[email protected]:Setland34/contracts.git #30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Seth J Landry <[email protected]>
Bumps the npm_and_yarn group with 10 updates in the /lib/openzeppelin-contracts directory: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `5.22.1` | `5.28.4` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [crypto-js](https://github.com/brix/crypto-js) | `3.3.0` | `4.2.0` | | [merkletreejs](https://github.com/miguelmota/merkletreejs) | `0.2.32` | `0.4.0` | | [flat](https://github.com/hughsk/flat) | `4.1.1` | `5.0.2` | | [eth-gas-reporter](https://github.com/cgewecke/eth-gas-reporter) | `0.2.25` | `0.2.27` | | [solidity-coverage](https://github.com/sc-forks/solidity-coverage) | `0.8.2` | `0.8.14` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` | Updates `undici` from 5.22.1 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.22.1...v5.28.4) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `crypto-js` from 3.3.0 to 4.2.0 - [Commits](brix/crypto-js@3.3.0...4.2.0) Updates `merkletreejs` from 0.2.32 to 0.4.0 - [Commits](https://github.com/miguelmota/merkletreejs/commits) Updates `flat` from 4.1.1 to 5.0.2 - [Release notes](https://github.com/hughsk/flat/releases) - [Commits](hughsk/flat@4.1.1...5.0.2) Updates `eth-gas-reporter` from 0.2.25 to 0.2.27 - [Release notes](https://github.com/cgewecke/eth-gas-reporter/releases) - [Changelog](https://github.com/cgewecke/eth-gas-reporter/blob/master/CHANGELOG.md) - [Commits](https://github.com/cgewecke/eth-gas-reporter/commits/v0.2.27) Updates `solidity-coverage` from 0.8.2 to 0.8.14 - [Release notes](https://github.com/sc-forks/solidity-coverage/releases) - [Changelog](https://github.com/sc-forks/solidity-coverage/blob/master/CHANGELOG.md) - [Commits](sc-forks/solidity-coverage@v0.8.2...v0.8.14) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) --- updated-dependencies: - dependency-name: undici dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: crypto-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: merkletreejs dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: flat dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eth-gas-reporter dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: solidity-coverage dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…zeppelin-contracts/npm_and_yarn-e8f91a0896
docs: add security policy document - Added security.md to outline the security policies and procedures. - Included information on how to report security vulnerabilities. Signed-off-by: Seth Landry <[email protected]>
Signed-off-by: Seth Landry <[email protected]>
Changed ReentrancyGuard.json to ReentrancyGuard.sol
Signed-off-by: Seth Landry <[email protected]>
Signed-off-by: Seth Landry <[email protected]>
Signed-off-by: Seth Landry <[email protected]>
Signed-off-by: Seth Landry <[email protected]>
Setland34
commented
Jan 8, 2025
Add SLSA Provenance Generator and Update Security Policy
Setland34
commented
Jan 10, 2025
|
@reviewer_username Could you please review this pull request? Your approval is required to merge it. Thank you! |
Setland34
commented
Jan 11, 2025
There was a problem hiding this comment.
Based on the changes identified in pull request #30, here are some example comments to review the changes:
-
Positive Feedback:
- "Great job on setting up the Ruby Gem workflow in
.github/workflows/gem-push.yml. The use ofactions/checkout@v4andruby/[email protected]looks well-configured."
- "Great job on setting up the Ruby Gem workflow in
-
Suggestions for Improvement:
- "In
.github/workflows/npm-publish.yml, consider updating thenode-versionto the latest LTS version to ensure compatibility with the latest Node.js features and security updates."
- "In
-
Code Readability and Best Practices:
- "For the
SECURITY.mdfile, it would be beneficial to add a dedicated section for external contributors outlining how they can report vulnerabilities. This will help streamline the security reporting process."
- "For the
Feel free to use or modify these comments as needed when reviewing the changes in the pull request.
Based on the context provided, here is an extended description for a change in the `cache/fuzz/failures` file in the `Setland34/contracts` repository: --- ### Extended Description for Change in `cache/fuzz/failures` In this pull request, we are updating the `cache/fuzz/failures` file, which contains seeds for failure cases generated by property-based testing (proptest). This file is crucial as it ensures that specific failure cases are re-run before generating any novel cases, aiding in the identification and fixing of persistent issues. **Original Code:** ```text cc d14fc5025cb2d33a5b5d61ecf33657f8f679c3197bf86dcaa338007a95a43334 # shrinks to 0x7037b393000000000000000000000000000000000000000000000000000000000000007a0000000000000000000000003d9e6aa57f58768370b10a80da478b81186f3c00 cc e96264774c3f741dfdbba3cafffdbcc5936eb5d1e45f56c6fd15230a4c1e4105 # shrinks to 0x2820dd8c00000000000000000000000000000000000000000000000000000000f57c57d30000000000000000000000000000000000000000000000000000000000000e1600000000000000000000000000000000000000000000000000000000000027610000000000000000000000000000000000000000000000000000000000001d61 ``` **Updated Code:** ```text cc d14fc5025cb2d33a5b5d61ecf33657f8f679c3197bf86dcaa338007a95a43334 # shrinks to 0x7037b393000000000000000000000000000000000000000000000000000000000000007a0000000000000000000000003d9e6aa57f58768370b10a80da478b81186f3c00 cc e96264774c3f741dfdbba3cafffdbcc5936eb5d1e45f56c6fd15230a4c1e4105 # shrinks to 0x2820dd8c00000000000000000000000000000000000000000000000000000000f57c57d30000000000000000000000000000000000000000000000000000000000000e1600000000000000000000000000000000000000000000000000000000000027610000000000000000000000000000000000000000000000000000000000001d61 ``` **Description of Changes:** - The original single line entries have been retained but adjusted for clarity. - Each entry now clearly indicates the specific failure case hash and its associated "shrink" value. - This change enhances the readability and maintainability of the file, making it easier for developers to track and understand the failure cases. **Impact:** - By organizing the failure cases more clearly, this change ensures that the property-based testing framework can efficiently re-run known failure cases, thereby improving the reliability of the tests. - This update helps all contributors to benefit from the saved cases, facilitating better collaboration and faster identification of recurring issues. --- This extended description provides a detailed explanation of the changes, their purpose, and their impact, making it easier for reviewers to understand the context and significance of the updates. Signed-off-by: Seth Landry <[email protected]>
Setland34
commented
Jan 11, 2025
Signed-off-by: Seth Landry <[email protected]>
Repaired Lines 7-8 Signed-off-by: Seth Landry <[email protected]>
Replace 'YOUR_INFURA_KEY' and 'YOUR_ALCHEMY_KEY' with your actual API keysforge test --fork-url https://sepolia.infura.io/v3/YOUR_INFURA_KEY #!/bin/bash Define your keysINFURA_KEY="your_actual_infura_key" Replace in the commandforge test --fork-url https://sepolia.infura.io/v3/$INFURA_KEY |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
forge test --fork-url https://sepolia.infura.io/v3/YOURKEY or forge test --fork-url https://eth-sepolia.g.alchemy.com/v2/YOURKEY
private_key: ${{ secrets.PRIVATE_KEY }}