Update keypairs.mdx

[RandyPen]

Description

Update Doc

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sui-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 4, 2024 5:00pm

[vercel]

@RandyPen is attempting to deploy a commit to the Mysten Labs Team on Vercel.

A member of the Team first needs to authorize it.

[hayes-mysten]

thanks!

[semgrep-code-mystenlabs]

Semgrep found 1 ssc-5a557c33-4191-4714-a574-8efb44cf209b finding:

• pnpm-lock.yaml
  • L16887

Risk: Affected version of get-func-name is vulnerable to Uncontrolled Resource Consumption / Inefficient Regular Expression Complexity. The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks.

Fix: Upgrade this library to at least version 2.0.1 at sui/pnpm-lock.yaml:16887.

Reference(s): GHSA-4q6p-r6v2-jvc5, CVE-2023-43646

_{Ignore this finding from ssc-5a557c33-4191-4714-a574-8efb44cf209b.}

Semgrep found 3 ssc-efa14576-9601-4ae6-939c-3da58aa25013 findings:

• examples/trading/frontend/pnpm-lock.yaml
  • L4700
• pnpm-lock.yaml
  • L25740
  • L25777

Risk: Affected versions of vite are vulnerable to Improper Handling Of Case Sensitivity / Exposure Of Sensitive Information To An Unauthorized Actor / Improper Access Control. The vulnerability arises when the Vite development server's option, server.fs.deny, can be circumvented on case-insensitive file systems through the utilization of case-augmented versions of filenames, as the matcher derived from config.server.fs.deny fails to prevent access to sensitive files when raw filesystem paths are requested with augmented casing.

Manual Review Advice: A vulnerability from this advisory is reachable if you host vite's development server on Windows, and you rely on server.fs.deny to deny access to certain files

Fix: Upgrade this library to at least version 4.5.2 at sui/examples/trading/frontend/pnpm-lock.yaml:4700.

Reference(s): GHSA-c24v-8rfc-w8vw, CVE-2023-34092, CVE-2024-23331

_{Ignore this finding from ssc-efa14576-9601-4ae6-939c-3da58aa25013.}

Semgrep found 2 ssc-aff5e8de-c638-4356-8a93-120597e35ce9 findings:

• pnpm-lock.yaml
  • L3922
  • L3940

Risk: Affected versions of @babel/traverse are vulnerable to Incomplete List Of Disallowed Inputs. An attacker can exploit a vulnerability in the internal Babel methods path.evaluate() or path.evaluateTruthy() by compiling specially crafted code, potentially resulting in arbitrary code execution during compilation.

Manual Review Advice: A vulnerability from this advisory is reachable if you use a 3rd party plugin that relies on the path.evaluate()or path.evaluateTruthy() internal Babel methods, or one of the known affected plugins (@babel/plugin-transform-runtime, Any 'polyfill provider' plugin that depends on @babel/helper-define-polyfill-provider, or @babel/preset-env when using its useBuiltIns option)

Fix: Upgrade this library to at least version 7.23.2 at sui/pnpm-lock.yaml:3940.

Reference(s): GHSA-67hx-6x53-jw92, CVE-2023-45133

_{Ignore this finding from ssc-aff5e8de-c638-4356-8a93-120597e35ce9.}