Skip to content

Fix Dependabot vulnerabilities#544

Merged
Rubilmax merged 6 commits intomainfrom
Rubilmax/fix-dep-vulns
Apr 10, 2026
Merged

Fix Dependabot vulnerabilities#544
Rubilmax merged 6 commits intomainfrom
Rubilmax/fix-dep-vulns

Conversation

@Rubilmax
Copy link
Copy Markdown
Collaborator

@Rubilmax Rubilmax commented Apr 10, 2026

Summary

  • update direct dependencies and root pnpm overrides to patched versions for all current Dependabot advisories
  • replace the old Hardhat-based compile path with a shared solc compiler script so the unpatchable Hardhat 2 / elliptic subtree is removed entirely
  • pin @velora-dex/sdk to 9.4.2 and avoid the compromised 9.4.1 release

Validation

  • pnpm install
  • pnpm audit --json
  • pnpm --filter @morpho-org/blue-sdk-viem compile
  • pnpm --filter @morpho-org/liquidation-sdk-viem compile
  • pnpm exec biome check package.json packages//package.json scripts/compile-solidity.js packages/blue-sdk-viem/src/queries/**/.ts packages/liquidation-sdk-viem/test/contracts/SwapMock.ts

Notes

  • GitHub still reports the Dependabot alerts on the default branch today; they should clear after this branch is merged and the repo is rescanned.

@Rubilmax Rubilmax self-assigned this Apr 10, 2026
Foulks-Plb
Foulks-Plb previously approved these changes Apr 10, 2026
View reviewed changes
@Rubilmax Rubilmax merged commit 49587cb into main Apr 10, 2026
16 checks passed
@Rubilmax Rubilmax deleted the Rubilmax/fix-dep-vulns branch April 10, 2026 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oumar-fall oumar-fall oumar-fall approved these changes

@Foulks-Plb Foulks-Plb Foulks-Plb approved these changes

Assignees

@Rubilmax Rubilmax

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Rubilmax @oumar-fall @Foulks-Plb