ci: add npm audit check to CI and fix all vulnerabilities#313
Open
DammyAji wants to merge 2 commits into
Open
Conversation
- Bump vitest from ^1.6.0 to ^3.2.6 to resolve critical CVE (GHSA-5xrq-8626-4rwp) and high severity vulnerabilities - Fix SorobanRpc → rpc namespace rename for @stellar/stellar-sdk v13 (useLedgerEntry, useSorobanContract, useTransaction) - Fix StellarTomlResolver → StellarToml.Resolver.resolve for SDK v13 (useStellarToml) - Fix useFreighter to use freighter-api v2 API (getPublicKey, getNetworkDetails instead of getAddress) - Fix fee type in ContractCallOptions (number → string) - Fix utils/index.ts parseAccountResponse for exactOptionalPropertyTypes and liquidity pool balances - Fix broken import paths in utils.test.ts (../src/utils → ../utils) - Fix unused imports and no-explicit-any lint errors across hooks and tests - Fix useContractEvents.test.ts possibly undefined access Closes dark-princezz#172
19a3830 to
7833c0e
Compare
|
@DammyAji Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Contributor
|
@DammyAji resolve issues |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #172
Adds
npm audit --audit-level=highto CI (already present inci.yml) and fixes all issues that were causing the CI pipeline to fail.Changes
Vulnerability fix
vitestfrom^1.6.0to^3.2.6to resolve critical CVE (GHSA-5xrq-8626-4rwp), highform-datavuln, and the esbuild chain. Only 1 low-severity vuln remains (below the--audit-level=highthreshold).SDK API fixes (stellar-sdk v13)
SorobanRpc→rpcnamespace rename inuseLedgerEntry,useSorobanContract,useTransactionStellarTomlResolver→StellarToml.Resolver.resolveinuseStellarTomlFreighter API fixes (freighter-api v2)
getAddress(v3 API) withgetPublicKey+getNetworkDetailsisConnected()now returnsbooleandirectly (not an object)signTransaction,signAuthEntry,signBlobreturnstringdirectly (no.signedTxXdrwrapper)Type fixes
ContractCallOptions.feechanged fromnumbertostringto matchTransactionBuilderutils/index.tsparseAccountResponsefixed forexactOptionalPropertyTypesand liquidity pool balance fieldsTest/lint fixes
utils.test.ts(../src/utils→../utils)no-explicit-anyerrors across hooks and testsuseContractEvents.test.tsCI results (verified locally)