From f50af4c400b026c71bf3e7e07dbe62a89d97033e Mon Sep 17 00:00:00 2001 From: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com> Date: Mon, 7 Aug 2023 17:44:31 -0400 Subject: [PATCH 01/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b51132e1a1..d7e54f714d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,4 @@ updates: directory: / schedule: interval: monthly - target-branch: "development" + target-branch: "development" From 0a739464f26fe59042e042aba45cc3672aab3e36 Mon Sep 17 00:00:00 2001 From: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:44:43 -0400 Subject: [PATCH 02/10] Update LICENSE --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 51a2e2a483..2faeeb6f5f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,5 @@ Copyright 2020 ZeroEx Labs - + Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at From f7c844840da1e6d21d73b3eeba9d4d14cc69069d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Nov 2023 16:57:30 +0000 Subject: [PATCH 03/10] Bump word-wrap from 1.2.3 to 1.2.5 Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 69239cd9bb..1a834d1985 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13250,9 +13250,9 @@ winston@2.x: stack-trace "0.0.x" word-wrap@^1.2.3, word-wrap@~1.2.3: - version "1.2.3" - resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" - integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + version "1.2.5" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" + integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== wordwrap@^1.0.0: version "1.0.0" From e344498e090288909ef6a4fe31b925655bbb21ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Nov 2023 17:05:40 +0000 Subject: [PATCH 04/10] Bump @openzeppelin/contracts from 4.8.1 to 4.9.3 Bumps [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) from 4.8.1 to 4.9.3. - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md) - [Commits](https://github.com/OpenZeppelin/openzeppelin-contracts/compare/v4.8.1...v4.9.3) --- updated-dependencies: - dependency-name: "@openzeppelin/contracts" dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 69239cd9bb..3ce9176b2a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2886,9 +2886,9 @@ "@octokit/openapi-types" "^12.11.0" "@openzeppelin/contracts@^4.8.1": - version "4.8.1" - resolved "https://registry.yarnpkg.com/@openzeppelin/contracts/-/contracts-4.8.1.tgz#709cfc4bbb3ca9f4460d60101f15dac6b7a2d5e4" - integrity sha512-xQ6eUZl+RDyb/FiZe1h+U7qr/f4p/SrTSQcTPH2bjur3C5DbuW/zFgCU/b1P/xcIaEqJep+9ju4xDRi3rmChdQ== + version "4.9.3" + resolved "https://registry.yarnpkg.com/@openzeppelin/contracts/-/contracts-4.9.3.tgz#00d7a8cf35a475b160b3f0293a6403c511099364" + integrity sha512-He3LieZ1pP2TNt5JbkPA4PNT9WC3gOTOlDcFGJW4Le4QKqwmiNJCRt44APfxMxvq7OugU/cqYuPcSBzOw38DAg== "@sindresorhus/slugify@^0.8.0": version "0.8.0" From d2f51d8eb37aff81e4c22e1358e06aba91b0f435 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Nov 2023 17:39:20 +0000 Subject: [PATCH 05/10] Bump get-func-name from 2.0.0 to 2.0.2 Bumps [get-func-name](https://github.com/chaijs/get-func-name) from 2.0.0 to 2.0.2. - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) --- updated-dependencies: - dependency-name: get-func-name dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 69239cd9bb..24c4aa0d4b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7165,9 +7165,9 @@ get-caller-file@^2.0.1, get-caller-file@^2.0.5: integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== get-func-name@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.0.tgz#ead774abee72e20409433a066366023dd6887a41" - integrity sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig== + version "2.0.2" + resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.2.tgz#0d7cf20cd13fda808669ffa88f4ffc7a3943fc41" + integrity sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ== get-intrinsic@^1.0.2, get-intrinsic@^1.1.0, get-intrinsic@^1.1.1: version "1.1.2" From f2f7cf0156f2c6f41d297ac1127e510cecab4561 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 06:05:42 +0000 Subject: [PATCH 06/10] Bump follow-redirects from 1.15.1 to 1.15.4 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.4. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.1...v1.15.4) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 69239cd9bb..8d1926fa09 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6978,9 +6978,9 @@ flush-write-stream@^1.0.0: readable-stream "^2.3.6" follow-redirects@^1.12.1: - version "1.15.1" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5" - integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA== + version "1.15.4" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.4.tgz#cdc7d308bf6493126b17ea2191ea0ccf3e535adf" + integrity sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw== for-each@^0.3.3, for-each@~0.3.3: version "0.3.3" From b0ddacf934384d78501499cafb3be0b3560ed07b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 07:19:25 +0000 Subject: [PATCH 07/10] Bump yaml from 2.2.1 to 2.3.4 Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.1 to 2.3.4. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v2.2.1...v2.3.4) --- updated-dependencies: - dependency-name: yaml dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 911aa228ab..1b69959058 100644 --- a/yarn.lock +++ b/yarn.lock @@ -13440,9 +13440,9 @@ yallist@^4.0.0: integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== yaml@^2.1.3: - version "2.2.1" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.2.1.tgz#3014bf0482dcd15147aa8e56109ce8632cd60ce4" - integrity sha512-e0WHiYql7+9wr4cWMx3TVQrNwejKaEe7/rHNmQmqRjazfOP5W8PB6Jpebb5o6fIapbz9o9+2ipcaTM2ZwDI6lw== + version "2.3.4" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.3.4.tgz#53fc1d514be80aabf386dc6001eb29bf3b7523b2" + integrity sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA== yargs-parser@13.1.2, yargs-parser@^13.1.0, yargs-parser@^13.1.2: version "13.1.2" From 8378ff6a859a70ffba830957776b5500458db39e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 07:22:05 +0000 Subject: [PATCH 08/10] Bump decode-uri-component from 0.2.0 to 0.2.2 Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 1e0c5169a2..1ea7cdd716 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5511,9 +5511,9 @@ decimal.js@^10.2.0: integrity sha512-Nv6ENEzyPQ6AItkGwLE2PGKinZZ9g59vSh2BeH6NqPu0OTKZ5ruJsVqh/orbAnqXc9pBbgXAIrc2EyaCj8NpGg== decode-uri-component@^0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545" - integrity sha512-hjf+xovcEn31w/EUYdTXQh/8smFL/dzYjohQGEIgjyNavaJfBY2p5F527Bo1VPATxv0VYTUC2bOcXvqFwk78Og== + version "0.2.2" + resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9" + integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ== decompress-response@^4.2.0: version "4.2.1" From fd2653669b5dddfafc8c2142fe708c31bd3c7ba0 Mon Sep 17 00:00:00 2001 From: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com> Date: Mon, 10 Jun 2024 21:18:31 -0400 Subject: [PATCH 09/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 10adc3e533..0f865d77cf 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ --- -[0x][website-url] is an open protocol that facilitates trustless, low friction exchange of Ethereum-based assets. For more information on how it works, check out the [0x protocol specification](https://protocol.0x.org/). +[0x][website-url] is an open protocol that facilitates trustless, low friction exchange of Ethereum-based assets for the GSC20 blockchain. For more information on how it works, check out the [0x protocol specification](https://protocol.0x.org/). This repository is a monorepo including the 0x protocol smart contracts and numerous developer tools. Each public sub-package is independently published to NPM. From 5b3ea8c75540fe69893b617d8faab773127e7c2d Mon Sep 17 00:00:00 2001 From: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com> Date: Wed, 19 Jun 2024 19:56:28 -0400 Subject: [PATCH 10/10] Create action.yml Signed-off-by: GAEAlimited <69316708+GAEAlimited@users.noreply.github.com> --- .github/workflows/action.yml | 58 ++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/action.yml diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml new file mode 100644 index 0000000000..95443daa94 --- /dev/null +++ b/.github/workflows/action.yml @@ -0,0 +1,58 @@ +name: 'Attest Build Provenance' +description: 'Generate provenance attestations for build artifacts' +author: 'GitHub' +branding: + color: 'blue' + icon: 'lock' + +inputs: + subject-path: + description: > + Path to the artifact serving as the subject of the attestation. Must + specify exactly one of "subject-path" or "subject-digest". May contain a + glob pattern or list of paths (total subject count cannot exceed 2500). + required: false + subject-digest: + description: > + Digest of the subject for which provenance will be generated. Must be in + the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify + exactly one of "subject-path" or "subject-digest". + required: false + subject-name: + description: > + Subject name as it should appear in the provenance statement. Required + unless "subject-path" is specified, in which case it will be inferred from + the path. + push-to-registry: + description: > + Whether to push the provenance statement to the image registry. Requires + that the "subject-name" parameter specify the fully-qualified image name + and that the "subject-digest" parameter be specified. Defaults to false. + default: false + required: false + github-token: + description: > + The GitHub token used to make authenticated API requests. + default: ${{ github.token }} + required: false + +outputs: + bundle-path: + description: 'The path to the file containing the attestation bundle(s).' + value: ${{ steps.attest.outputs.bundle-path }} + +runs: + using: 'composite' + steps: + - uses: actions/attest-build-provenance/predicate@46e4ff8b824dc6ae13c8f92c8ba69907e2d39b4e # predicate@1.1.0 + id: generate-build-provenance-predicate + - uses: actions/attest@8afbcf6e5e31a04f9ef7ca7ee40a0d91e263da5a # v1.3.2 + id: attest + with: + subject-path: ${{ inputs.subject-path }} + subject-digest: ${{ inputs.subject-digest }} + subject-name: ${{ inputs.subject-name }} + predicate-type: ${{ steps.generate-build-provenance-predicate.outputs.predicate-type }} + predicate: ${{ steps.generate-build-provenance-predicate.outputs.predicate }} + push-to-registry: ${{ inputs.push-to-registry }} + github-token: ${{ inputs.github-token }}