docs(examples/cbdc): upgrade web3 from v1.5.2 to v1.10.1 #3154
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
dependabot
bot
requested review from
RafaelAPB,
petermetz,
takeutak,
izuru0,
jagpreetsinghsasan,
VRamakrishna,
sandeepnRES and
outSH
as code owners
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/web3-utils-1.5.3
branch
from
5cca7e8
to
381bbf1
Compare
outSH
approved these changes
Mar 29, 2024
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/web3-utils-1.5.3
branch
from
381bbf1
to
575066c
Compare
outSH
requested changes
Mar 29, 2024
There was a problem hiding this comment.
@petermetz Something's wrong with dependabot, it matched newer packages and propsoed to downgrade them :/ Thanks @izuru0 for noticing it
@outSH Whoah. This is how the takeover starts. :-) I'll edit the PR |
├─ @hyperledger/cactus-example-cbdc-bridging-backend@workspace:examples/cactus-example-cbdc-bridging-backend
│ ├─ @hyperledger/cactus-api-client@workspace:packages/cactus-api-client (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-cmd-api-server@workspace:packages/cactus-cmd-api-server (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-besu@workspace:packages/cactus-plugin-ledger-connector-besu (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-fabric@workspace:packages/cactus-plugin-ledger-connector-fabric (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-xdai@workspace:packages/cactus-plugin-ledger-connector-xdai (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-object-store-ipfs@workspace:extensions/cactus-plugin-object-store-ipfs (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-satp-hermes@workspace:packages/cactus-plugin-satp-hermes (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-test-tooling@workspace:packages/cactus-test-tooling (via npm:2.0.0-alpha.2)
│ ├─ web3-core@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-eth-iban@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-method@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-subscriptions@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-requestmanager@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-providers-http@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-providers-ipc@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-providers-ws@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ ├─ web3-utils@npm:1.5.2 (via npm:1.5.2) |
petermetz
force-pushed
the
dependabot/npm_and_yarn/web3-utils-1.5.3
branch
from
575066c
to
ecd2fbd
Compare
petermetz
changed the title
outSH
approved these changes
Mar 30, 2024
petermetz
force-pushed
the
dependabot/npm_and_yarn/web3-utils-1.5.3
branch
from
ecd2fbd
to
25df562
Compare
1. This had to be done because of security vulnerabilities in the old version. 2. Originally the robots have attempted to send a pull request with the same change but it somehow went haywire and upgraded dozens of other versions in dozens of other packcages not the intended one... 3. So this was manually created to address that bug in GitHub's dependabot. 4. The original commit message did not mention which vulnerabilities are being fixed by it and I also cannot remember the specific ones but the older versions of web3 were definitely being affected and therefore it is known to be a good idea what the bot has proposed even though it couldn't explain itself. Signed-off-by: Peter Somogyvari <[email protected]>
petermetz
force-pushed
the
dependabot/npm_and_yarn/web3-utils-1.5.3
branch
from
25df562
to
4f2c6af
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
same change but it somehow went haywire and upgraded dozens of other
versions in dozens of other packcages not the intended one...
dependabot.
are being fixed by it and I also cannot remember the specific ones but
the older versions of web3 were definitely being affected and therefore
it is known to be a good idea what the bot has proposed even though it
couldn't explain itself.
Signed-off-by: Peter Somogyvari [email protected]