updates to help with security vulnerabilities in packages (#468)

* updates to help with secutiry vulnerabilities in packages

* updates for local run

* updated node to 18.19 & reverted other changes

* removed esbuild

* updated knex + pg to help resolve knex connection issue

* updated the acquireConnectionTimeout to 30s

* fixed docker-compose-prod

* removed extra file

* removed unused packages

* removed more packages

* updated crypro-js to help with the critical vulnerability

Author: farhanW3

Dockerfile

@@ -1,9 +1,12 @@
-FROM node:18.15.0-alpine AS base
+FROM node:18.19-alpine AS base
 
 # Install tini & build dependencies
 RUN apk add --no-cache tini && \
     apk --no-cache --virtual build-dependencies add g++ make py3-pip openssl
 
+# Upgrade packages
+RUN apk update && apk upgrade
+
 # Set the working directory
 WORKDIR /app
 
@@ -59,11 +62,14 @@ RUN apk --no-cache --virtual build-dependencies add g++ make py3-pip && \
     yarn install --production=true --frozen-lockfile --network-timeout 1000000 && \
     apk del build-dependencies
 
+# Upgrade packages
+RUN apk update && apk upgrade
+
 ##############################
 ##############################
 
 # Production stage
-FROM node:18.15.0-alpine AS prod
+FROM node:18.19-alpine AS prod
 
 # Setting ENV variables for image information
 ARG ENGINE_VERSION

docker-compose-infra.yml

@@ -20,18 +20,5 @@ services:
           cpus: "2"
           memory: 2G
 
-  pgadmin:
-    container_name: pgadmin4_container
-    image: dpage/pgadmin4
-    restart: always
-    environment:
-      PGADMIN_DEFAULT_EMAIL: admin@admin.com
-      PGADMIN_DEFAULT_PASSWORD: root
-    ports:
-      - 5050:80
-    volumes:
-      - pgadmin:/var/lib/pgadmin
-
 volumes:
   psql_db:
-  pgadmin:

docker-compose.yml

@@ -16,18 +16,6 @@ services:
           cpus: "2"
           memory: 2G
 
-  pgadmin:
-    container_name: pgadmin4_container
-    image: dpage/pgadmin4
-    restart: always
-    environment:
-      PGADMIN_DEFAULT_EMAIL: admin@admin.com
-      PGADMIN_DEFAULT_PASSWORD: root
-    ports:
-      - "5050:80"
-    volumes:
-      - pgadmin:/var/lib/pgadmin
-
   engine:
     build:
       dockerfile: Dockerfile
@@ -50,4 +38,3 @@ services:
 
 volumes:
   db_data:
-  pgadmin:

package.json

@@ -31,7 +31,6 @@
   "dependencies": {
     "@aws-sdk/client-kms": "^3.398.0",
     "@fastify/cookie": "^8.3.0",
-    "@fastify/cors": "^8.2.1",
     "@fastify/express": "^2.3.0",
     "@fastify/swagger": "^8.9.0",
     "@fastify/type-provider-typebox": "^3.2.0",
@@ -40,9 +39,9 @@
     "@prisma/client": "5.2.0",
     "@sinclair/typebox": "^0.31.28",
     "@t3-oss/env-core": "^0.6.0",
-    "@thirdweb-dev/auth": "^4.1.27",
+    "@thirdweb-dev/auth": "^4.1.47",
     "@thirdweb-dev/chains": "^0.1.77",
-    "@thirdweb-dev/sdk": "^4.0.46-nightly-3e7f9cb94-20240314012159",
+    "@thirdweb-dev/sdk": "^4.0.49",
     "@thirdweb-dev/service-utils": "0.4.17",
     "@thirdweb-dev/wallets": "2.4.17",
     "@types/base-64": "^1.0.2",
@@ -52,56 +51,44 @@
     "cookie-parser": "^1.4.6",
     "copyfiles": "^2.4.1",
     "cron-parser": "^4.9.0",
-    "crypto-js": "^4.1.1",
+    "crypto-js": "^4.2.0",
     "dotenv": "^16.0.3",
     "ethers": "5",
-    "ethers-aws-kms-signer": "^1.3.2",
-    "ethers-gcp-kms-signer": "^1.1.6",
     "fastify": "^4.15.0",
     "fastify-plugin": "^4.5.0",
     "http-status-codes": "^2.2.0",
-    "knex": "^2.4.2",
+    "knex": "^3.1.0",
+    "mnemonist": "^0.39.8",
     "node-cron": "^3.0.2",
-    "p-queue": "^7.3.4",
-    "pg": "^8.11.0",
+    "pg": "^8.11.3",
     "pino": "^8.15.1",
     "pino-pretty": "^10.0.0",
     "prisma": "^5.2.0",
     "thirdweb": "^5.0.0-beta-ca68bc77e74f594360b4da1e9e77793b66cfb12a-20240323045412",
-    "uuidv4": "^6.2.13",
+    "uuid": "^9.0.1",
     "viem": "^1.14.0",
     "zod": "^3.21.4"
   },
   "devDependencies": {
-    "@nomiclabs/hardhat-ethers": "^2.2.3",
-    "@swc/core": "^1.3.41",
-    "@types/autocannon": "^7.9.1",
     "@types/cli-progress": "^3.11.3",
     "@types/cookie": "^0.5.1",
-    "@types/crypto-js": "^4.1.2",
+    "@types/crypto-js": "^4.2.2",
     "@types/express": "^4.17.17",
     "@types/jest": "^29.5.11",
     "@types/node": "^18.15.4",
     "@types/node-cron": "^3.0.8",
     "@types/pg": "^8.6.6",
-    "@types/supertest": "^2.0.12",
     "@types/uuid": "^9.0.1",
     "@types/ws": "^8.5.5",
     "@typescript-eslint/eslint-plugin": "^5.55.0",
     "@typescript-eslint/parser": "^5.55.0",
-    "autocannon": "^7.12.0",
-    "chalk": "^5.3.0",
-    "cli-progress": "^3.12.0",
     "commander": "^11.0.0",
     "eslint": "^8.36.0",
     "eslint-config-prettier": "^8.7.0",
-    "hardhat": "^2.1.2",
     "jest": "^29.7.0",
     "nodemon": "^2.0.21",
     "openapi-typescript-codegen": "^0.25.0",
     "prettier": "^2.8.7",
-    "prompts": "^2.4.2",
-    "supertest": "^6.3.3",
     "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",
     "typescript": "^5.1.3"

src/db/client.ts

@@ -19,7 +19,7 @@ export const knex = pg({
       rejectUnauthorized: false,
     },
   },
-  acquireConnectionTimeout: 10000,
+  acquireConnectionTimeout: 30000,
 } as Knex.Config);
 
 export const isDatabaseHealthy = async (): Promise<boolean> => {

src/db/transactions/queueTxRaw.ts

@@ -1,5 +1,5 @@
 import type { Prisma, Transactions } from "@prisma/client";
-import { uuid } from "uuidv4";
+import { v4 as uuid } from "uuid";
 import { PrismaTransaction } from "../../schema/prisma";
 import { TransactionStatusEnum } from "../../server/schemas/transaction";
 import { simulateTx } from "../../server/utils/simulateTx";

src/server/middleware/auth.ts

@@ -36,6 +36,9 @@ const authWithApiServer = async (jwt: string, domain: string) => {
   let user: User<Json> | null = null;
   try {
     user = await authenticateJWT({
+      clientOptions: {
+        secretKey: env.THIRDWEB_API_SECRET_KEY,
+      },
       wallet: {
         type: "evm",
         getAddress: async () => "0x016757dDf2Ab6a998a4729A80a091308d9059E17",

src/server/middleware/cors/vary.ts

@@ -1,5 +1,3 @@
-"use strict";
-
 import { FastifyReply } from "fastify";
 import LRUCache from "mnemonist/lru-cache";
 

src/server/routes/backend-wallet/sendTransactionBatch.ts

@@ -1,7 +1,7 @@
 import { Static, Type } from "@sinclair/typebox";
 import { FastifyInstance } from "fastify";
 import { StatusCodes } from "http-status-codes";
-import { v4 as uuidv4 } from "uuid";
+import { v4 } from "uuid";
 import { prisma } from "../../../db/client";
 import { standardResponseSchema } from "../../schemas/sharedApiSchemas";
 import { walletHeaderSchema } from "../../schemas/wallet";
@@ -64,10 +64,10 @@ export async function sendTransactionBatch(fastify: FastifyInstance) {
         request.headers as Static<typeof walletHeaderSchema>;
       const chainId = await getChainIdFromChain(chain);
 
-      const groupId = uuidv4();
+      const groupId = v4();
       const data = txs.map((tx) => ({
         groupId,
-        id: uuidv4(),
+        id: v4(),
         chainId: chainId.toString(),
         fromAddress: fromAddress.toLowerCase(),
         toAddress: tx.toAddress?.toLowerCase(),