Description:
In base-x 4.0.0 there is a high vulnerability where attackers can deceive users into sending funds to an unintended address.
We forced 4.0.1 in our resolutions but we get a yarn warning because Alephium is set to use a specific version, 4.0.0.
Is it possible to upgrade base-x@4.0.0 to base-x@4.0.1 ?
Environment:
alephium/web3: 2.0.10 (latest version)
Node.js: >= 22
Reproduction:
- Install alephium/web3 in a project
- Run dependency audit (e.g., yarn audit or npm audit )
- Check security advisories related to base-x
Patch for base-x:
https://github.com/cryptocoinjs/base-x/tree/v4.0.1
cryptocoinjs/base-x#86
Description:
In
base-x 4.0.0there is a high vulnerability where attackers can deceive users into sending funds to an unintended address.We forced 4.0.1 in our resolutions but we get a yarn warning because Alephium is set to use a specific version, 4.0.0.
Is it possible to upgrade base-x@4.0.0 to base-x@4.0.1 ?
Environment:
alephium/web3: 2.0.10 (latest version)
Node.js: >= 22
Reproduction:
Patch for base-x:
https://github.com/cryptocoinjs/base-x/tree/v4.0.1
cryptocoinjs/base-x#86