Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore:Patches @openzeppelin/contracts@3.4.1-solc-0.7-2 for 3.4.2-solc-0.7 #2525

Closed
wants to merge 1 commit into from
Closed

chore:Patches @openzeppelin/contracts@3.4.1-solc-0.7-2 for 3.4.2-solc-0.7 #2525

wants to merge 1 commit into from

Conversation

jwhardwick
Copy link
Contributor

@jwhardwick jwhardwick commented Feb 13, 2025
edited
Loading

https://immutable.atlassian.net/browse/ENG-901

Hi👋, please prefix this PR's title with:

  • breaking-change: if you have introduced modification that necessitates immediate adjustments by this SDK's users to their applications, clients, or integrations to avert disruptions to existing features or functionalities.
  • feat:, fix:, refactor:, docs:, or chore:.

Summary

  • play repo has a critical security vulnerability from @imtbl/sdk
  • it was marked as auto fixed here a few months ago, the package (@openzeppelin/contracts@3.4.1-solc-0.7-2) is still a dependancy of this repo though so not sure why it was marked as fixed
  • this was fixed a while ago 6518456, however it appears to have been removed from resolutions since then

I've added it to the resolutions entry.

Alternatively it can also be resolved using yarn set resolution @openzeppelin/contracts@npm:3.4.1-solc-0.7-2 npm:3.4.2-solc-0.7, not sure which is preferable.

@jwhardwick jwhardwick requested a review from a team as a code owner February 13, 2025 02:41
@jwhardwick jwhardwick changed the title Patches @openzeppelin/contracts@3.4.1-solc-0.7-2 for 3.4.2-solc-0.7 t… chore:Patches @openzeppelin/contracts@3.4.1-solc-0.7-2 for 3.4.2-solc-0.7 Feb 13, 2025
@nx-cloud Nx Cloud
Copy link

nx-cloud bot commented Feb 13, 2025
edited
Loading

View your CI Pipeline Execution ↗ for commit e2b958f.

Command Status Duration Result
nx run-many --target=build --projects=@imtbl/sdk ✅ Succeeded 7s View ↗

☁️ Nx Cloud last updated this comment at 2025-02-13 03:16:53 UTC

@jwhardwick jwhardwick marked this pull request as draft February 13, 2025 03:09
@jwhardwick jwhardwick closed this Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imx-mikhala imx-mikhala imx-mikhala approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jwhardwick @imx-mikhala