Skip to content

QA-Test -> Stable-Test - v2.1.2#684

Merged
Luisfc68 merged 94 commits intoStable-Testfrom
QA-Test
Apr 25, 2025
Merged

QA-Test -> Stable-Test - v2.1.2#684
Luisfc68 merged 94 commits intoStable-Testfrom
QA-Test

Conversation

@Luisfc68
Copy link
Copy Markdown
Collaborator

@Luisfc68 Luisfc68 commented Apr 25, 2025
edited
Loading

v2.1.2 changes sync

Luisfc68 and others added 30 commits October 8, 2024 23:27
@Luisfc68
feat: version endpoint
b964e1f
@Luisfc68
ci: run tests in all PRs
a9cdc45
@Luisfc68
Merge branch 'QA-Test' into feature/GBI-2137
c489e49
@Luisfc68
test: fix test name
0009312
@Luisfc68
Merge pull request #541 from rsksmart/feature/GBI-2137
d5ede3d 
feat: version endpoint
@Luisfc68
fix: order of ranges management ui in general tab
d756873
@Luisfc68
feat: add btc wallet reconnection
fd18e8e
@Luisfc68
Merge pull request #577 from rsksmart/feature/GBI-2152
4803852 
feat: add btc wallet reconnection
@Luisfc68
Merge pull request #575 from rsksmart/bugfix/GBI-2290
a0f2e69 
fix: order of ranges management ui in general tab
@Luisfc68 @AndresQuijano
Refund scripts (#579)
fe91517 
* feat: add script to refund user pegout

* refactor: move scripts common behavior to a separate package

* refactor: rename refund pegout script dir

* feat: add register pegin script

* test: add tests for register pegin script

* feat: refactor refund user pegout script
 - add tests

* fix: address sonarcloud issues of duplicate code

* feat: refactor refund user pegout script to receive a parse function
 - add documentation
 - modify Makefile

* feat: add validation for quote hash in RefundUserPegOut
 - add tests

* fix: sonarcloud issues

* fix: sonar warnings

* refactor: remove duplicated code from refund_user_pegout
 - add usage message in refund_user_pegout

* Update cmd/utils/refund_user_pegout/refund_user_pegout.go

Co-authored-by: Luisfc68 <60527258+Luisfc68@users.noreply.github.com>

---------

Co-authored-by: AndresQuijano <andres.quijano@iovlabs.org>
Co-authored-by: AndresQuijano <66392159+AndresQuijano@users.noreply.github.com>
@Luisfc68
feat: add key conversion script
e9f7b42
@Luisfc68
test: move file name template to constant
4f2eff8
@Luisfc68
test: fix write test file function
c50cc24
@Luisfc68
test: increase timeout
f5b9b5d
@Dominikkq
feat: GBI-2291 | ability to full modify confirmation block ranges
f5772d4
@Dominikkq
fix: whitespace for review
0c5e896
@Luisfc68
feat: update wei to sat conversion (#584)
04d1a25 
* feat: update wei to sat conversion

* fix: update test assertion

* ci: run codeql in every PR
@Dominikkq
fix: feedback | remove unused value & improve indexing
788d1da
@Luisfc68
feat: add quote hash validation inside repository (#586)
a552630
@Luisfc68
ci: run code ql in version branches
665512b
@Luisfc68
ci: change dependency review permissions (#587)
af53e53
@Dominikkq
Merge pull request #582 from rsksmart/feat-GBI-2291
d4856b2 
feat: GBI-2291 | ability to full modify confirmation block ranges
@Dominikkq
feat: split up management file
db2fd11
@Luisfc68
Merge pull request #581 from rsksmart/feature/GBI-2328
2b8bf8f 
feat: add key conversion script
@Dominikkq
Merge pull request #592 from rsksmart/feat-GBI-2370
0d6558d 
feat: split up management file
@Dominikkq
feat: sort blocks to deliver upon saving configuration
b3a0661
@Dominikkq
feat: GBI-2379 & GBI-2378
8c1792e
@Dominikkq
Merge pull request #594 from rsksmart/feat-GBI-2380-sort-entries
7ad71f9 
feat: sort confirmations upon saving configuration
@Dominikkq
Merge branch 'flyover-2.1.1' into feat-GBI-2378&GBI-2379
613324b
@Dominikkq
Update management.js
cb38793
Dominikkq and others added 20 commits February 21, 2025 15:45
@Dominikkq
fix: Force Management API to be enabled in lps-env.sh
c4a8e60
@Dominikkq @Luisfc68
remove white space
d4e1c8d 
Co-authored-by: Luisfc68 <60527258+Luisfc68@users.noreply.github.com>
@Dominikkq
Merge pull request #635 from rsksmart/fix-confirmation-sorting
13d76e8 
fix: confirmation sorting | LPS-UI
@Luisfc68
Merge pull request #629 from rsksmart/fix-GBI-2392
bb3cf7e 
fix: GBI-2392 | Add error messages on local env autoconfiguration
@Luisfc68
Merge pull request #630 from rsksmart/feature/GBI-2333
117e8da 
feat: change pegout liquidity unit in liquidity endpoint
@Luisfc68
Merge branch 'master' into flyover-2.1.1
c997a37
@Luisfc68
chore: update vulnerable packages
454b9e6
@Luisfc68
fix: sed usage to run in pipeline
b979b5d
@Luisfc68
fix: loop in local script
31ec2d8
@Luisfc68
fix: change substitution syntax in local script
40425d7
@Luisfc68
Merge pull request #667 from rsksmart/flyover-2.1.2
4ed5395 
Flyover 2.1.2 -> QA-Test
@Luisfc68
chore: update sed usage in local script
208bec2
@Luisfc68
chore: add codeowners file
cd30b29
@Luisfc68
ci: set shell used in action
469b3cf
@Luisfc68
ci: fix action command syntax
57a4892
@Luisfc68
Merge pull request #675 from rsksmart/local-script-fix
401c38f 
Update sed usage based on OS
@Luisfc68
feat: add memguard purge to main application
d4d75d0
@Luisfc68
feat: add memguard to the utility scripts
2ac5e7b
@Luisfc68
fix: pass error message with textContent in management ui
47b5d29
@Luisfc68
Merge pull request #682 from rsksmart/feature/v2.1.2-sec-feedback
2f134a8 
v2.1.2 RC - Security feedback
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 25, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 8 package(s) with unknown licenses.
See the Details below.

License Issues

docker-compose/monitoring/package.json

PackageVersionLicenseIssue Type
@rsksmart/rsk-monitor^0.1.0NullUnknown License
@types/node^20.11.19NullUnknown License

go.mod

PackageVersionLicenseIssue Type
golang.org/x/crypto0.37.0NullUnknown License
golang.org/x/net0.39.0NullUnknown License
golang.org/x/sync0.13.0NullUnknown License
golang.org/x/sys0.32.0NullUnknown License
golang.org/x/term0.31.0NullUnknown License
golang.org/x/text0.24.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@mempool/mempool.js ^2.3.0 🟢 3.7
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review🟢 5Found 7/12 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 55 existing vulnerabilities detected
npm/@rsksmart/rsk-monitor ^0.1.0 UnknownUnknown
npm/@types/node ^20.11.19 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/ts-node ^10.9.2 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 052 existing vulnerabilities detected
npm/typescript ^5.3.3 🟢 8.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
CI-Tests🟢 929 out of 30 merged PRs checked by a CI test -- score normalized to 9
Contributors🟢 10project has 36 contributing companies or organizations
gomod/github.com/bits-and-blooms/bitset 1.13.0 🟢 7.4
Details
CheckScoreReason
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 7Found 8/11 approved changesets -- score normalized to 7
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
CI-Tests🟢 1010 out of 10 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 17 contributing companies or organizations
gomod/github.com/crate-crypto/go-ipa 0.0.0-20240223125850-b1e8a79f509c 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/ethereum/go-ethereum 1.14.13 🟢 6.7
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 25/30 approved changesets -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 82 existing vulnerabilities detected
gomod/github.com/ethereum/go-verkle 0.1.1-0.20240829091221-dffa7562dbe9 🟢 4.7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 8SAST tool detected but not run on all commits
gomod/github.com/holiman/uint256 1.3.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/supranational/blst 0.3.13 🟢 6.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Maintained🟢 1022 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
SAST🟢 10SAST tool detected: CodeQL
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
gomod/golang.org/x/crypto 0.37.0 UnknownUnknown
gomod/golang.org/x/net 0.39.0 UnknownUnknown
gomod/golang.org/x/sync 0.13.0 UnknownUnknown
gomod/golang.org/x/sys 0.32.0 UnknownUnknown
gomod/golang.org/x/term 0.31.0 UnknownUnknown
gomod/golang.org/x/text 0.24.0 UnknownUnknown

Scanned Files

  • docker-compose/monitoring/package.json
  • go.mod

@Luisfc68 Luisfc68 changed the title QA-Test -> Stable-Test QA-Test -> Stable-Test - v2.1.2 Apr 25, 2025
@Luisfc68 Luisfc68 marked this pull request as ready for review April 25, 2025 12:05
@Luisfc68 Luisfc68 merged commit 596dd78 into Stable-Test Apr 25, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@MaximStanciu8 MaximStanciu8 MaximStanciu8 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Luisfc68 @MaximStanciu8 @Dominikkq @gsoares85 @AndresQuijano