packages * updates for local run * updated node to 18.19 & reverted other changes * removed esbuild * updated knex + pg to help resolve knex connection issue * updated the acquireConnectionTimeout to 30s * fixed docker-compose-prod * removed extra file * removed unused packages * removed more packages * updated crypro-js to help with the critical vulnerability
1 parent 5101c23 commit ff331fd

File tree

10 files changed

+269
-3126
lines changed

10 files changed

+269
-3126
lines changed

Dockerfile

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,12 @@
1-
FROM node:18.15.0-alpine AS base
1+
FROM node:18.19-alpine AS base
22

33
# Install tini & build dependencies
44
RUN apk add --no-cache tini && \
55
apk --no-cache --virtual build-dependencies add g++ make py3-pip openssl
66

7+
# Upgrade packages
8+
RUN apk update && apk upgrade
9+
710
# Set the working directory
811
WORKDIR /app
912

@@ -59,11 +62,14 @@ RUN apk --no-cache --virtual build-dependencies add g++ make py3-pip && \
5962
yarn install --production=true --frozen-lockfile --network-timeout 1000000 && \
6063
apk del build-dependencies
6164

65+
# Upgrade packages
66+
RUN apk update && apk upgrade
67+
6268
##############################
6369
##############################
6470

6571
# Production stage
66-
FROM node:18.15.0-alpine AS prod
72+
FROM node:18.19-alpine AS prod
6773

6874
# Setting ENV variables for image information
6975
ARG ENGINE_VERSION

docker-compose-infra.yml

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -20,18 +20,5 @@ services:
2020
cpus: "2"
2121
memory: 2G
2222

23-
pgadmin:
24-
container_name: pgadmin4_container
25-
image: dpage/pgadmin4
26-
restart: always
27-
environment:
28-
PGADMIN_DEFAULT_EMAIL: admin@admin.com
29-
PGADMIN_DEFAULT_PASSWORD: root
30-
ports:
31-
- 5050:80
32-
volumes:
33-
- pgadmin:/var/lib/pgadmin
34-
3523
volumes:
3624
psql_db:
37-
pgadmin:

docker-compose.yml

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,6 @@ services:
1616
cpus: "2"
1717
memory: 2G
1818

19-
pgadmin:
20-
container_name: pgadmin4_container
21-
image: dpage/pgadmin4
22-
restart: always
23-
environment:
24-
PGADMIN_DEFAULT_EMAIL: admin@admin.com
25-
PGADMIN_DEFAULT_PASSWORD: root
26-
ports:
27-
- "5050:80"
28-
volumes:
29-
- pgadmin:/var/lib/pgadmin
30-
3119
engine:
3220
build:
3321
dockerfile: Dockerfile
@@ -50,4 +38,3 @@ services:
5038

5139
volumes:
5240
db_data:
53-
pgadmin:

package.json

Lines changed: 8 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@
3131
"dependencies": {
3232
"@aws-sdk/client-kms": "^3.398.0",
3333
"@fastify/cookie": "^8.3.0",
34-
"@fastify/cors": "^8.2.1",
3534
"@fastify/express": "^2.3.0",
3635
"@fastify/swagger": "^8.9.0",
3736
"@fastify/type-provider-typebox": "^3.2.0",
@@ -40,9 +39,9 @@
4039
"@prisma/client": "5.2.0",
4140
"@sinclair/typebox": "^0.31.28",
4241
"@t3-oss/env-core": "^0.6.0",
43-
"@thirdweb-dev/auth": "^4.1.27",
42+
"@thirdweb-dev/auth": "^4.1.47",
4443
"@thirdweb-dev/chains": "^0.1.77",
45-
"@thirdweb-dev/sdk": "^4.0.46-nightly-3e7f9cb94-20240314012159",
44+
"@thirdweb-dev/sdk": "^4.0.49",
4645
"@thirdweb-dev/service-utils": "0.4.17",
4746
"@thirdweb-dev/wallets": "2.4.17",
4847
"@types/base-64": "^1.0.2",
@@ -52,56 +51,44 @@
5251
"cookie-parser": "^1.4.6",
5352
"copyfiles": "^2.4.1",
5453
"cron-parser": "^4.9.0",
55-
"crypto-js": "^4.1.1",
54+
"crypto-js": "^4.2.0",
5655
"dotenv": "^16.0.3",
5756
"ethers": "5",
58-
"ethers-aws-kms-signer": "^1.3.2",
59-
"ethers-gcp-kms-signer": "^1.1.6",
6057
"fastify": "^4.15.0",
6158
"fastify-plugin": "^4.5.0",
6259
"http-status-codes": "^2.2.0",
63-
"knex": "^2.4.2",
60+
"knex": "^3.1.0",
61+
"mnemonist": "^0.39.8",
6462
"node-cron": "^3.0.2",
65-
"p-queue": "^7.3.4",
66-
"pg": "^8.11.0",
63+
"pg": "^8.11.3",
6764
"pino": "^8.15.1",
6865
"pino-pretty": "^10.0.0",
6966
"prisma": "^5.2.0",
7067
"thirdweb": "^5.0.0-beta-ca68bc77e74f594360b4da1e9e77793b66cfb12a-20240323045412",
71-
"uuidv4": "^6.2.13",
68+
"uuid": "^9.0.1",
7269
"viem": "^1.14.0",
7370
"zod": "^3.21.4"
7471
},
7572
"devDependencies": {
76-
"@nomiclabs/hardhat-ethers": "^2.2.3",
77-
"@swc/core": "^1.3.41",
78-
"@types/autocannon": "^7.9.1",
7973
"@types/cli-progress": "^3.11.3",
8074
"@types/cookie": "^0.5.1",
81-
"@types/crypto-js": "^4.1.2",
75+
"@types/crypto-js": "^4.2.2",
8276
"@types/express": "^4.17.17",
8377
"@types/jest": "^29.5.11",
8478
"@types/node": "^18.15.4",
8579
"@types/node-cron": "^3.0.8",
8680
"@types/pg": "^8.6.6",
87-
"@types/supertest": "^2.0.12",
8881
"@types/uuid": "^9.0.1",
8982
"@types/ws": "^8.5.5",
9083
"@typescript-eslint/eslint-plugin": "^5.55.0",
9184
"@typescript-eslint/parser": "^5.55.0",
92-
"autocannon": "^7.12.0",
93-
"chalk": "^5.3.0",
94-
"cli-progress": "^3.12.0",
9585
"commander": "^11.0.0",
9686
"eslint": "^8.36.0",
9787
"eslint-config-prettier": "^8.7.0",
98-
"hardhat": "^2.1.2",
9988
"jest": "^29.7.0",
10089
"nodemon": "^2.0.21",
10190
"openapi-typescript-codegen": "^0.25.0",
10291
"prettier": "^2.8.7",
103-
"prompts": "^2.4.2",
104-
"supertest": "^6.3.3",
10592
"ts-jest": "^29.1.1",
10693
"ts-node": "^10.9.1",
10794
"typescript": "^5.1.3"

src/db/client.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ export const knex = pg({
1919
rejectUnauthorized: false,
2020
},
2121
},
22-
acquireConnectionTimeout: 10000,
22+
acquireConnectionTimeout: 30000,
2323
} as Knex.Config);
2424

2525
export const isDatabaseHealthy = async (): Promise<boolean> => {

src/db/transactions/queueTxRaw.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import type { Prisma, Transactions } from "@prisma/client";
2-
import { uuid } from "uuidv4";
2+
import { v4 as uuid } from "uuid";
33
import { PrismaTransaction } from "../../schema/prisma";
44
import { TransactionStatusEnum } from "../../server/schemas/transaction";
55
import { simulateTx } from "../../server/utils/simulateTx";

src/server/middleware/auth.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,9 @@ const authWithApiServer = async (jwt: string, domain: string) => {
3636
let user: User<Json> | null = null;
3737
try {
3838
user = await authenticateJWT({
39+
clientOptions: {
40+
secretKey: env.THIRDWEB_API_SECRET_KEY,
41+
},
3942
wallet: {
4043
type: "evm",
4144
getAddress: async () => "0x016757dDf2Ab6a998a4729A80a091308d9059E17",

src/server/middleware/cors/vary.ts

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,3 @@
1-
"use strict";
2-
31
import { FastifyReply } from "fastify";
42
import LRUCache from "mnemonist/lru-cache";
53

src/server/routes/backend-wallet/sendTransactionBatch.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import { Static, Type } from "@sinclair/typebox";
22
import { FastifyInstance } from "fastify";
33
import { StatusCodes } from "http-status-codes";
4-
import { v4 as uuidv4 } from "uuid";
4+
import { v4 } from "uuid";
55
import { prisma } from "../../../db/client";
66
import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
77
import { walletHeaderSchema } from "../../schemas/wallet";
@@ -64,10 +64,10 @@ export async function sendTransactionBatch(fastify: FastifyInstance) {
6464
request.headers as Static<typeof walletHeaderSchema>;
6565
const chainId = await getChainIdFromChain(chain);
6666

67-
const groupId = uuidv4();
67+
const groupId = v4();
6868
const data = txs.map((tx) => ({
6969
groupId,
70-
id: uuidv4(),
70+
id: v4(),
7171
chainId: chainId.toString(),
7272
fromAddress: fromAddress.toLowerCase(),
7373
toAddress: tx.toAddress?.toLowerCase(),

0 commit comments

Comments
 (0)