Skip to content

Commit

Permalink
deps: fix security issues (#114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vbrvk
vbrvk authored Jul 1, 2024
1 parent c1d6715 commit 8734c5c
Show file tree
Hide file tree
Showing 12 changed files with 2,778 additions and 5,533 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/pr.yml → .github/workflows/pr-check-v1.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,24 @@ name: CI

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
cancel-in-progress: ${{ github.ref != 'refs/heads/v1' }}

on:
pull_request:
branches:
- main
- v1

jobs:
setup:
name: Setup
runs-on: ubuntu-20.04

steps:
- name: Load current commit
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}

- name: Setup Node.js
uses: volta-cli/action@v4

Expand Down Expand Up @@ -73,7 +73,7 @@ jobs:

- name: Type check
run: yarn typecheck

tests:
name: Unit tests
needs: setup
Expand Down
40 changes: 40 additions & 0 deletions .github/workflows/pr-check.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: PR validation

on:
pull_request:
branches:
- main

jobs:
check:
name: Lint, Types & Tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 8

- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
cache: pnpm

- name: Install Dependencies
run: pnpm install

- name: Linter
run: pnpm lint

- name: Types
run: pnpm lint:types

- name: Unit tests
run: pnpm test

- name: Security
run: pnpm audit
72 changes: 72 additions & 0 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Publish package

on:
push:
tags:
- v*.*.*
workflow_dispatch:

jobs:
publish-to-npm:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 8

- uses: actions/setup-node@v3
with:
node-version: 18
registry-url: 'https://registry.npmjs.org'
scope: ${{ github.repository_owner }}
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

- name: Publish 🚀
run: pnpm publish --no-git-checks --access=public
working-directory: dist
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

publish-to-github:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 8

- uses: actions/setup-node@v3
with:
node-version: 18
cache: pnpm

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build
run: pnpm build

- name: Auth in GitHub private registry npm
run: |
echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > .npmrc
echo "@1inch:registry=https://npm.pkg.github.com" >> .npmrc
- name: Publish 🚀
run: pnpm publish --no-git-checks
working-directory: dist
74 changes: 74 additions & 0 deletions .github/workflows/release-v1.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Publish package

on:
push:
tags:
- v1.*.*

jobs:
publish-to-npm:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- uses: actions/setup-node@v3
with:
node-version: 18
registry-url: 'https://registry.npmjs.org'
scope: ${{ github.repository_owner }}

- name: Update package.json
run: |
TAG_NAME=${GITHUB_REF/refs\/tags\//}
PACKAGE_VERSION=${TAG_NAME#v}
echo "Updating package.json to version $PACKAGE_VERSION"
cat <<< $(jq -r ".version=\"$PACKAGE_VERSION\"" package.json) > package.json
cat package.json
- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Build
run: yarn build

- name: Publish
run: yarn publish
working-directory: dist
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

publish-to-github:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3

- uses: actions/setup-node@v3
with:
node-version: 18
registry-url: 'https://npm.pkg.github.com'
scope: ${{ github.repository_owner }}

- name: Update package.json
run: |
TAG_NAME=${GITHUB_REF/refs\/tags\//}
PACKAGE_VERSION=${TAG_NAME#v}
echo "Updating package.json to version $PACKAGE_VERSION"
cat <<< $(jq -r ".version=\"$PACKAGE_VERSION\"" package.json) > package.json
cat package.json
- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Build
run: yarn build

- name: Publish
run: yarn publish
working-directory: dist
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
109 changes: 52 additions & 57 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,74 +1,69 @@
name: Publish package
name: Release new version

on:
push:
tags:
- v*.*.*

workflow_dispatch:
inputs:
version:
type: choice
description: Version
options:
- patch
- minor
- major
- prerelease
jobs:
publish-to-npm:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- uses: actions/setup-node@v3
with:
node-version: 18
registry-url: 'https://registry.npmjs.org'
scope: ${{ github.repository_owner }}

- name: Update package.json
run: |
TAG_NAME=${GITHUB_REF/refs\/tags\//}
PACKAGE_VERSION=${TAG_NAME#v}
echo "Updating package.json to version $PACKAGE_VERSION"
cat <<< $(jq -r ".version=\"$PACKAGE_VERSION\"" package.json) > package.json
cat package.json
- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Build
run: yarn build

- name: Publish
run: yarn publish
working-directory: dist
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

publish-to-github:
release:
runs-on: ubuntu-latest
permissions:
contents: read
contents: write
packages: write
actions: write
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
# Needed to make possible changelog generation only from latest tag
with:
fetch-depth: 0
fetch-tags: true

- uses: actions/setup-node@v3
- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: 8

- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
registry-url: 'https://npm.pkg.github.com'
scope: ${{ github.repository_owner }}
cache: pnpm

- name: Install Dev Dependencies
run: pnpm install -D

- name: Update package.json
- name: Bump package.json version
id: version
run: |
TAG_NAME=${GITHUB_REF/refs\/tags\//}
PACKAGE_VERSION=${TAG_NAME#v}
echo "Updating package.json to version $PACKAGE_VERSION"
cat <<< $(jq -r ".version=\"$PACKAGE_VERSION\"" package.json) > package.json
cat package.json
echo "OLD_VERSION=$(pnpm pkg get version | tr -d '"')" >> "$GITHUB_OUTPUT"
pnpm version ${{ github.event.inputs.version }} --preid rc --git-tag-version=false
echo "NEW_VERSION=$(pnpm pkg get version | tr -d '"')" >> "$GITHUB_OUTPUT"
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Generate changelog
run: pnpm changelog:generate -t v${{ steps.version.outputs.OLD_VERSION }} || pnpm changelog:generate

- name: Build
run: yarn build
- name: Create github release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.email [email protected]
git config --global user.name "CI/CD Bot"
git add package.json
git commit -m "version v${{ steps.version.outputs.NEW_VERSION }}"
git tag v${{ steps.version.outputs.NEW_VERSION }}
git push
git push --tags
gh release create v${{ steps.version.outputs.NEW_VERSION }} --notes-file CHANGELOG.md
- name: Publish
run: yarn publish
working-directory: dist
- name: Trigger publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh workflow run publish.yml -r v${{ steps.version.outputs.NEW_VERSION }}
3 changes: 0 additions & 3 deletions jest.config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,9 +181,6 @@ export default {
// An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
// unmockedModulePathPatterns: undefined,

// Indicates whether each individual test should be reported during the run
// verbose: undefined,

// An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
// watchPathIgnorePatterns: [],

Expand Down
13 changes: 7 additions & 6 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,21 @@
"@ethersproject/bignumber": "^5.1.1",
"@metamask/eth-sig-util": "^5.0.2",
"bn.js": "^5.2.1",
"web3": "^1.8.1",
"ws": "^8.12.1",
"tslib": "^2.2.0"
"tslib": "^2.2.0",
"web3": "^4.10.0",
"ws": "^8.12.1"
},
"devDependencies": {
"@babel/core": "^7.13.16",
"@babel/preset-env": "^7.13.15",
"@babel/preset-typescript": "^7.13.0",
"@types/jest": "^26.0.22",
"@types/bn.js": "5.1.5",
"@types/jest": "29.5.12",
"@types/prompts": "^2.0.12",
"@types/ws": "^8.5.4",
"@typescript-eslint/eslint-plugin": "4",
"axios": "^1.2.3",
"babel-jest": "^26.6.3",
"babel-jest": "29.7.0",
"eslint": "7",
"eslint-config-prettier": "^8.2.0",
"eslint-config-standard-with-typescript": "^20.0.0",
Expand All @@ -49,7 +50,7 @@
"eslint-plugin-promise": "4",
"eslint-plugin-unused-imports": "^1.1.1",
"husky": "^6.0.0",
"jest": "^26.6.3",
"jest": "29.7.0",
"lint-staged": "^10.5.4",
"prettier": "^2.2.1",
"ts-loader": "^9.0.2",
Expand Down
Loading

0 comments on commit 8734c5c

Please sign in to comment.