Skip to content

Commit b86dcdf

Browse files
fionnachanfionnachan
authored
Merge branch 'main' into dl/dependabot
2 parents 1142716 + 7892afa commit b86dcdf

File tree

4 files changed

+169
-177
lines changed

4 files changed

+169
-177
lines changed

.github/workflows/build-test.yml

Lines changed: 12 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@ jobs:
1616
node-version: [18, 20]
1717
steps:
1818
- name: Checkout
19-
uses: actions/checkout@v3
19+
uses: actions/checkout@v4
2020

2121
- name: Set up Node.js
22-
uses: actions/setup-node@v3
22+
uses: actions/setup-node@v4
2323
with:
2424
node-version: ${{ matrix.node-version }}
2525

@@ -41,10 +41,10 @@ jobs:
4141
TEST_PATH: /tmp/test-results
4242
steps:
4343
- name: Checkout
44-
uses: actions/checkout@v3
44+
uses: actions/checkout@v4
4545

4646
- name: Set up Node.js
47-
uses: actions/setup-node@v3
47+
uses: actions/setup-node@v4
4848
with:
4949
node-version: ${{ matrix.node-version }}
5050

@@ -66,19 +66,12 @@ jobs:
6666
path: ${{ env.TEST_PATH }}
6767

6868
- name: Publish Test Report
69-
uses: mikepenz/action-junit-report@v3
69+
uses: mikepenz/action-junit-report@v5
7070
if: always() # always run even if the previous step fails
7171
with:
7272
report_paths: '${{ env.TEST_PATH }}/sdk-lint.xml'
7373
fail_on_failure: false
7474

75-
# TODO: need to fix codecov, hasn't been working for a while according to #172 comment
76-
- name: Upload Coverage to Codecov
77-
uses: codecov/codecov-action@v3
78-
with:
79-
fail_ci_if_error: false
80-
verbose: false
81-
8275
audit:
8376
name: Audit on Node.js v${{ matrix.node-version }}
8477
runs-on: ubuntu-latest
@@ -88,10 +81,10 @@ jobs:
8881
needs: install
8982
steps:
9083
- name: Checkout
91-
uses: actions/checkout@v3
84+
uses: actions/checkout@v4
9285

9386
- name: Set up Node.js
94-
uses: actions/setup-node@v3
87+
uses: actions/setup-node@v4
9588
with:
9689
node-version: ${{ matrix.node-version }}
9790

@@ -111,10 +104,10 @@ jobs:
111104
needs: install
112105
steps:
113106
- name: Checkout
114-
uses: actions/checkout@v3
107+
uses: actions/checkout@v4
115108

116109
- name: Set up Node.js
117-
uses: actions/setup-node@v3
110+
uses: actions/setup-node@v4
118111
with:
119112
node-version: ${{ matrix.node-version }}
120113

@@ -175,10 +168,10 @@ jobs:
175168
DECIMALS: ${{ matrix.decimals || '18' }}
176169
steps:
177170
- name: Checkout
178-
uses: actions/checkout@v3
171+
uses: actions/checkout@v4
179172

180173
- name: Set up Node.js
181-
uses: actions/setup-node@v3
174+
uses: actions/setup-node@v4
182175
with:
183176
node-version: ${{ matrix.node-version }}
184177

@@ -190,7 +183,7 @@ jobs:
190183
- name: Set up the local node
191184
uses: OffchainLabs/actions/run-nitro-test-node@main
192185
with:
193-
nitro-testnode-ref: adapt-bridge-amount
186+
nitro-testnode-ref: f5a54d679733c65b81d5106488feb957ec579a46
194187
l3-node: ${{ matrix.orbit-test == '1' }}
195188
args: ${{ matrix.decimals == 16 && '--l3-fee-token --l3-fee-token-decimals 16' || matrix.decimals == 20 && '--l3-fee-token --l3-fee-token-decimals 20' || matrix.decimals == 18 && '--l3-fee-token' || '' }}
196189

audit-ci.jsonc

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,17 @@
6969
// from: @arbitrum/token-bridge-contracts>@openzeppelin/contracts-upgradeable
7070
// from: @arbitrum/nitro-contracts>@openzeppelin/contracts
7171
// from: @arbitrum/token-bridge-contracts>@openzeppelin/contracts
72-
"GHSA-9vx6-7xxf-x967"
72+
"GHSA-9vx6-7xxf-x967",
73+
// https://github.com/advisories/GHSA-xq7p-g2vc-g82p
74+
// Homograph attack allows Unicode lookalike characters to bypass validation.
75+
// we don't use them in this repo, they are nested dependencies
76+
// from: @arbitrum/token-bridge-contracts>@openzeppelin/upgrades-core>ethereumjs-util>ethereum-cryptography>bs58check>bs58>base-x
77+
// from: @offchainlabs/l1-l3-teleport-contracts>@arbitrum/token-bridge-contracts>@openzeppelin/upgrades-core>ethereumjs-util>ethereum-cryptography>bs58check>bs58>base-x
78+
"GHSA-xq7p-g2vc-g82p",
79+
// https://github.com/advisories/GHSA-cxrh-j4jr-qwg3
80+
// undici Denial of Service attack via bad certificate data
81+
// we only use hardhat in a test and we don't use undici in the sdk
82+
// from: hardhat>undici
83+
"GHSA-cxrh-j4jr-qwg3"
7384
]
7485
}

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838
"eslint-plugin-mocha": "^9.0.0",
3939
"eslint-plugin-prettier": "^4.0.0",
4040
"ethers": "^5.0.0",
41-
"hardhat": "^2.22.19",
41+
"hardhat": "^2.24.0",
4242
"mocha": "^9.2.1",
4343
"nyc": "^15.1.0",
4444
"prettier": "^2.3.2",

0 commit comments

Comments
 (0)