CR10 npm package release script

[aaronmgdr]

Not intending to actually merge this.

this is a backport of #10791 onto the commit we released core contracts 10 from.

created to be run and publish celo/abis 10.0.0 and celo/contracts 10.0.0

[changeset-bot]

⚠️ No Changeset found

Latest commit: f2887f6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@celo/ganache	7.8.0-unofficial.0	network, filesystem, shell, environment	+1	107 MB	soloseng
@celo/cryptographic-utils	5.0.6	None	+0	68.7 kB	app-tooling
@celo/odis-identifiers	1.0.0	None	+0	3.98 kB	app-tooling
@celo/ethereumjs-vm	6.4.1-unofficial.0	environment	+1	1.1 MB	soloseng
typechain-target-ethers-v5	5.0.1	None	+6	346 kB	zemse
rimraf	5.0.5	filesystem, shell, environment	+16	2.65 MB	isaacs
@summa-tx/memview.sol	1.1.0	None	+0	41.4 kB	prestwich
@wagmi/cli	1.5.2	eval, network, filesystem, shell, environment	+182	480 MB	awkweb
truffle-plugin-verify	0.6.7	None	+48	108 MB	rkalis
@types/lodash	4.14.202	None	+0	862 kB	types
typechain	4.0.3	None	+2	148 kB	ethereum-ts-bot
@celo/typechain-target-web3-v1-celo	0.2.0...1.0.0	None	+6/-4	308 kB	aaron-clabs

🚮 Removed packages: @soloseng/[email protected], @types/[email protected]

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Native code	@celo/ganache	7.8.0-unofficial.0	Location: node_modules/@trufflesuite/bigint-buffer/binding.gyp +4 more instances...	@celo/[email protected] via packages/protocol/package.json packages/protocol/package.json

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @celo/[email protected]

[openzeppelin-code]

CR10 npm package release script

Generated at commit: f2887f6aa66e7042b2fa153870e9485a462cd0a7

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector