fix: deep dependency CVEs

Author: roderik

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22.13.0 AS build
+FROM node:22.13.1 AS build
 
 COPY --from=oven/bun:1.2.0-debian --chmod=0777 /usr/local/bin/bun /bin/bun
 ENV BUN_RUNTIME_TRANSPILER_CACHE_PATH=0

lib/forge-std/foundry.toml

@@ -1,5 +1,7 @@
 [profile.default]
 fs_permissions = [{ access = "read-write", path = "./"}]
+optimizer = true
+optimizer_runs = 200
 
 [rpc_endpoints]
 # The RPC URLs are modified versions of the default for testing initialization.

lib/forge-std/src/StdChains.sol

@@ -250,6 +250,30 @@ abstract contract StdChains {
         setChainWithDefaultRpcUrl(
             "flare_coston2", ChainData("Flare Coston2", 114, "https://coston2-api.flare.network/ext/C/rpc")
         );
+
+        setChainWithDefaultRpcUrl("mode", ChainData("Mode", 34443, "https://mode.drpc.org"));
+        setChainWithDefaultRpcUrl("mode_sepolia", ChainData("Mode Sepolia", 919, "https://sepolia.mode.network"));
+
+        setChainWithDefaultRpcUrl("zora", ChainData("Zora", 7777777, "https://zora.drpc.org"));
+        setChainWithDefaultRpcUrl(
+            "zora_sepolia", ChainData("Zora Sepolia", 999999999, "https://sepolia.rpc.zora.energy")
+        );
+
+        setChainWithDefaultRpcUrl("race", ChainData("Race", 6805, "https://racemainnet.io"));
+        setChainWithDefaultRpcUrl("race_sepolia", ChainData("Race Sepolia", 6806, "https://racemainnet.io"));
+
+        setChainWithDefaultRpcUrl("metal", ChainData("Metal", 1750, "https://metall2.drpc.org"));
+        setChainWithDefaultRpcUrl("metal_sepolia", ChainData("Metal Sepolia", 1740, "https://testnet.rpc.metall2.com"));
+
+        setChainWithDefaultRpcUrl("binary", ChainData("Binary", 624, "https://rpc.zero.thebinaryholdings.com"));
+        setChainWithDefaultRpcUrl(
+            "binary_sepolia", ChainData("Binary Sepolia", 625, "https://rpc.zero.thebinaryholdings.com")
+        );
+
+        setChainWithDefaultRpcUrl("orderly", ChainData("Orderly", 291, "https://rpc.orderly.network"));
+        setChainWithDefaultRpcUrl(
+            "orderly_sepolia", ChainData("Orderly Sepolia", 4460, "https://testnet-rpc.orderly.org")
+        );
     }
 
     // set chain info, with priority to chainAlias' rpc url in foundry.toml

lib/forge-std/test/StdChains.t.sol

@@ -203,13 +203,13 @@ contract StdChainsTest is Test {
         setChain("custom_chain", ChainData("Custom Chain", 123456789, "https://custom.chain/"));
         assertEq(getChain(123456789).chainId, 123456789);
 
-        setChain("custom_chain", ChainData("Modified Chain", 999999999, "https://modified.chain/"));
+        setChain("custom_chain", ChainData("Modified Chain", 9999999999999999999, "https://modified.chain/"));
         vm.expectRevert("StdChains getChain(uint256): Chain with ID 123456789 not found.");
         stdChainsMock.exposed_getChain(123456789);
 
-        Chain memory modifiedChain = getChain(999999999);
+        Chain memory modifiedChain = getChain(9999999999999999999);
         assertEq(modifiedChain.name, "Modified Chain");
-        assertEq(modifiedChain.chainId, 999999999);
+        assertEq(modifiedChain.chainId, 9999999999999999999);
         assertEq(modifiedChain.rpcUrl, "https://modified.chain/");
     }
 

package.json

@@ -63,7 +63,10 @@
     "@graphprotocol/graph-ts": "0.37.0",
     "elliptic": "6.6.1",
     "ws": "8.18.0",
-    "adm-zip": "0.5.16"
+    "adm-zip": "0.5.16",
+    "cross-spawn": "7.0.5",
+    "semver": "7.5.2",
+    "undici": "7.3.0"
   },
   "trustedDependencies": [
     "canvas",