From f3fa66576ca638e2edb4d0d0e6ebf327dedfbd6b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sun, 25 Jan 2026 06:37:01 +0000
Subject: [PATCH] fix: packages/providers/onekey-cosmos-provider/package.json &
 packages/providers/onekey-cosmos-provider/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASHES-15053836
---
 .../onekey-cosmos-provider/package.json       |  2 +-
 .../onekey-cosmos-provider/yarn.lock          | 58 +++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/packages/providers/onekey-cosmos-provider/package.json b/packages/providers/onekey-cosmos-provider/package.json
index 59993d445..dffa3effc 100644
--- a/packages/providers/onekey-cosmos-provider/package.json
+++ b/packages/providers/onekey-cosmos-provider/package.json
@@ -32,7 +32,7 @@
     "@onekeyfe/cross-inpage-provider-types": "2.2.58",
     "@onekeyfe/extension-bridge-injected": "2.2.58",
     "eth-rpc-errors": "^4.0.3",
-    "lodash-es": "^4.17.21",
+    "lodash-es": "^4.17.23",
     "long": "^4.0.0",
     "mitt": "^3.0.0"
   },
diff --git a/packages/providers/onekey-cosmos-provider/yarn.lock b/packages/providers/onekey-cosmos-provider/yarn.lock
index 66ed24bc6..b617c23d6 100644
--- a/packages/providers/onekey-cosmos-provider/yarn.lock
+++ b/packages/providers/onekey-cosmos-provider/yarn.lock
@@ -2,6 +2,49 @@
 # yarn lockfile v1
 
 
+"@noble/hashes@^1.7.1":
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.8.0.tgz#cee43d801fcef9644b11b8194857695acd5f815a"
+  integrity sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==
+
+"@onekeyfe/cross-inpage-provider-core@2.2.58":
+  version "2.2.58"
+  resolved "https://registry.yarnpkg.com/@onekeyfe/cross-inpage-provider-core/-/cross-inpage-provider-core-2.2.58.tgz#0ff89823bbeeb99bb8d39e1e395ade4917c3b503"
+  integrity sha512-U+4gzFw2OtLtAmFG/eFQ4C7uJLL1ikFaJRw5lsTj0Lb1iGRhc6090NKLHSqxDkBesVJ9uUJ2ManTfQe2l+wRcA==
+  dependencies:
+    "@noble/hashes" "^1.7.1"
+    "@onekeyfe/cross-inpage-provider-errors" "2.2.58"
+    "@onekeyfe/cross-inpage-provider-events" "2.2.58"
+    "@onekeyfe/cross-inpage-provider-types" "2.2.58"
+    events "^3.3.0"
+    lodash-es "^4.17.21"
+    ms "^2.1.3"
+
+"@onekeyfe/cross-inpage-provider-errors@2.2.58":
+  version "2.2.58"
+  resolved "https://registry.yarnpkg.com/@onekeyfe/cross-inpage-provider-errors/-/cross-inpage-provider-errors-2.2.58.tgz#1cd64b1c1e9cfb8d9cd84461f4abecf17c8eb152"
+  integrity sha512-Rhho254YxpMCnSb5t9QwBzv6AqcBQXBcIXaRPP5k/ftEl54yqPQAUm0ffQq/plcrQwL5UvKRD9n2t1Tm0VuBuA==
+  dependencies:
+    fast-safe-stringify "^2.0.6"
+
+"@onekeyfe/cross-inpage-provider-events@2.2.58":
+  version "2.2.58"
+  resolved "https://registry.yarnpkg.com/@onekeyfe/cross-inpage-provider-events/-/cross-inpage-provider-events-2.2.58.tgz#6917e86a1343331750ff2d6e5d7dfeaea33900c8"
+  integrity sha512-iy9G48LVIhtnKsuQHhc0L3vY/l2oYKO+qAEBtPh4tYVIXv55OOhKhw3fonSTnvpInGZatwmBAX+LIY8bSram/g==
+
+"@onekeyfe/cross-inpage-provider-types@2.2.58":
+  version "2.2.58"
+  resolved "https://registry.yarnpkg.com/@onekeyfe/cross-inpage-provider-types/-/cross-inpage-provider-types-2.2.58.tgz#f72064490e6ce631fba36023663c0f8bc89ffbab"
+  integrity sha512-Y6wCWxXIxYSaJeq52YAbLshPz7e2CjbdOkh8GWM9/oVssQhKoInldr8MuvIVTJ6I4wyiVpuy84/YWAIW+j+yWw==
+
+"@onekeyfe/extension-bridge-injected@2.2.58":
+  version "2.2.58"
+  resolved "https://registry.yarnpkg.com/@onekeyfe/extension-bridge-injected/-/extension-bridge-injected-2.2.58.tgz#9ff53fad6c761b9724ed7aaf0fad627a8590f802"
+  integrity sha512-n9t2PYVKiE18WccbyYFHocO8gGAFPfWimTzxgX+dc8NQgPGnniUBfBU3L9owENVjIkepDIjgYzIvvCqdTmPDew==
+  dependencies:
+    "@onekeyfe/cross-inpage-provider-core" "2.2.58"
+    "@onekeyfe/cross-inpage-provider-types" "2.2.58"
+
 "@types/lodash-es@^4.17.12":
   version "4.17.12"
   resolved "https://registry.yarnpkg.com/@types/lodash-es/-/lodash-es-4.17.12.tgz#65f6d1e5f80539aa7cfbfc962de5def0cf4f341b"
@@ -26,6 +69,11 @@ eth-rpc-errors@^4.0.3:
   dependencies:
     fast-safe-stringify "^2.0.6"
 
+events@^3.3.0:
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400"
+  integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==
+
 fast-safe-stringify@^2.0.6:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884"
@@ -36,6 +84,11 @@ lodash-es@^4.17.21:
   resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.21.tgz#43e626c46e6591b7750beb2b50117390c609e3ee"
   integrity sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==
 
+lodash-es@^4.17.23:
+  version "4.17.23"
+  resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.23.tgz#58c4360fd1b5d33afc6c0bbd3d1149349b1138e0"
+  integrity sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==
+
 long@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/long/-/long-4.0.0.tgz#9a7b71cfb7d361a194ea555241c92f7468d5bf28"
@@ -45,3 +98,8 @@ mitt@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/mitt/-/mitt-3.0.0.tgz#69ef9bd5c80ff6f57473e8d89326d01c414be0bd"
   integrity sha512-7dX2/10ITVyqh4aOSVI9gdape+t9l2/8QxHrFmUXu4EEUpdlxl6RudZUPZoc+zuY2hk1j7XxVroIVIan/pD/SQ==
+
+ms@^2.1.3:
+  version "2.1.3"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==