Commit 3aec83b
authored
Fixes/dependabot (#1442)
* Fix dependencies
* fix(deps): patch Go and ts/ transitive vulnerabilities
- Upgrade cometbft v0.38.17 -> v0.38.21 (go.mod + integration-tests/go.mod)
- Upgrade expr v1.17.5 -> v1.17.7 (integration-tests/go.mod)
- Regenerate ts/pnpm-lock.yaml to resolve 18 transitive npm alerts
Fixes: GHSA-c32p-wcqj-j677, GHSA-hrhf-2vcr-ghch (cometbft),
CVE-2025-68156 (expr), CVE-2024-30253 (@solana/web3.js),
CVE-2022-21680, CVE-2022-21681 (marked), CVE-2024-4068 (braces),
CVE-2024-37890 (ws), CVE-2024-21538 (cross-spawn), and others.
* fix(deps): bump @solana/spl-token, update Rust Cargo.lock
- Bump @solana/spl-token ^0.2.0 -> ^0.3.11 (drops deprecated
start-server-and-test and its vulnerable axios@0.27.2 transitive)
- cargo update bumpalo 3.14.0 -> 3.19.1 (contracts + hello-world)
- cargo update borsh 0.10.3 -> 0.10.4 (contracts)
* fix(deps): downgrade Cargo.lock to version 3 for CI compatibility
Local Cargo 1.86 auto-upgraded lockfiles to version 4, which the CI
Docker image (older Anchor/Cargo) doesn't support. Revert to version 3.1 parent c4f7258 commit 3aec83b
File tree
15 files changed
+3078
-4376
lines changed- contracts
- examples/hello-world
- gauntlet
- packages
- gauntlet-serum-multisig
- gauntlet-solana-contracts
- gauntlet-solana
- integration-tests
- ts
15 files changed
+3078
-4376
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
2 | 2 | | |
3 | 3 | | |
4 | 4 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments