From 84c6e2fa97edde2df240408b128f8626c97a62ff Mon Sep 17 00:00:00 2001 From: Hyperledger Bot Date: Fri, 17 Nov 2023 10:20:24 -0800 Subject: [PATCH] Update PRs (#5454) --- pull-requests/hyperledger-labs/fablo.md | 6 +- pull-requests/hyperledger/besu.md | 119 ------------------- pull-requests/hyperledger/cacti.md | 147 ++++++++++++++++++++++-- trending/recent-prs.md | 8 +- 4 files changed, 147 insertions(+), 133 deletions(-) diff --git a/pull-requests/hyperledger-labs/fablo.md b/pull-requests/hyperledger-labs/fablo.md index 965452285..cf876e32c 100644 --- a/pull-requests/hyperledger-labs/fablo.md +++ b/pull-requests/hyperledger-labs/fablo.md @@ -14,11 +14,11 @@ permalink: /pull-requests/hyperledger-labs/fablo @@ -32,7 +32,7 @@ permalink: /pull-requests/hyperledger-labs/fablo
- PR #422 + PR #423 - New file for testing k8s setup with Github Actions + Publishing pipelines
- Created At 2023-11-01 07:01:19 +0000 UTC + Created At 2023-11-17 13:45:26 +0000 UTC
diff --git a/pull-requests/hyperledger/besu.md b/pull-requests/hyperledger/besu.md index 9cb8d40fa..f27bc9bd0 100644 --- a/pull-requests/hyperledger/besu.md +++ b/pull-requests/hyperledger/besu.md @@ -465,122 +465,3 @@ Fixes #6042 -
- - - - - - - - - -
- PR #6155 - - - Release 23.10.x - -
- - - Release 23.10.2 - -### Breaking Changes -- TX pool eviction in the legacy TX pool now favours keeping oldest transactions (more likely to evict higher nonces, less likely to introduce nonce gaps) [#6106](https://github.com/hyperledger/besu/pull/6106) and [#6146](https://github.com/hyperledger/besu/pull/6146) - -### Deprecations - -### Additions and Improvements -- Ethereum Classic Spiral network upgrade [#6078](https://github.com/hyperledger/besu/pull/6078) -- Add a method to read from a `Memory` instance without altering its inner state [#6073](https://github.com/hyperledger/besu/pull/6073) -- TraceService: return results for transactions in block [#6086](https://github.com/hyperledger/besu/pull/6086) -- Accept `input` and `data` field for the payload of transaction-related RPC methods [#6094](https://github.com/hyperledger/besu/pull/6094) -- Add APIs to set and get the min gas price a transaction must pay for being selected during block creation [#6097](https://github.com/hyperledger/besu/pull/6097) -- TraceService: return results for transactions in block [#6086](https://github.com/hyperledger/besu/pull/6086) -- New option `--min-priority-fee` that sets the minimum priority fee a transaction must meet to be selected for a block. [#6080](https://github.com/hyperledger/besu/pull/6080) [#6083](https://github.com/hyperledger/besu/pull/6083) -- Implement new `miner_setMinPriorityFee` and `miner_getMinPriorityFee` RPC methods [#6080](https://github.com/hyperledger/besu/pull/6080) -- Clique config option `createemptyblocks` to not create empty blocks [#6082](https://github.com/hyperledger/besu/pull/6082) -- Upgrade EVM Reference Tests to v13 (Cancun) [#6114](https://github.com/hyperledger/besu/pull/6114) -- Add `yParity` to GraphQL and JSON-RPC for relevant querise. [6119](https://github.com/hyperledger/besu/pull/6119) -- Force tx replacement price bump to zero when zero base fee market is configured or `--min-gas-price` is set to 0. This allows for easier tx replacement in networks where there is not gas price. [#6079](https://github.com/hyperledger/besu/pull/6079) -- Introduce the possibility to limit the time spent selecting pending transactions during block creation, using the new experimental option `Xblock-txs-selection-max-time` on PoS and PoW networks (by default set to 5000ms) or `Xpoa-block-txs-selection-max-time` on PoA networks (by default 75% of the min block time) [#6044](https://github.com/hyperledger/besu/pull/6044) - -### Bug fixes -- Upgrade netty to address CVE-2023-44487, CVE-2023-34462 [#6100](https://github.com/hyperledger/besu/pull/6100) -- Upgrade grpc to address CVE-2023-32731, CVE-2023-33953, CVE-2023-44487, CVE-2023-4785 [#6100](https://github.com/hyperledger/besu/pull/6100) -- Fix blob gas calculation in reference tests [#6107](https://github.com/hyperledger/besu/pull/6107) -- Limit memory used in handling invalid blocks [#6138](https://github.com/hyperledger/besu/pull/6138) - ---- - - -
-
- Created At 2023-11-10 17:59:28 +0000 UTC -
-
- -
- - - - - - - - - -
- PR #6154 - - - update version for snapshot - -
- - - - - -## PR description - -## Fixed Issue(s) - - -
-
- Created At 2023-11-10 16:35:40 +0000 UTC -
-
- -
- - - - - - - - - -
- PR #6152 - - - Gas price pending TX test using wrong class - -
- - - ## PR description -Create instance of the correct class in gas price TX test - -## Fixed Issue(s) -No issue raised for this -
-
- Created At 2023-11-10 13:03:08 +0000 UTC -
-
- diff --git a/pull-requests/hyperledger/cacti.md b/pull-requests/hyperledger/cacti.md index 3f3c88f72..4e5a1f4b4 100644 --- a/pull-requests/hyperledger/cacti.md +++ b/pull-requests/hyperledger/cacti.md @@ -10,6 +10,130 @@ permalink: /pull-requests/hyperledger/cacti # cacti [GitHub](https://github.com/hyperledger/cacti){: .btn .mr-4 } +
+ + + + + + + + + +
+ PR #2896 + + + build(deps): bump axios from 1.5.1 to 1.6.0 in /packages/cactus-plugin-ledger-connector-fabric + +
+ dependenciesjavascript + + Bumps [axios](https://github.com/axios/axios) from 1.5.1 to 1.6.0. +
+Release notes +

Sourced from axios's releases.

+
+

Release v1.6.0

+

Release notes:

+

Bug Fixes

+
    +
  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
    • +
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
    • +
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)
    • +
+

PRs

+
    +
  • CVE 2023 45857 ( #6028 )
    • +
+

+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+
+

Contributors to this release

+ +
+
+
+Changelog +

Sourced from axios's changelog.

+
+

1.6.0 (2023-10-26)

+

Bug Fixes

+
    +
  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
    • +
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
    • +
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)
    • +
+

PRs

+
    +
  • CVE 2023 45857 ( #6028 )
    • +
+

+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+
+

Contributors to this release

+ +
+
+
+Commits +
    +
  • f7adacd chore(release): v1.6.0 (#6031)
    • +
  • 9917e67 chore(ci): fix release-it arg; (#6032)
    • +
  • 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
    • +
  • 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
    • +
  • 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
    • +
  • a48a63a chore(docs): added AxiosHeaders docs; (#5932)
    • +
  • a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
    • +
  • 2ac731d chore(docs): update readme.md (#5889)
    • +
  • See full diff in compare view
    • +
+
+
+ + +[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.5.1&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) + +Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. + +[//]: # (dependabot-automerge-start) +[//]: # (dependabot-automerge-end) + +--- + +
+Dependabot commands and options +
+ +You can trigger Dependabot actions by commenting on this PR: +- `@dependabot rebase` will rebase this PR +- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it +- `@dependabot merge` will merge this PR after your CI passes on it +- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it +- `@dependabot cancel merge` will cancel a previously requested merge and block automerging +- `@dependabot reopen` will reopen this PR if it is closed +- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually +- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency +- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) +- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) +You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/cacti/network/alerts). + +
+
+
+ Created At 2023-11-17 18:08:25 +0000 UTC +
+
+
@@ -1456,23 +1580,32 @@ You can disable automated security fix PRs for this repo from the [Security Aler
- - Add script `tools/bump-package-engines.ts` to update minimal node and npm + - Add script `tools/bump-package-engines.ts` to update minimal node and npm versions in all cacti packages. - Set minimal node to 18 and npm to 8 in all cacti packages. - Add env variable `NODEJS_VERSION` in CI scripts to centralize nodejs setup. - Change default nodejs in CI to v18.18.2 -- Minor formatting fixes - sorted package.json, remove whitespaces +- Minor formatting fixes - sorted package.json, removed whitespaces. +- Use socket.io-client-fixed-types in sawtooth connector to fix ESM import error +- Change node-fetch to 2.7.0 (still supported) in ubiqity connector to fix + ESM import error +- Use explicit 127.0.0.1 instead of localhost in many source files. NodeJS 18 + prefers ipv6 over ipv4 and that caused some troubles when localhost + was used. +- Run codegen to update file structure. +- Replace ts-ignore with ts-expect-error and add description to fix + es-lint errors. Fix formatting issues found by the linter. Signed-off-by: Michal Bajer **Pull Request Requirements** -- [ ] Rebased onto `upstream/main` branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why. -- [ ] Have git sign off at the end of commit message to avoid being marked red. You can add `-s` flag when using `git commit` command. You may refer to this [link](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) for more information. -- [ ] Follow the Commit Linting specification. You may refer to this [link](https://www.conventionalcommits.org/en/v1.0.0-beta.4/#specification) for more information. +- [x] Rebased onto `upstream/main` branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why. +- [x] Have git sign off at the end of commit message to avoid being marked red. You can add `-s` flag when using `git commit` command. You may refer to this [link](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) for more information. +- [x] Follow the Commit Linting specification. You may refer to this [link](https://www.conventionalcommits.org/en/v1.0.0-beta.4/#specification) for more information. **Character Limit** -- [ ] Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters). -- [ ] Commit Message per line must not exceed 80 characters (including spaces and special characters). +- [x] Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters). +- [x] Commit Message per line must not exceed 80 characters (including spaces and special characters). **A Must Read for Beginners** For rebasing and squashing, here's a [must read guide](https://github.com/servo/servo/wiki/Beginner's-guide-to-rebasing-and-squashing) for beginners. diff --git a/trending/recent-prs.md b/trending/recent-prs.md index 5b855eef5..203371176 100644 --- a/trending/recent-prs.md +++ b/trending/recent-prs.md @@ -1,13 +1,13 @@ +[2896](https://github.com/hyperledger/cacti/pull/2896) build(deps): bump axios from 1.5.1 to 1.6.0 in /packages/cactus-plugin-ledger-connector-fabric + +[423](https://github.com/hyperledger-labs/fablo/pull/423) Publishing pipelines + [6181](https://github.com/hyperledger/besu/pull/6181) just test [2612](https://github.com/hyperledger/aries-cloudagent-python/pull/2612) :bug: fix wallet_update when only `extra_settings` requested [6179](https://github.com/hyperledger/besu/pull/6179) Stretch timeout when low peer count -[2611](https://github.com/hyperledger/aries-cloudagent-python/pull/2611) feat: support resolving did:peer:1 received in did exchange - -[2609](https://github.com/hyperledger/aries-cloudagent-python/pull/2609) fix: more resilient checks in verify signed attachments - [See more >>>](https://start-here.hyperledger.org/pull-requests)