Conversation
|
Semgrep found 10
Risk: Affected versions of axios are vulnerable to Improper Check for Unusual or Exceptional Conditions. It fails to correctly validate configuration keys during merging. This allows a crafted proto property to trigger an internal TypeError, causing the application to crash. Fix: Upgrade this library to at least version 1.13.5 at explorer/package-lock.json:27214. Reference(s): GHSA-43fc-jf86-j433, CVE-2026-25639 |
| * GET /api/v1/amms | ||
| * Fetch top AMMs with sorting | ||
| */ | ||
| const getAMMs = async (req, res) => { |
There was a problem hiding this comment.
You should cache these results so that Explorer server will not make a call to LOS on every page load (rate limiting)
See this example: https://github.com/ripple/explorer/blob/main/server/routes/v1/tokens.js#L85-L119
There was a problem hiding this comment.
| log.info(`Fetched ${response.data.results?.length || 0} AMMs`) | ||
|
|
||
| return res.status(200).json(response.data) | ||
| } catch (error) { |
There was a problem hiding this comment.
Also with caching if the call failed we can still use stale data
There was a problem hiding this comment.
| * Fetch aggregated AMM statistics | ||
| * This fetches the special "aggregated" document from the amms index | ||
| */ | ||
| const getAggregatedStats = async (req, res) => { |
There was a problem hiding this comment.
Same here, this should be cached
There was a problem hiding this comment.
| * Fetch historical trends for AMM data | ||
| */ | ||
| const getHistoricalTrends = async (req, res) => { | ||
| try { |
There was a problem hiding this comment.
server/routes/v1/index.js
Outdated
| api.use('/metrics', getCurrentMetrics) | ||
| api.use('/tokens/search/:query', getTokensSearch) | ||
| api.post('/tokens/batch-get', batchGetTokens) | ||
| api.use('/tokens/:tokenId', getTokenById) |
There was a problem hiding this comment.
Is there a reason for this to be done server-side? For single token fetching without the need for caching I would prefer doing it on client-side to avoid rate limiting (IP of user browser vs IP of Explorer server)
There was a problem hiding this comment.
Changed to cache the data serverside instead of fetching per request here https://github.com/ripple/explorer/pull/1295/changes#diff-3d739c4ee7d382a3089fc92fe71742ee94b21e2d701aa157f072f31446d89fd7R236-R250
cybele-ripple
force-pushed
the
amm-rankings-explorer-page
branch
from
f1682aa to
ec81759
Compare
## High Level Overview of Change react-test-renderer isn't used in our code and has been deprecated (see [details](https://github.com/facebook/react/tree/HEAD/packages/react-test-renderer)). Relevant dependabot PR #1256 <!-- Please include a summary/list of the changes. If too broad, please consider splitting into multiple PRs. --> ### Context of Change <!-- Please include the context of a change. If a bug fix, when was the bug introduced? What was the behavior? If a new feature, why was this architecture chosen? What were the alternatives? If a refactor, how is this better than the previous implementation? If there is a design document for this feature, please link it here. --> ### Type of Change <!-- Please check relevant options, delete irrelevant ones. --> - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] Refactor (non-breaking change that only restructures code) - [ ] Tests (You added tests for code that already exists, or your new feature included in this PR) - [ ] Documentation Updates - [ ] Translation Updates - [ ] Release ### Codebase Modernization <!-- In an effort to modernize the codebase, you should convert the files that you work with to React Hooks and TypeScript If this is not possible (e.g. it's too many changes, touching too many files, etc.) please explain why here. --> - [ ] Updated files to React Hooks - [ ] Updated files to TypeScript ## Before / After <!-- If just refactoring / back-end changes, this can be just an in-English description of the change at a technical level. If a UI change, screenshots should be included. --> ## Test Plan <!-- Please describe the tests that you ran to verify your changes and provide instructions so that others can reproduce. --> <!-- ## Future Tasks For future tasks related to PR. -->
…CursorPaginatedQuery
…-dom' because in React Router v6 for browser applications, hooks like useLocation(), useParams(), and Routes must be imported from 'react-router-dom' (which provides browser context) and addressed PR issues
cybele-ripple
force-pushed
the
amm-rankings-explorer-page
branch
from
b6341b2 to
c030e5b
Compare
src/containers/AMMRankings/index.tsx
Outdated
| ['ammRankings', sortField, sortOrder], | ||
| () => fetchAMMRankings(sortField, sortOrder), | ||
| { | ||
| refetchInterval: 60 * 1000, |
There was a problem hiding this comment.
nit: you can set a common refetch interval variable
| @@ -911,5 +911,15 @@ | |||
| "asset_2": "Asset 2", | |||
There was a problem hiding this comment.
Once you’ve finalized all the new keys for the AMM Ranking page, please add the same keys to translations.json for the other languages and set their values to null (you can refer to the AMM Object PR for examples).
| color: $white; | ||
| font-size: 14px; | ||
| white-space: nowrap; | ||
| @include semibold; |
There was a problem hiding this comment.
The asset pair name, e.g., CRYPTO/XRP, isn't semibold or bold according to the Figma design.
3 participants
High Level Overview of Change
These changes add an AMM page to the explorer.
Context of Change
The new AMMs page includes:
Type of Change