-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade next from 13.4.12 to 13.5.4 #1423
[Snyk] Security upgrade next from 13.4.12 to 13.5.4 #1423
Conversation
…ck to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1423 +/- ##
===================================================
+ Coverage 50.51623% 50.82015% +0.30391%
===================================================
Files 343 356 +13
Lines 24117 24203 +86
Branches 277 267 -10
===================================================
+ Hits 12183 12300 +117
+ Misses 10724 10695 -29
+ Partials 1210 1208 -2
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
- @synapsecns/[email protected]
* yarn add ts-xor * Isolate Query types * Define Abstract Router * Implement common functions for Routers * Wrappers for SynapseRouter, SynapseCCTPRouter * Abstraction for a set of Router instances * Finding bridge routes * Add SynapseRouter-specific functions * Add router/index.ts * Constructor for new SDK class * Add pools, swaps operations to new SDK * Fix: naming * Add origin router address to BridgeRoute * Add bridge operations to SDK * Match exports with the old SDK * Nuke old SDK * Add address property to Router class * Remove ABI from Router constructor * Remove `addresses` from RouterSet constructor * Rework address map generation * Fully isolate contract interaction * Don't expose routerContract in Router class * Fix: circular dependency * Adjust synapseRouter test * Adjust CCTP router test * Fix: pass addressMap as constructor arg * Fix: pass Router constructor as argument * Basic coverage for RouterSets * Refactor constants * Add test for getBridgeTokens * Add test: getOriginQueries * Tests: getDestinationQueries * Test SDK constructor * Add ETH -> ARB bridgeQuote tests * More bridge tests * Add tests for errors * Introduce SwapQuote type * Fix: return type for `getBridgeGas()` * Add coverage for the remainder of the functions * Fix: address handling in calculateAddLiquidity * Remove deprecated code * Add coverage for deadlines * Rename new tests * Add some clarity for used classes * yarn install * add comment for vercel build * Use llama public RPCs * [DROP IN PROD] modify to local * Fix: spelling * Explicit error when Router is not present * Add coverage * Set default timeout to 30s for SDK tests * Keep the Code Rabbit happy by resolving a few issues * Revert "[DROP IN PROD] modify to local" This reverts commit 4c33414. * Revert "add comment for vercel build" This reverts commit dd9979d. * bump * Revert "bump" This reverts commit 1883649. --------- Co-authored-by: Trajan0x <[email protected]> Co-authored-by: Jonah Lin <[email protected]>
- @synapsecns/[email protected] - @synapsecns/[email protected] - @synapsecns/[email protected]
Co-authored-by: Trajan0x <[email protected]>
- @synapsecns/[email protected]
- @synapsecns/[email protected]
* Updated charts to use v2 version of autoscaling kube API * Fixed explorer helm chart format * Updated config * Added port to config
- @synapsecns/[email protected]
- @synapsecns/[email protected]
* Initialize fetchBridgeQuotes in utils, add BridgeQuoteRequest data type * Basic useBridgeQuote that continuously provides back bridge quote amount * Simple async fetchBridgeQuote function * Adjust fetchBridgeQuote function to accept synapseSDK as a param * fetchBridgeQuotes can return multiple bridge quotes via SDK in single function call * static typing * Init Bridge Updater component to allow for refreshing toTokens quotes * Bridge Updater component can access bridge quotes based on current toTokens in store * Remove test code in ToTokenListOverlay * Return token Token type in fetchBridgeQuote() call to match possibleTokens in ToTokenListOverlay * Update * Add comment * init fechAndStoreBridgeQuotes async thunk * fetchAndStoreBridgeQuotes * add fetchAndStoreBridgeQuote to use for current bridge selections * Update BridgeQuoteRequest to include originToken * ... * port getAndSetBridgeQuote logic into fetchBridgeQuote * Extend BridgeQuote type into BridgeQuoteResponse to include destinationToken to match token options by * Add typing to thunks * Add store state and reducer for fetchAndStoerBridgeQuotes * Bridge Updater to dispatch fetched bridge quotes for toTokens when avail * Update fetchBridgeQuotes to return array of objects * Pass in formatted exchangeRate string into SelectSpecificTokenButton * Add OptionDetails component that displays exchangeRate for now * Prefetch exchange rates without fromValue * Add state/reducer for fetchAndStoreBridgeQuotes status * Show exchangeRates only after fetch status is valid * Add action and reducer to resetFetchedBridgeQuotes * Reset fetched bridge quotes if fromToken is reset or is null * Reset fetched bridge quotes if no toChainId exists * calculateEstimatedTransactionTime util function * Pass in estimatedDuration prop to SelectSpecificTokenButton to populate token selection * Add comments * Add estimatedDurationInSeconds as prop in OptionDetails component, display duration in minute format * Style estimated duration in token selection * Add util function locateBestExchangeRateIndex * Add isBestExchangeRate bool prop to SelectSpecificTokenButton * ... * Create OptionTag with BestOptionType interface to create multiple options * Basic unstyled OptionTag is working * Add gradient * Style tag * Render tag only if exchangeRate available * Add destinationChainId in response for fetchBridgeQuotes * Ensure quote does not show unless destinationChainId matches, solve for case when connected chain id is default toChainId * Style OptionTag * Match bridgeQuotes based on destinationToken and not array positioning * Init getDefaultBridgeAmount util function * Create required enums to construct respective getDefaultBridgeAmount func * ... * Update locateBestExchangeRateToken to match best rate by Token * Proprogate bestExchangeRateToken changes to ToTokenListOverlay * clean * Fix NaN bug * ... * Clean * Add maxConcurrentRequests and requestDelay to limit single overload + throttle fetchBridgeQuotes call * Debounce user input in Bridge updater to prevent alternative quote fetching, initial 5000ms * updateDebouncedFromValue action * Add reducer * Lift debouncedFromValue to store * Utilize debouncedFromValue throughout bridge experience * Create orderedPossibleTokens to create ordered list based on fetched bridge quotes * Debounce 400 * Debounce 300ms * 400ms debounce works * Ensure loader activates when fromValue updates, not based on debouncedFromValue * .. * Sort Best Rate selection and place at top * Add delay on bridge loading animation * Add default case for getDefaultBridgeAmount switch statement * Ensure loader not triggered until debouncedFromValue populated * Add isLoadingExchangeRate prop to SelectSpecificTokenButton * Show loading spinner when fetching bridge quote exchange rates * ... * Update name from LoadingSpinner to LoadingDots to be more descriptive' ' ' * Update ButtonLoadingSpinner to ButtonLoadingDots * Add debouncedToTokensFromValue action and reducer * Setup debounce for alternative bridge quotes * Utilize debouncedToTokensFromValue to fetch alternate bridge quotes * Separate debouncing for primary quote and alternate quotes * Update semantic naming, add comments * Update debounce times between primary/alternative * Tweak debouncer for alternative quote * Update debounce and maxConcurrentRequests to make alternative bridge quotes more reliable * Tighten up alternative bridge quotes fetching conditions for stability * update naming * Clear quotes if user input does not exist * Allow input to be zerod * Update trigger for useEffect updating alternative bridge quotes * hasOnlyZeroes shared utils function * Add try catch around fetchBridgeQuote action * clean * clean * Example with fetching with default values * Only fetch alternative bridge quotes when user input exists and is not zero * Increase bridge qutoe fetching reliability after setting default to selections to undefined * Update loading status when fetching default exchange rates * Only show best rate if more than one option * Fix lint * .. * Disable integration tests for iniitally settting bridge origin and destination token * Test max 2 concurrent requests * Set loading to false in useEffect cleanup * Add error handling for when fetchBridgeQuote does not have request or synapseSDK avail --------- Co-authored-by: Jonah Lin <[email protected]>
- @synapsecns/[email protected]
* Add isOrigin prop to SelectSpecificNetworkButton components to determine when to display extra tokens * Propogate props * Update TokenVisualizer in FromChainList * ... * Update chain icons * Set default fromToken and toToken to null * Remove default to selections * Default originToken set to null to set to options to empty * Resolve failures * Update formatBigIntToString util function to include trailing 0 before decimal * set initial default for fromToken to null * resetBridgeInputs action * Add reducer for resetBridgeInputs * Reset bridge inputs on disconnect * Only set toToken from finite bridge machine if toChainId has been set --------- Co-authored-by: Jonah Lin <[email protected]>
- @synapsecns/[email protected]
* fix: packages/synapse-interface/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692 * Add disabled prop to FilterInput * Ensure search input is disabled until app successfully mounts * Add border opacity when not mounted --------- Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Jonah Lin <[email protected]>
…ithub.com/synapsecns/sanguine into snyk-fix-8ca8ec8b38e9c30c067fd0a8753c7e98
Rate Limit Exceeded@trajan0x has exceeded the limit for the number of files or commits that can be reviewed per hour. Please wait 36 minutes and 50 seconds before requesting another review. How to resolve this issue?After the wait time has elapsed, convert this PR to a draft and then mark it as ready for review again to re-trigger the review. Alternatively, you can push new commits to this PR. We recommend that you space out your commits to avoid hitting the rate limit. How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per repository. |
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/
directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarn
to update the contents of the./yarn/cache
directory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 5.3
SNYK-JS-POSTCSS-5926692
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Input Validation
7a64514272445113400844385cf62068b9322e5c: explorer-ui preview link
6ec0138a1795a7a420932806d4e50143496db8a9: explorer-ui preview link
d106ce3674c12ec479f8493fb96b9a49c34e6ef5: explorer-ui preview link
d106ce3674c12ec479f8493fb96b9a49c34e6ef5: synapse-interface preview link
6ec0138a1795a7a420932806d4e50143496db8a9: synapse-interface preview link
e60dbda46f4b1a622e194a922743b8cdf1fec07e: synapse-interface preview link
e60dbda46f4b1a622e194a922743b8cdf1fec07e: explorer-ui preview link