-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(examples/cbdc): upgrade web3 from v1.5.2 to v1.10.1 #3154
Conversation
5cca7e8
to
381bbf1
Compare
381bbf1
to
575066c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@petermetz Something's wrong with dependabot, it matched newer packages and propsoed to downgrade them :/ Thanks @izuru0 for noticing it
@outSH Whoah. This is how the takeover starts. :-) I'll edit the PR |
├─ @hyperledger/cactus-example-cbdc-bridging-backend@workspace:examples/cactus-example-cbdc-bridging-backend
│ ├─ @hyperledger/cactus-api-client@workspace:packages/cactus-api-client (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-cmd-api-server@workspace:packages/cactus-cmd-api-server (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-besu@workspace:packages/cactus-plugin-ledger-connector-besu (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-fabric@workspace:packages/cactus-plugin-ledger-connector-fabric (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-ledger-connector-xdai@workspace:packages/cactus-plugin-ledger-connector-xdai (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-object-store-ipfs@workspace:extensions/cactus-plugin-object-store-ipfs (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-plugin-satp-hermes@workspace:packages/cactus-plugin-satp-hermes (via npm:2.0.0-alpha.2)
│ ├─ @hyperledger/cactus-test-tooling@workspace:packages/cactus-test-tooling (via npm:2.0.0-alpha.2)
│ ├─ web3-core@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-eth-iban@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-method@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-subscriptions@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ │ ├─ web3-core-requestmanager@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-providers-http@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ ├─ web3-providers-ipc@npm:1.5.2 (via npm:1.5.2)
│ │ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-providers-ws@npm:1.5.2 (via npm:1.5.2)
│ │ │ └─ web3-core-helpers@npm:1.5.2 (via npm:1.5.2)
│ │ └─ web3-utils@npm:1.5.2 (via npm:1.5.2)
│ ├─ web3-utils@npm:1.5.2 (via npm:1.5.2) |
575066c
to
ecd2fbd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thanks
ecd2fbd
to
25df562
Compare
1. This had to be done because of security vulnerabilities in the old version. 2. Originally the robots have attempted to send a pull request with the same change but it somehow went haywire and upgraded dozens of other versions in dozens of other packcages not the intended one... 3. So this was manually created to address that bug in GitHub's dependabot. 4. The original commit message did not mention which vulnerabilities are being fixed by it and I also cannot remember the specific ones but the older versions of web3 were definitely being affected and therefore it is known to be a good idea what the bot has proposed even though it couldn't explain itself. Signed-off-by: Peter Somogyvari <[email protected]>
25df562
to
4f2c6af
Compare
same change but it somehow went haywire and upgraded dozens of other
versions in dozens of other packcages not the intended one...
dependabot.
are being fixed by it and I also cannot remember the specific ones but
the older versions of web3 were definitely being affected and therefore
it is known to be a good idea what the bot has proposed even though it
couldn't explain itself.
Signed-off-by: Peter Somogyvari [email protected]