Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: pin all node dependencies + update @solana/web3.js to safe version #832

Merged
merged 2 commits into from
Dec 4, 2024
Merged

fix: pin all node dependencies + update @solana/web3.js to safe version #832

merged 2 commits into from
Dec 4, 2024

Conversation

cygaar
Copy link
Collaborator

@cygaar cygaar commented Dec 3, 2024
edited
Loading

Relates to:

Going forward, all package dependencies must have a pinned version. This will help us prevent supply chain attacks like the one we saw here: https://x.com/anza_xyz/status/1864085236432134264.

This PR also updates the @solana/web3.js package to the latest safe version which doesn't include exploits.

Risks

Low

Background

What does this PR do?

What kind of change is this?

Documentation changes needed?

Testing

Where should a reviewer start?

Detailed testing steps

shakkernerd
shakkernerd previously approved these changes Dec 3, 2024
View reviewed changes
@cygaar cygaar changed the title fix: pin all node dependencies fix: pin all node dependencies + update @solana/web3.js to safe version Dec 4, 2024
shakkernerd
shakkernerd approved these changes Dec 4, 2024
View reviewed changes
Copy link
Member

@shakkernerd shakkernerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For context on @solana/web3.js: https://github.com/solana-labs/solana-web3.js/releases/tag/v1.95.8

@shakkernerd shakkernerd merged commit 9ff30c5 into elizaOS:main Dec 4, 2024
5 checks passed
@cygaar cygaar deleted the pin_package_versions branch December 4, 2024 01:06
dsldsl pushed a commit to dsldsl/eliza that referenced this pull request Dec 7, 2024
@shakkernerd
Merge pull request elizaOS#832 from cygaar/pin_package_versions
16f9cfc 
fix: pin all node dependencies + update @solana/web3.js to safe version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shakkernerd shakkernerd shakkernerd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cygaar @shakkernerd