Commit 58f8656
committed
fix(deps): surgical yarn.lock fix for scrypt-shim malware
Replace malicious `scrypt-shim@github:web3-js/scrypt-shim` (MAL-2022-5972)
resolved from codeload.github.com with the npm security placeholder
`0.0.1-security` in solidity/ecdsa and solidity/random-beacon yarn.lock
files.
Restores lock files to main-branch state (valid npm registry references)
to fix the CI SSH auth failure caused by the previous regenerated lock
files containing git+ssh:// references to private repos.
Also removes the `resolutions: web3-eth-accounts` field from both
package.json files — it was not compatible with --frozen-lockfile CI.1 parent 8e58bb7 commit 58f8656
4 files changed
Lines changed: 2949 additions & 2732 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
80 | 80 | | |
81 | 81 | | |
82 | 82 | | |
83 | | - | |
84 | | - | |
85 | | - | |
86 | 83 | | |
87 | 84 | | |
88 | 85 | | |
| |||
0 commit comments