[Snyk] Fix for 7 vulnerabilities

[kalbroni7]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	211/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 4, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 9.79, Likelihood: 2.15, Score Version: V5	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-8186838	Yes	No Known Exploit
	217/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 4, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 10.1, Likelihood: 2.15, Score Version: V5	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-8186889	Yes	No Known Exploit
	224/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 68, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.59, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	Yes	Proof of Concept
	224/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 68, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.59, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	Yes	Proof of Concept
	224/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 68, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 8.63, Likelihood: 2.59, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	Yes	Proof of Concept
	130/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 11, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 1.84, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	170/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 6, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @taquito/taquito

The new version differs by 250 commits.

• 47944c7 chore(releng) bump version to 20.1.0
• ccdb0db chore: satisfy lerna
• 5300ba8 chore(releng) bump version to 20.1.0-RC.0
• f903ced chore: dependencies update and trigger cloudflare rerun
• 6397b72 chore: mostly dependencies update and clean up console.log in test-dapp
• 4c1d0f7 fix: revert to getActiveAccount in beaconwallet and fix dapp and website. Also add mock in unit test
• a706929 Merge branch 'master' of https://github.com/ecadlabs/taquito
• ffb18df Update deps 20240917 (#3052)
• 1eeb03b fix: adding export for SmartRollupExecuteOutboxMessageParams (#3031)
• 903169d Merge branch 'master' of https://github.com/ecadlabs/taquito
• 2b056be fix: upgrade firebase from 10.12.4 to 10.13.0 (#3043)
• 4a449e8 Dependencies 20240905 (#3038)
• b5cd507 Housekeeping0904 (#3033)
• e45286c Merge branch 'master' of https://github.com/ecadlabs/taquito
• 586cab4 Chore: update all dependencies (#3018)
• c5e277c Tzip 32 update (#3016)
• 42a5799 Merge branch 'master' of https://github.com/ecadlabs/taquito
• 4229891 fix: add baker_own_stake to FrozenStaker (#3000)
• 0771a97 removed netlify refs (#3012)
• 6d0715c added transfer ticket to the wallet API and updated integration tests (#3003)
• bb06ee6 2879 tzip32 doc (#2994)
• 22d8aea Added a section to Michelson Encoder doc about the breaking change, fixed TypeCheck method example (#3002)
• 97832fc removed flextesa integration tests from workflow (#3001)
• 166ffdb feat: replaced println with console.log in live code examples (#2999)

See the full diff

Package name: @zondax/ledger-substrate

The new version differs by 117 commits.

• 2df6241 fix: keep substrate app as it used to be (chore(deps): bump tar from 4.4.13 to 4.4.19 in /electron airgap-it/airgap-wallet#101)
• 38b931f add new GenericApp support (Downloads for desktop not deployed? airgap-it/airgap-wallet#100)
• 6b1479e Merge pull request feat(rsk): RSK Protocol & ERC20  airgap-it/airgap-wallet#99 from Zondax/addavail
• 0a589ef Add avail
• 21f0170 Merge pull request [Feature Request] Pin/Biometric auth support airgap-it/airgap-wallet#98 from CertainLach/feature/unique-chains
• 983bcc7 feat: add quartz network
• eac4516 fix: use new slip-44 identifier for Unique
• 8db661a Merge pull request [Feature Request] Support GBP balance airgap-it/airgap-wallet#97 from leonardocustodio/patch-1
• 7974f4d Update supported_apps.ts
• 2ddb00d Update legacy_apps.ts
• a2e5f62 Update legacy_apps.ts
• 0a1a0e7 Add Enjin & Matrix
• 69ab4c9 Merge pull request 7 airgap-it/airgap-wallet#94 from Zondax/fixup
• 6b35a08 missing ins
• 947c31b Merge pull request 2 airgap-it/airgap-wallet#92 from Zondax/dev
• 303519e add joystream support
• 24c127e add signRaw method
• 07bc6c4 improve typings
• cf74ff7 fix AppDoesNotSeemToBeOpen error code
• 2310e36 fix some eslint warnings
• 6c3f792 update tests
• 954dacb run prettier
• cbbb9a9 remove cli
• 855edbf update deps and prettier config

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access of Resource Using Incompatible Type ('Type Confusion')

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@airgap/[email protected]	None	+17	8.03 MB	papers_ch
npm/@keystonehq/[email protected]	environment	+9	3.55 MB	soralit
npm/@taquito/[email protected]	filesystem Transitive: network	+30	13.6 MB	hui-an.yang
npm/@zondax/[email protected]	Transitive: filesystem, network	+2	2.31 MB	jleni
npm/[email protected]	environment, filesystem, shell	+1	3.09 MB	electron-nightly

🚮 Removed packages: npm/@airgap/[email protected], npm/@keystonehq/[email protected], npm/@taquito/[email protected], npm/@zondax/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎