Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): upgrade web3 project-wide to v1.6.1 #2332

Closed
petermetz opened this issue Mar 21, 2023 · 1 comment · Fixed by #2550
Closed

build(deps): upgrade web3 project-wide to v1.6.1 #2332

petermetz opened this issue Mar 21, 2023 · 1 comment · Fixed by #2550
Assignees
@petermetz
Labels
bug Something isn't working dependencies Pull requests that update a dependency file

Comments

@petermetz
Copy link
Contributor

Description

There is already a pull request 1 (#2271) out there - sent by the robots - to force the upgrading of the cookiejar dependency via the lock file, but we would like to make sure that the parent dependencies of cookiejar are also upgraded and the way to get that done is to upgrade web3 within the project.

This will make sure that the lockfile getting reset does not re-introduce the vulnerability that is being fixed by #2271.

Screenshot from 2023-03-20 15-31-50

Screenshot from 2023-03-20 15-23-50

Acceptance Criteria

  1. Changes are limited to the dependency upgrades and nothing more.
@petermetz petermetz added bug Something isn't working dependencies Pull requests that update a dependency file labels Mar 21, 2023
@petermetz petermetz self-assigned this Mar 21, 2023
@micoferdinand98
Copy link
Contributor

@petermetz Hello Peter I'll be taking this ticket. Thank you.

micoferdinand98 added a commit to micoferdinand98/cactus that referenced this issue Jul 12, 2023
@micoferdinand98
build(deps): upgrade web3 project-wide to v1.6.1
b8b81eb 
Fixes hyperledger-cacti#2332
@micoferdinand98 micoferdinand98 mentioned this issue Jul 12, 2023
Merged
petermetz added a commit to micoferdinand98/cactus that referenced this issue Jul 15, 2023
@micoferdinand98 @petermetz
build(deps): upgrade web3 project-wide to v1.6.1
2ed654e 
Fixes hyperledger-cacti#2332

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to micoferdinand98/cactus that referenced this issue Jul 16, 2023
@micoferdinand98 @petermetz
build(deps): upgrade web3 project-wide to v1.6.1
f8aef94 
Update from Peter: I needed to do an unsafe cast because that was the least
bad option (other option was to make a breaking change in the quourm
connector's API).

The issue opened for tracking a proper resolution to this is titled as:
refactor(connector-quorum): make Web3BlockHeader.receiptRoot optional hyperledger-cacti#2555
and the link to it on GitHub is https://github.com/hyperledger/cacti/issues/2555

Fixes hyperledger-cacti#2332

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Jul 17, 2023
@micoferdinand98 @petermetz
build(deps): upgrade web3 project-wide to v1.6.1
2570c81 
Update from Peter: I needed to do an unsafe cast because that was the least
bad option (other option was to make a breaking change in the quourm
connector's API).

The issue opened for tracking a proper resolution to this is titled as:
refactor(connector-quorum): make Web3BlockHeader.receiptRoot optional #2555
and the link to it on GitHub is https://github.com/hyperledger/cacti/issues/2555

Fixes #2332

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@micoferdinand98 @petermetz @sandeepnRES
build(deps): upgrade web3 project-wide to v1.6.1
b31e844 
Update from Peter: I needed to do an unsafe cast because that was the least
bad option (other option was to make a breaking change in the quourm
connector's API).

The issue opened for tracking a proper resolution to this is titled as:
refactor(connector-quorum): make Web3BlockHeader.receiptRoot optional hyperledger-cacti#2555
and the link to it on GitHub is https://github.com/hyperledger/cacti/issues/2555

Fixes hyperledger-cacti#2332

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
bug Something isn't working dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build(deps): upgrade web3 project-wide to v1.6.1 micoferdinand98/cactus
2 participants
@petermetz @micoferdinand98