Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 1.7.19 #1237

Merged
merged 60 commits into from
Dec 4, 2024
Merged

Release 1.7.19 #1237

merged 60 commits into from
Dec 4, 2024

Conversation

TheLastCicada
Copy link
Contributor

No description provided.

TheLastCicada and others added 30 commits October 18, 2024 11:39
@TheLastCicada
docs: more clarity about static IP addresses
2bb5f68
@ChiaAutomation
chore: Updating npm dev dependencies
f14e3f6
@TheLastCicada
Merge pull request #1199 from Chia-Network/s3-http-docs
fd97043 
docs: more clarity about static IP addresses
@TheLastCicada
docs: various README fixes
8b29d5b
@TheLastCicada
Merge pull request #1200 from Chia-Network/readme-hodge-podge
7580de9 
docs: various README fixes
@TheLastCicada
docs: fix readme typos and numbering problems
1ab3363
@TheLastCicada
Merge pull request #1203 from Chia-Network/readme-fixes-102224
78c4b95 
docs: fix readme typos and numbering problems
@wwills2
feat: mirror check task automatically adds missing governance mirrors
80986ab
@wwills2
feat: mirror check adds governance mirrors if non-governance instance
7213449
@wwills2
feat: mirror check adds governance mirrors if non-governance instance
7fac2c7
@wwills2
feat: mirror check adds governance mirrors if non-governance instance
7270d3b
@wwills2
Merge remote-tracking branch 'origin/auto-add-governance-mirrors' int…
d62eb1f 
…o auto-add-governance-mirrors

# Conflicts:
#	src/tasks/mirror-check.js
@TheLastCicada
Merge pull request #1211 from Chia-Network/auto-add-governance-mirrors
d82f582 
feat: mirror check task automatically adds missing governance mirrors
@TheLastCicada
chore: version bump
cd293d1
@TheLastCicada
Merge pull request #1212 from Chia-Network/1719
4bd8e9c 
chore: version bump
@TheLastCicada
ci: check for secrets access to allow dependabot to build unsigned bi…
e39445b 
…naries
@TheLastCicada
Merge pull request #1213 from Chia-Network/ci-check-for-secrets-access
5d881c9 
ci: check for secrets access to allow dependabot to build unsigned bi…
@TheLastCicada
ci: mac signing job reorg
14df9c7
@TheLastCicada
Merge pull request #1214 from Chia-Network/ci-check-for-secrets-access
9773b8a 
ci: mac signing job reorg
@dependabot
build(deps): bump actions/checkout from 3 to 4
fe7d0c9 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/upload-artifact from 3 to 4
b289950 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/setup-node from 3 to 4
ce1521d 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump Apple-Actions/import-codesign-certs from 1 to 3
f0517c6 
Bumps [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) from 1 to 3.
- [Release notes](https://github.com/apple-actions/import-codesign-certs/releases)
- [Commits](Apple-Actions/import-codesign-certs@v1...v3)

---
updated-dependencies:
- dependency-name: Apple-Actions/import-codesign-certs
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump softprops/action-gh-release from 0.1.15 to 2.0.9
a66c2ee 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 0.1.15 to 2.0.9.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v0.1.15...v2.0.9)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@TheLastCicada
Merge pull request #1086 from Chia-Network/dependabot/github_actions/…
207dfee 
…actions/checkout-4

build(deps): bump actions/checkout from 3 to 4
@dependabot
build(deps): bump actions/download-artifact from 3 to 4
9ff5488 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/cache from 3 to 4
52f5507 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/setup-qemu-action from 2 to 3
aaca8e1 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@TheLastCicada
Merge pull request #1085 from Chia-Network/dependabot/github_actions/…
975d48f 
…actions/setup-node-4

build(deps): bump actions/setup-node from 3 to 4
@TheLastCicada
Merge pull request #1083 from Chia-Network/dependabot/github_actions/…
d8d43f6 
…Apple-Actions/import-codesign-certs-3

build(deps): bump Apple-Actions/import-codesign-certs from 1 to 3
TheLastCicada and others added 25 commits November 2, 2024 09:54
@TheLastCicada
Merge pull request #1216 from Chia-Network/update-deps-11-1-24
d679516 
chore: dependency updates
@dependabot
build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0
dcab9e9 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.1.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v2.0.9...v2.1.0)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@wwills2
chore: update rpc documentation
91c1645
@wwills2
feat: sqlite db locking mitigation via organizations.model.js and aud…
b489859 
…it.model.js accessing mutex
@TheLastCicada
Merge pull request #1088 from Chia-Network/dependabot/github_actions/…
6a06588 
…actions/upload-artifact-4

build(deps): bump actions/upload-artifact from 3 to 4
@TheLastCicada
Merge pull request #1082 from Chia-Network/dependabot/github_actions/…
f4f00d2 
…actions/download-artifact-4

build(deps): bump actions/download-artifact from 3 to 4
@TheLastCicada
Merge pull request #1223 from Chia-Network/dependabot/github_actions/…
0a5ce70 
…softprops/action-gh-release-2.1.0

build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0
@dependabot
build(deps-dev): bump @yao-pkg/pkg from 5.16.1 to 6.1.1
e1f59d4 
Bumps [@yao-pkg/pkg](https://github.com/yao-pkg/pkg) from 5.16.1 to 6.1.1.
- [Release notes](https://github.com/yao-pkg/pkg/releases)
- [Changelog](https://github.com/yao-pkg/pkg/blob/main/CHANGELOG.md)
- [Commits](yao-pkg/pkg@v5.16.1...v6.1.1)

---
updated-dependencies:
- dependency-name: "@yao-pkg/pkg"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@wwills2
Merge pull request #1224 from Chia-Network/audit-and-organization-db-…
23a245e 
…locking-mitigation

feat: sqlite db locking mitigation
@wwills2
chore: project doc update complete
8e50ede 
chore: unit doc update complete
chore: label/issuance doc update complete
@wwills2
chore: update staging documentation
5483bee 
chore: update audit documentation
chore: document governance resource
chore: document filestore resource
@wwills2
feat: updated org model and sync registries to prevent locking organi…
a3f33f7 
…zation table during audit sync
@wwills2
fix: failing tests
debad53
@wwills2
Merge pull request #1230 from Chia-Network/audit-and-organization-db-…
db5cc79 
…locking-mitigation-v2

feat: updated org model and sync registries to prevent locking organi…
@wwills2
chore: address documentation comments
5179845
@wwills2
Merge branch 'develop' into documentation-updates
541f862
@wwills2
fix: adjust test expected messages for clarified RPC responses
13cd876
@wwills2
Merge remote-tracking branch 'origin/documentation-updates' into docu…
5e3246d 
…mentation-updates
@wwills2
chore: added additional staging resources to doc glossary
c5c0b00
@TheLastCicada
Merge pull request #1228 from Chia-Network/dependabot/npm_and_yarn/ya…
9dbbc22 
…o-pkg/pkg-6.1.1

build(deps-dev): bump @yao-pkg/pkg from 5.16.1 to 6.1.1
@wwills2
Merge branch 'develop' into documentation-updates
1219647
@wwills2
Merge pull request #1229 from Chia-Network/documentation-updates
1d16f7f 
Documentation updates
@wwills2
fix: organization meta sync task hanging
b735808
@wwills2
fix: restrictive json parser limit. increased to 5mb
bd583db
@TheLastCicada
Merge pull request #1236 from Chia-Network/fix-hanging-org-meta-sync
c234b0e 
fix: organization meta sync task hanging
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/cli@7.25.9 Transitive: environment, eval, filesystem, network, shell +36 2.09 MB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/core@7.26.0 environment, filesystem, unsafe Transitive: shell +37 11.2 MB nicolo-ribaudo
npm/@babel/eslint-parser@7.25.9 unsafe +5 293 kB nicolo-ribaudo
npm/@babel/plugin-syntax-import-attributes@7.26.0 None +1 18.3 kB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/preset-env@7.26.0 Transitive: environment, filesystem, shell, unsafe +128 13.9 MB existentialism, hzoo, jlhwung, ...1 more
npm/@babel/register@7.25.9 Transitive: filesystem, unsafe +15 1.06 MB existentialism, hzoo, jlhwung, ...1 more
npm/@eslint/js@9.14.0 None 0 14.6 kB eslintbot
npm/@yao-pkg/pkg@6.1.1 environment, filesystem, network, shell, unsafe Transitive: eval +133 14.9 MB roberts_lando
npm/chai-http@5.1.1 network Transitive: environment, eval, filesystem +44 2 MB chaijs
npm/chai@5.1.2 None +5 625 kB chaijs
npm/eslint@9.13.0 environment Transitive: filesystem, shell, unsafe +73 9.97 MB eslintbot
npm/express@4.21.1 environment, filesystem, network Transitive: eval, unsafe +57 1.62 MB ulisesgascon
npm/globals@15.11.0 None 0 176 kB sindresorhus
npm/mocha@10.8.2 environment, eval, filesystem +57 4.23 MB joshuakgoldberg, uzlopak, voxpelli
npm/sequelize@6.37.5 filesystem Transitive: environment +18 13.9 MB sdepold
npm/sinon@19.0.2 Transitive: environment, eval +12 7.96 MB cjohansen, fatso83, mantoni, ...1 more
npm/socket.io-client@4.8.1 Transitive: environment, filesystem, network, shell +8 2.62 MB darrachequesne
npm/socket.io@4.8.1 filesystem, network Transitive: environment +18 4.61 MB darrachequesne
npm/winston@3.15.0 Transitive: environment +38 2.45 MB dabh

🚮 Removed packages: npm/@babel/cli@7.25.6, npm/@babel/core@7.25.2, npm/@babel/eslint-parser@7.25.1, npm/@babel/plugin-syntax-import-attributes@7.25.6, npm/@babel/preset-env@7.25.4, npm/@babel/register@7.24.6, npm/@eslint/js@9.10.0, npm/@yao-pkg/pkg@5.14.2, npm/chai-http@5.0.0, npm/chai@5.1.1, npm/eslint@9.10.0, npm/express@4.21.0, npm/globals@15.9.0, npm/mocha@10.7.3, npm/sequelize@6.37.3, npm/sinon@18.0.1, npm/socket.io-client@4.7.5, npm/socket.io@4.7.5, npm/winston@3.14.2

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
AI-detected potential code anomaly npm/@yao-pkg/pkg@6.1.1
  • Notes: The code involves dynamically executing JavaScript code using the vm.Script module and managing child processes to handle this execution. This approach is inherently risky as it allows for arbitrary code execution and has potential security implications if the input data is not properly sanitized. However, there are no explicit signs of malicious intent such as data theft or system damage. The main concerns are related to the potential misuse of dynamic code execution and process management, which could be exploited in a supply chain attack scenario.
  • Confidence: 0.80
  • Severity: 0.65
 🚫

View full report↗︎

Next steps

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@yao-pkg/pkg@6.1.1

@TheLastCicada
Copy link
Contributor Author

@SocketSecurity ignore npm/@yao-pkg/pkg@6.1.1

@TheLastCicada TheLastCicada merged commit 17d1fe4 into main Dec 4, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wwills2 wwills2 wwills2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TheLastCicada @wwills2 @ChiaAutomation