Skip to content

master -> Flyover 2.1.1#618

Merged
Luisfc68 merged 24 commits intoflyover-2.1.1from
master
Jan 30, 2025
Merged

master -> Flyover 2.1.1#618
Luisfc68 merged 24 commits intoflyover-2.1.1from
master

Conversation

@Luisfc68
Copy link
Copy Markdown
Collaborator

@Luisfc68 Luisfc68 commented Jan 29, 2025
edited
Loading

What

Sync dependabot updates

Note

The e2e check is failing because this branch is pointing to the wrong LBC branch, but the flyover-2.1.1 is pointing to the correct one. We need a task to update the local scripts to use the hardhat version of the LBC

Luisfc68 and others added 24 commits November 12, 2024 17:45
@Luisfc68
Merge pull request #557 from rsksmart/flyover-2.0.2
76f79d9 
Flyover 2.0.2
@Luisfc68
Merge pull request #565 from rsksmart/Stable-Test
e8b33ef 
Flyover 2.0.2 - Stable-Test -> master
@dependabot
chore(deps): bump actions/checkout from 4.2.1 to 4.2.2
d7886d0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@eef6144...11bd719)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
[SEC]fix:code-scanning-alert-87
a1d6054
@dependabot
chore(deps): bump actions/dependency-review-action from 4.3.3 to 4.5.0
44d97e3 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.3 to 4.5.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@72eb03d...3b139cf)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@Luisfc68
Merge pull request #572 from rsksmart/djeronymo/code-scanning-alert-87
e51b6b0 
[SEC] fix:code-scanning-alert-87
@Luisfc68
Merge pull request #588 from rsksmart/master
3a31d35 
Sync dependency update
@Luisfc68
Merge branch 'QA-Test' into stable-test-sync
5d526e5
@Luisfc68
Merge pull request #590 from rsksmart/stable-test-sync
e99920c 
Sync dependency update
@Luisfc68
Merge pull request #591 from rsksmart/QA-Test
8a1747d 
Qa test -> Stable-Test
@dependabot
chore(deps): bump github/codeql-action from 2.26.0 to 3.28.1
7c6c635 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.26.0 to 3.28.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2.26.0...b6a472f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump golangci/golangci-lint-action from 4.0.1 to 6.2.0
230a6fd 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.1 to 6.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@d6238b0...ec5d184)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@Luisfc68
Merge pull request #601 from rsksmart/dependabot/github_actions/golan…
960cf67 
…gci/golangci-lint-action-6.2.0

chore(deps): bump golangci/golangci-lint-action from 4.0.1 to 6.2.0
@bernacodesido
Merge branch 'master' into dependabot/github_actions/github/codeql-ac…
1392e93 
…tion-3.28.1
@bernacodesido
Merge branch 'master' into dependabot/github_actions/actions/dependen…
befafa4 
…cy-review-action-4.5.0
@bernacodesido
Merge branch 'master' into dependabot/github_actions/actions/checkout…
7fb56c9 
…-4.2.2
@Luisfc68
Merge pull request #599 from rsksmart/dependabot/github_actions/githu…
8b62079 
…b/codeql-action-3.28.1

chore(deps): bump github/codeql-action from 2.26.0 to 3.28.1
@bernacodesido
Merge branch 'master' into dependabot/github_actions/actions/checkout…
895e195 
…-4.2.2
@Luisfc68
Merge branch 'master' into dependabot/github_actions/actions/dependen…
7b79f5d 
…cy-review-action-4.5.0
@Luisfc68
Merge pull request #573 from rsksmart/dependabot/github_actions/actio…
b396b0b 
…ns/dependency-review-action-4.5.0

chore(deps): bump actions/dependency-review-action from 4.3.3 to 4.5.0
@bernacodesido
Merge branch 'master' into dependabot/github_actions/actions/checkout…
5fc263d 
…-4.2.2
@Luisfc68
Merge pull request #547 from rsksmart/dependabot/github_actions/actio…
1613e26 
…ns/checkout-4.2.2

chore(deps): bump actions/checkout from 4.2.1 to 4.2.2
@Luisfc68
Merge branch 'master' into Stable-Test
c638de7
@Luisfc68
Merge pull request #611 from rsksmart/Stable-Test
f7d0887 
Stable test -> master
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Jan 29, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 29, 2025

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

go.mod

PackageVersionLicenseIssue Type
google.golang.org/protobuf1.35.1NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/golangci/golangci-lint-action ec5d18412c0aeab7936cb16880d708ba2a64e1ae 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 7Found 3/4 approved changesets -- score normalized to 7
Maintained🟢 1025 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/github/codeql-action/analyze b6a472f63d85b9c78a3ac5e89422239fc15e9b3c UnknownUnknown
actions/github/codeql-action/autobuild b6a472f63d85b9c78a3ac5e89422239fc15e9b3c UnknownUnknown
actions/github/codeql-action/init b6a472f63d85b9c78a3ac5e89422239fc15e9b3c UnknownUnknown
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/dependency-review-action 3b139cfc5fae8b618d3eae3675e383bb1769c019 🟢 7.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1025 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/checkout 11bd71901bbe5b1630ceea73d27597364c9af683 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif b6a472f63d85b9c78a3ac5e89422239fc15e9b3c UnknownUnknown
gomod/google.golang.org/protobuf 1.35.1 UnknownUnknown

Scanned Files

  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/deploy-dev.yml
  • .github/workflows/scorecard.yml
  • go.mod

@Luisfc68 Luisfc68 marked this pull request as ready for review January 29, 2025 19:23
@Luisfc68 Luisfc68 merged commit 3e0ceb5 into flyover-2.1.1 Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndresQuijano AndresQuijano AndresQuijano approved these changes

@gsoares85 gsoares85 Awaiting requested review from gsoares85

@Dominikkq Dominikkq Awaiting requested review from Dominikkq

+1 more reviewer

@MaximStanciu8 MaximStanciu8 MaximStanciu8 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Luisfc68 @github-advanced-security @AndresQuijano @MaximStanciu8 @bernacodesido