Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump crypto-js and @celo/utils in /coordinator-service #195

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump crypto-js and @celo/utils in /coordinator-service #195

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 25, 2023

Removes crypto-js. It's no longer used after updating ancestor dependency @celo/utils. These dependencies need to be updated together.

Removes crypto-js

Updates @celo/utils from 0.1.19 to 5.0.5

Release notes

Sourced from @​celo/utils's releases.

@​celo/explorer 5.0.5

patch changes

  • 53bbd4958: Note celo sdk packages will no longer be fix bumped (ie will not share the same version always) and will now use ^range when depending on each other
  • d48c68afc: Calls to getContractMappingFromSourcify() are now memoized in the same structure (this.addressMapping) as getContractMappingFromCore, getContractMappingWithSelector now runs in parallel

CeloCLi 3.0.1

Fixes

  • once again signing with ledgers work

SDK Release 5.0.4

@​celo/wallet-ledger

Fixes issue where uses trying to sign with ledger where unable to by forcing use of celo legacy tx type as this is all celo ledger app supports for now see #10487

[email protected]

Breaking changes

This release if the celocli bumps node support from node 14 to node 18

other changes / fixes

dep changes

  • use contractkit v5 (this brings eip 1559 / cip 42 support under the hood)
  • bump humanize-duration to latest version
  • remove unused deps, @​celo/bls12377js, bip32, bip39

ODIS Combiner 3.0.0

Misc performance improvements. See #10513

ODIS Signer 3.0.1

This patch release fixes an issue we saw shortly after releasing v3.0.0 where the Signer incorrectly treats a closed socket from the Combiner as a timeout and attempts to respond with a 500 status code. When the Combiner receives enough responses from Signers to respond to the user, it will abort outstanding requests with an AbortSignal. In v3.0.0, the Signer timeout logic was upgraded to listen for 'abort' events and treat them as timeouts. Because the Signer was unable to distinguish between 'abort' events caused by timeouts and ones caused by the Combiner, it appeared to be timing out and returning 500s frequently.

In this release, we've changed back the Signer's timeout logic to rely on setTimeout and added a new connectionClosedHandler to catch closed socket events

ODIS Signer 3.0.0

  • This upgrade features significant performance improvements to reduce latency and increase throughput.
  • Full node queries will now be cached, so we've removed blockNumber from the SignMessageResponse type.
  • We've also fully deprecated the legacy endpoints and deleted the legacy rate limiting mechanism from the code

See celo-org/celo-monorepo#10462

SDK Release 4.1.1

Updates to package versions necessary for the release of v3.0.0 of the @​celo/phone-number-privacy-common package and package version upgrades to support node 18. The @​celo/phone-number-privacy-common package has been upgraded with miscellaneous small changes to support the ODIS 3.0.0 release - the most significant of which is the removal of blockNumber from the SignMessageResponse type.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by aaron-clabs, a new releaser for @​celo/utils since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump crypto-js and @celo/utils in /coordinator-service
78ef625 
Removes [crypto-js](https://github.com/brix/crypto-js). It's no longer used after updating ancestor dependency [@celo/utils](https://github.com/celo-org/celo-monorepo). These dependencies need to be updated together.


Removes `crypto-js`

Updates `@celo/utils` from 0.1.19 to 5.0.5
- [Release notes](https://github.com/celo-org/celo-monorepo/releases)
- [Changelog](https://github.com/celo-org/celo-monorepo/blob/master/RELEASE.md)
- [Commits](https://github.com/celo-org/celo-monorepo/commits/@celo/[email protected])

---
updated-dependencies:
- dependency-name: crypto-js
  dependency-type: indirect
- dependency-name: "@celo/utils"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 25, 2023
@socket-security
Copy link

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@types/pino 6.3.0 None +3 758 kB types
@celo/utils 5.0.5 network +41 9.69 MB aaron-clabs
prettier 2.0.5 eval, environment +0 10.7 MB thorn0
@azure/storage-blob 12.2.0-preview.1 network, filesystem, environment +64 15 MB azure-sdk
@types/tmp 0.2.5...0.2.0 None +0/-0 4.83 kB types
@types/express 4.17.20...4.17.7 None +8/-10 791 kB types
@types/mocha 8.2.3...8.0.2 None +0/-0 91.4 kB types
nodemon 2.0.22...2.0.4 network +140/-6 2.42 MB remy
@types/chai 4.3.9...4.2.12 None +0/-0 79 kB types
chai-http 4.4.0...4.3.0 None +14/-32 2.05 MB chaijs
joi 17.11.0...17.2.1 None +5/-5 653 kB hueniverse
@types/node 13.13.52...13.13.15 None +0/-0 707 kB types
express 4.18.2...4.17.1 None +25/-34 953 kB dougwilson
mocha 8.4.0...8.1.1 eval +122/-52 9.1 MB boneskull
pino 6.14.0...6.5.1 None +10/-12 640 kB matteo.collina
pino-pretty 4.8.0...4.1.0 None +20/-11 816 kB jsumners
dotenv 8.6.0...8.2.0 None +0/-0 23.1 kB maxbeatty
@azure/abort-controller 1.1.0...1.0.1 None +1/-1 92.6 kB azure-sdk
typescript 3.9.10...3.9.7 None +0/-0 54.1 MB typescript-bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants