Update #25
Closed
Update #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Previously breaking MacOS builds. See hyperledger/indy-vdr#260 Signed-off-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt>
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.6 to 4.2.1. - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v4.2.1) --- updated-dependencies: - dependency-name: web3-utils dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.3 to 4.2.1. - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v4.0.3...v4.2.1) --- updated-dependencies: - dependency-name: web3-utils dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This had to be done because of security vulnerabilities in the old version. 2. Originally the robots have attempted to send a pull request with the same change but it somehow went haywire and upgraded dozens of other versions in dozens of other packcages not the intended one... 3. So this was manually created to address that bug in GitHub's dependabot. 4. The original commit message did not mention which vulnerabilities are being fixed by it and I also cannot remember the specific ones but the older versions of web3 were definitely being affected and therefore it is known to be a good idea what the bot has proposed even though it couldn't explain itself. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
…onnector
- Iroha connector is broken for some time and it's SDK does't seem to be
actively supported anymore (in regards of bug or security fixes).
Closes: hyperledger-cacti#3159
Part of: hyperledger-cacti#3155
Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
1. When we removed the RustC compiler class and the backing container, we also deleted the test cases referencing that code, but we forgot to remove the test case inclusion from the TAP config. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The old way to use docker compose was through the standalone binary `docker-compose` 2. This was working for a while but now the auto-upgrades that we cannot seem to avoid have caught up with us and broke ci.sh in the GitHub action runners because the standalone binary is no longer available at all and therefore the migration must happen. 3. Point 2 is just a theory but one that is considered to be very likely correct. 4. It is to be seen if we'll have any other downstream issues such as the tests failing in other ways due to this underlying docker change. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. Prior to this change the polling function that waits for transactions to be confirmed was running in while loop without any delay, meaning that the code that fetches the latest block is executing thousands of times each second (or however fast the CPU in the machine/network connection are). 2. Now there is a second delay between each execution of the loop so that we are not hammering the node of the ledger we are connected to. 3. This also has the added benefit of the test cases using this method using much less CPU power. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The older versions of the AIO image are rusty (flaky to boot) and so to increase the stability of the example application I considered it prudent to upgrade to the latest and greatest (non-breaking) all-in-one image that we have. 2. There might be other branches out there in development where the same change is already pending, if this is the case then apologies, but I just had to get this done right away because it had a direct dependency from another pull request where I was upgrading web3 packages and I had to have the example application up and running in order to verify that other pull requests not messing anything up, so here we are. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt>
1. Previously we just winged it with a bash script downloading another bash script to unzip the actionlint binaries. 2. From now on we'll use the GitHub action from the marketplace which has a lot of configuration options exposed in a convenient way such as what type of warnings to ignore, what version of actionlint to install, etc. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The API server supports gRPC endpoints, but plugins are not yet able to register their own gRPC services to be exposed the same way that was already possible for HTTP endpoints to be registered dynamically. This was due to an oversight when the original contribution was made by Peter (who was the person making the oversight - good job Peter) 2. The functionality works largely the same as it does for the HTTP endpoints but it does so for gRPC services (which is the equivalent of endpoints in gRPC terminology, so service === endpoint in this context.) 3. There are new methods added to the public API surface of the API server package which can be used to construct gRPC credential and server objects using the instance of the library that is used by the API server. This is necessary because the validation logic built into grpc-js fails for these mentioned objects if the creds or the server was constructed with a different instance of the library than the one used by the API server. 4. Different instance in this context means just that the exact same version of the library was imported from a different path for example there could be the node_modules directory of the besu connector and also the node_modules directory of the API server. 5. Because of the problem outlined above, the only way we can have functioning test cases is if the API server exposes its own instance of grpc-js. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Define the types and type guard needed for the API server to be able to recognize plugins that have implemented a ConnectRPC interface for their operations. Also, these types will be used by the plugins themselves to mark the implementations as valid for ConnectRPC usage. ConnectRPC is very similar to gRPC but has some nice features in addition to it such as the HTTP 2 and HTTP 1.1 proxying through express and fastify HTTP server instances. For further details see this link: https://connectrpc.com/ Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.3...v5.28.4) --- updated-dependencies: - dependency-name: undici dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Primary Changes ---------------- 1. Modified the Dockerfile to use the updated versions of the packages being used 2. Modified the supervisord.conf to use the correct path because it has changed after updating the versions Fixes hyperledger-cacti#2062 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
* refactored plugin bungee, using strategy design pattern * current version has strategy both for fabric and besu networks * includes a few tests to demonstrate basic functionality * added README with package documentation * added bungee tests to Cactus CI Co-authored-by: eduv09 <eduardovasques10@tecnico.ulisboa.pt> Co-authored-by: André Augusto <andre.augusto@tecnico.ulisboa.pt> Co-authored-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt> Signed-off-by: eduv09 <eduardovasques10@tecnico.ulisboa.pt>
1. It appears to be some kind of race condition in the series of jq command we use to update the package.json file with resolution overrides. 2. The supporting information for the above theory is that the image build would fail at different jq invocations on sub-sequent build tries that had no changes between them. 3. Sponge is designed for the use-case of in-place file editing and therefore `tee` is the likely culprit but we don't have a full explanation to the why quite yet. 4. It is also not known how this issue manifested after the latest set of fixes were tested and verified back when the pull request was made: https://github.com/hyperledger/cacti/pull/3059/commits 5. The current code builds successfully with or without the NPM_PKG_VERSION override. One of the commands we used to test that it works was this: ```sh DOCKER_BUILDKIT=1 docker build \ --build-arg="NPM_PKG_VERSION=2.0.0-2945-supply-chain-app-build-failed.241+b2c306ea0" \ --file ./examples/cactus-example-supply-chain-backend/Dockerfile \ . \ --tag scaeb ``` Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This is enabling plugins to expose their operations via ConnectRPC services which is very similar to gRPC but it comes with a few extra bells and whistles that can come in very handy. 2. There is an upcoming pull request that makes it so that the keychain memory plugin implements and registers its services via this newly added hook of the API server. The importance of this is that test coverage for the code in this commit resides on another branch, meaning that even though there are no new test cases on this branch, the feature has been extensively tested and there is test-automation in place to continue verifying it as well. 3. The main difference between the hook methods are that for CRPC the API server expects an array of service definition+implementation pairs instead of just a single one. This was a design decision forced by the issues with implementing separate services in a single class: The compiler was hard to appease in a way that kept the code clean. gRPC did not suffer from this and therefore the registration methods defined for that only return a single gRPC service defintion+implementation pair which can combine any number of .proto services. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 6.11.1. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v6.11.1) --- updated-dependencies: - dependency-name: undici dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The idea here is to re-use the common basic tasks of configuring an express instance similar to how the API server does it but without having the chicken-egg problem of circular dependencies between the API server and the plugins. 2. More detailed discussion can be seen in this other pull request in the comments: hyperledger-cacti#3169 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- delete solid.js version - rename package - fix type erros - bump vite from 5.0.12 to 5.0.13 in /packages/cacti-ledger-browser-react Closes: hyperledger-cacti#3156 Signed-off-by: Tomasz Awramski <tomasz.awramski@fujitsu.com>
1. This leverages the newly introduced methods in core-api that the API server is using to probe if a plugin has ConnectRPC support or not. 2. There is support for both HTTP 1.1 and HTTP 2. The caveat here is that HTTP 2 is not supported by ExpressJS so we pulled in Fastify to handle those type of requests and that means that HTTP 2 ConnectRPC traffic has to go through a different port compared to the HTTP 1.1 ConnectRPC traffic. 3. The lesson here is that we probably need to migrate away from ExpressJS longer term because it does not (and from the looks of it will not ever) support HTTP 2 which is probably going to be a bit of technical debt/ limiting factor in architectural decisions going forward for both Cacti maintainers and Cacti users. 4. A new code generator has been introduced by this commit as well which is @buf/build - the tool where ConnectRPC originates from. The scripts are structured in such a way that this should be seamlessly integrated into the existing `codegen` root level script and therefore also the CI. 5. There is test coverage for both HTTP 1.1 and HTTP 2 traffic in the file at ```sh packages/cactus-test-plugin-keychain-memory/src/test/typescript/integration/ test-keychain-memory-crpc-api-server.test.ts ``` 6. The test case referenced above is also the example on how to use the ConnectRPC client (very similar to the HTTP client we already had before) Depends on hyperledger-cacti#3183 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:development ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
--- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
- to extend cert expiry to 10 years
- re-generate expired fabric testnet certs
- update readme for re-generation to add missing steps
Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
The detailed explanation is here: Do not enable auto-merging on GitHub for the pull request doing the release. The problem with auto-merging here is that it would modify the release commit's SHA as the rebase would happen on GitHub's servers where your git signing identity is not available to use given that GitHub does (should) not have access to your private key for signing. The way the preserve your commit signature as valid the commit SHA must remain the same and the way to achieve this is to perform the pull request merging with fast forward. The merging ensures that there is no commit SHA change and the `--ff-only` option ensures that there is no merge commit to throw a wrench in the process. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
If someone sends a pull request that isn't formatted according to the tools we have in place for auto-format code (ESLint, prettier) then after this change the CI will fail and this way we don't end up in a situation where running `yarn lint` on the main branch produces a diff of auto-formatted code files (which is currently sadly the case). At the same time as introducing this constraint I'm also applying the automatic formatting on the code project wide so that the check can actually pass as intended when this change is getting merged. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. Longer term we'll just fix the scripts that are crashing, but right now as a short term solution I disabled the script execution. 2. It might even be more secure for us to use this ignore scripts flag permanently because some of the attack vectors are in those scripts which new versions of the dependencies can execute arbitrary code. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
fix(fabric-driver): yarn lint errors Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
- `cactus-example-tcs-huawei` is using
`cactus-plugin-ledger-connector-go-ethereum-socketio` and
`cactus-plugin-ledger-connector-tcs-huawei-socketio` which will
be removed as well. Ths sample app can't exist on it's own.
- This is not permanent - we'd love to bring the package back once the
necessary refactors are done!
- See issue hyperledger-cacti#3155 on github for more details on context and reasoning
of this decision.
Closes: hyperledger-cacti#3157
Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
- Add dynamic routing based on configuration instead of hardcoded one.
- Add MUI and configure custom theme.
Use this new UI kit to create app better bar and ledger selector.
- Cleanup common application code.
- Add sample SQL data to quickly test the GUI
without running persistence plugins.
Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
Huge diff, simple changes:
1. Where applicable, I added `import type {..}` instead of `import {...}`
so that we do not need the dependency in the production dependencies.
2. For imports where the code imported was actually used at runtime I
altered the package.json file so that the dependency is marked as a production
dependency and therefore won't crash anymore when being imported in isolation
(e.g. outside of the mono-repo dev build).
Fixes hyperledger-cacti#3344
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- Use react query to fetch data instead of manual fetches. - Remove dead / duplicated code where applicable. - Minor refactors and fixes. Depends on hyperledger-cacti#3203 Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
- Refactor ETH app dashboard using MUI components. - Fix ERC20 details page rendering. - Add block and transaction list components that use common `UITableListing`. - Add global notifications that will be displayed in a snackbar. Depends on hyperledger-cacti#3207 Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
1. This will help us with newer features and also potential CVEs in the (now) quite outdated version we were using before. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Quality of life improvement and some minor performance improvements in the new version from what I understood. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This way we can have examples and test cases developed that use either the negotiation or the obligation cordapps. Earlier we could only use the obligation cordapp as it was the hardcoded directory path for contract deployments. 2. Not an actual feature just an extension to the testing infrastructure that we have and we need the additional possibilities here because of the new Harmonia Labs examples coming up. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- Add a run soroban transaction endpoint to the Stellar Connector plugin. - Add a Soroban hellow_world contract to the demo-contract folder. **Remarks:** The `runSorobanTransaction` endpoint can be used to make smart contract invocations on the Soroban platform. The endpoint accepts a flag called `readOnly` to indicate when the transaction should not alter ledger state. When `true`, the transaction will only be simulated based on the current ledger state and provide an up-to-date output without registering the transaction to the ledger, ensuring no fees are consumed. When `false`, the transaction will be executed and registered to the ledger even if it doesn't alter the ledger state, incurring fees as usual. More details can be found in the `README.md` file under the connector root directory. Closes hyperledger-cacti#3238 Signed-off-by: Fabricius Zatti <fazzatti@gmail.com>
Bumps the npm_and_yarn group with 15 updates in the / directory: --- updated-dependencies: - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@azure/identity" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: bl dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: pkg dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: apollo-server-core dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-devtools-core dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@types/jsonwebtoken" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@types/jsonwebtoken" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@azure/identity" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: bl dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: pkg dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> fix(weaver): remove unused dependencies in nodejs apps Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- This concludes refactoring of ethereum app, it should be fully usable with mostly same features as before. - Refactor completely ETH app token page into accounts page using MUI components. - Update materialized view in peristence plugin ethereum schema. - Use hyperledger favicon from local files and not from the URL. - Remove files and components that are not used anymore. - Remove unnecessary package dependencies. Depends on hyperledger-cacti#3237 Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
This updates the versions in the discounted-asset-trade example to ensure compatibility and proper functionality. The Fabric version was upgraded from 2.4.4 to 2.5.6 as the internal image being used required v2_5 capability. Additionally, as per the Hyperledger Fabric documentation (https://hyperledger-fabric.readthedocs.io/en/release-2.5/prereqs.html), Go version 1.22.4 is needed for the example to work in its entirety. Signed-off-by: Rajat Sharma <rajat16.sharma@ril.com>
1. This allows the API clients to specify a class name from which the backend will retrieve the JVM Class<?> object. 2. It is very simple under the hood it just uses `Class.forName(x)` 3. It is needed to be able to do this because when passing in flow parameters sometimes the arguments are Class<?> objects and so this was a feature gap. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. These functions are used so more easily construct the JSON representation of JVM objects (references and primitive values) that we need to define when interacting with the Corda JVM connector (which is used for Corda v4 ledgers) 2. This is not a comprehensive set but more like a trailblazing initial implementation to showcase how to create and use these factory functions. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The depcheck tool we use have not correctly discovered some of the
missing dependencies that we have because it only verifies that the
imported dependency is present SOMEwhere in the package.json file, not that
it is specifically present in the production dependencies section which
leads to crashes and broken packages due to the API server not installing
dev dependencies when instantiating a plugin and therefore missing a few
of the dependencies that are otherwise very much needed at runtime in
production.
2. The solution to the problem was to implement our own typescript parsing
with babel and then double check the work of depcheck to make sure that
the dependencies that it marks as "no issues" are actually OK and have no
issues.
3. The hardest edge case was type imports e.g. `import type { Express } from "express";`
because the import was there, but we did not actually need that dependency
in the production dependencies as long as ALL of the imports to it in the
given package were type imports. To robustly verify this being the case or not
we had to pull out the big guns and parse all the typescript code per package
to make sure that we've looked at every single import of the dependency in
question at every single code file of the package in question.
Depends on hyperledger-cacti#3345
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. Upgrading the images that were being used made it so that now the test is no longer flaky/broken (or at least that's what a series of executions of it made it looked like on my local machine) 2. Based on the above it might be worthwhile to put this test back into the ones that are running (previously it was marked to be skipped). 3. We should keep an eye on it to make sure it's not flaky on the CI either (which has resources much more constrained than my local development machine) Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. Brings in size and performance improvements. 2. Also adds support for some new features such as Ecmascript setters 3. Also upgraded typedoc project-wide so that its peer dependency constraints aren't failing the build due to the newer typescript version. https://www.infoworld.com/article/3715246/typescript-adds-support-for-ecmascripts-set-methods.html Fixes hyperledger-cacti#3326 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. We were only exporting the API client and the related data model type definitions for NodeJS builds but not for the web. 2. This made it so that you couldn't import/use the Besu API client from a front-end application such as Angular or React. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Scorecard found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Requirements
upstream/mainbranch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.-sflag when usinggit commitcommand. You may refer to this link for more information.Character Limit
A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.