fix(chore): gRPC Memory Allocation Vulnerability#6902
Conversation
8592176 to
9831801
Compare
9831801 to
0804158
Compare
11a8081
0804158 to
11a8081
Compare
11a8081 to
a2b4fe1
Compare
b416609 to
4b9d17b
Compare
|
This PR was temporarily closed because I accidentally pushed the wrong head. I've now pushed the correct head with the latest changes and reopened the PR. |
Could you rebase your PR? |
fix gRPC Memory Allocation Vulnerability Ticket: DX-1515
4b9d17b to
3b9aee3
Compare
updated yarn.lock file |
Yes, I've verified that none of the packages being upgraded in this PR are affected by the recent NPM supply chain attacks. I cross-checked them against the known vulnerable packages listed in the following reports: |
Updated @hashgraph/sdk from version 2.29.0 to 2.72.0 to use a patched version of @grpc/grpc-js that fixes the memory allocation vulnerability.
Added a resolution override for @grpc/grpc-js in the root package.json to ensure all dependencies use the patched version (^1.12.6).
Ticket: DX-1515