search

cowprotocol / ethcontract-rs

Generate type-safe bindings for interacting with Ethereum contracts.
Apache License 2.0
307 stars 45 forks source link

Bump truffle from 5.4.29 to 5.11.0 in /examples/truffle #940

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps truffle from 5.4.29 to 5.11.0.

Release notes

Sourced from truffle's releases.

5.11.0 — Apple pie, no bugs allowed

Hey again everyone, welcome back! 👯

This week's release contains a special new feature; we have ported our CLI debugger 🙅🏽‍♀️🐛 over to work with Truffle Dashboard! So now you can step through your Solidity code in the browser! After installing the new version of Truffle, run truffle dashboard on the command line. After Truffle Dashboard starts up, just navigate to the URL specified and you can get started! There may be a few preparation steps for you to get up-and-running with your code, so expand the information below for more! We hope you enjoy it and, as always, let us know if you find some bugs so that we can improve it!

To use the debugger to step through code, Truffle Dashboard will first need to have the compilations for the contracts involved. If the sources are verified on Etherscan, then using the debugger is simple: enter your transaction hash in the input field and click Debug. Truffle will automatically fetch them for you and compile them! If you are debugging a transaction and you have the sources locally in a Truffle or HardHat project, you can send them to Truffle Dashboard using one of the following two methods...

For Truffle projects 🍫 If you have a Truffle project with the source files, you should first open Truffle Dashboard by running truffle dashboard in a terminal. Once Truffle Dashboard is running, navigate in a web browser to the URL specified. You should see a page with "Truffle Dashboard" in the top left. In another terminal, navigate to your Truffle project directory and run truffle develop. After the development console opens up, run migrate --compile-all. After you migration is complete, Truffle Dashboard will have your compilations saved in the browser! You can then enter the transaction hash you are interested in in the Dashboard Debugger and click Debug! The debugger will load up your session and you can then step through your transaction. Neat!

For HardHat projects 👷‍♀️ If you have a HardHat project with the source files, you should open Truffle Dashboard by running truffle dashboard in a terminal. Once Truffle Dashboard is running, navigate in a web browser to the URL specified. You should see a page with "Truffle Dashboard" in the top-left. In another terminal window, navigate to your HardHat project's root directory and install the @​truffle/dashboard-hardhat-plugin by running npm install @truffle/dashboard-hardhat-plugin. In your hardhat-config.ts, add import "@truffle/dashboard-hardhat-plugin" to the top of the file. Then run npx hardhat compile to send the compilations to Truffle Dashboard where they will be saved in the browser! You can then enter the transaction hash you are interested in in the Dashboard Debugger and click Debug! The debugger will load up your session and you can then step through your transaction. Voila!

Note 1: You can verify that the compilation was received by opening the developer console in your browser. Set the logging levels to "all levels" and you should see a "received cli-event message" that looks something like the screenshot below.

Note 2: The debugger is a bit resource-intensive and slow to initialize, and may even lock up your browser for a short time. But get yourself a coffee, and hopefully before you return it will be up and running! 💜

So the debugger for Truffle Dashboard is the meat 🍖 of this week's release. Besides that, we have a handful of maintenance-related PRs; some debugger/decoder-related bug fixes and a bump to the Ganache version utilized by Truffle. We also have to give a shoutout to @​BreadQL for making a teeny tiny edit to a README in Truffle. Thanks!

We hope you all enjoy the weekend and we'll see you soon!

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

New feature

Enhancements

Bug fixes

  • have debugger skip anything called from a generated source while stepping (#6138 by @​haltman-at)

... (truncated)

Commits


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
socket-security[bot] commented 1 year ago

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
truffle 5.4.29...5.11.0 network, filesystem +233/-111 270 MB eggplantzzz
socket-security[bot] commented 1 year ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Native code ganache 7.9.0
Install scripts web3 1.10.0
  • Install script: postinstall
  • Source: echo "Web3.js 4.x alpha has been released for early testing and feedback. Checkout doc at https://docs.web3js.org/ "

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore web3@1.10.0
  • @SocketSecurity ignore ganache@7.9.0
dependabot[bot] commented 1 year ago

Superseded by #943.