Changed config to support V8 envs #152
Conversation
…t-hubs Update newest hubs
…t-hubs Bump version and hubs
8.0.0+001 release - Gnosis gas price fix
Fix blockchain default prices
…tibility V8 - allowance backwards compatibility
…update gas and allowance fixes
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| BLOCKCHAIN_IDS.NEUROWEB_MAINNET, | ||
| BLOCKCHAIN_IDS.HARDHAT_1, | ||
| BLOCKCHAIN_IDS.HARDHAT_2, | ||
| ]; |
There was a problem hiding this comment.
Bug: Orphaned array expression creates dead code
An array literal is created with blockchain IDs but never assigned to a variable or exported. This appears to be incomplete code that was meant to be NEUROWEB_INCENTIVE_TYPE_CHAINS, matching the equivalent export in constants/constants.js. The array expression evaluates but has no effect, suggesting this was accidentally committed or incompletely implemented.
|
|
||
| - name: Merge v8/develop into Test_Publish_Query | ||
| run: | | ||
| git merge origin/v8/develop --no-edit || echo "Merge failed but continuing" |
There was a problem hiding this comment.
Bug: Workflow silently masks merge failures before pushing
The merge command uses || echo "Merge failed but continuing" which causes the step to succeed even when the merge fails. The subsequent push step then executes, but since HEAD hasn't changed (due to the failed merge), nothing meaningful is pushed. The workflow reports success despite failing to actually merge the branches, which could mislead teams into thinking branches are synchronized when they aren't.
…ange-and-only-buffer-multiply percentile 80, bufferPercent multiply
| @@ -0,0 +1 @@ | |||
| PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 | |||
There was a problem hiding this comment.
Bug: Example file includes real private key
.env.example contains a concrete PRIVATE_KEY value. Even if intended for local Hardhat usage, it’s easy for users/CI to copy it into .env and accidentally reuse a known key outside local testing, leading to compromised funds or account control.
| @@ -0,0 +1,3 @@ | |||
| import { BLOCKCHAIN_IDS } from './constants.js'; | |||
|
|
|||
| export { BLOCKCHAIN_IDS }; | |||
There was a problem hiding this comment.
Bug: Public constants export is incomplete
package.json exposes ./constants, but constants/index.js/constants/index.cjs only export BLOCKCHAIN_IDS even though constants/constants.js defines many other configuration constants. This makes dkg.js/constants unusable for expected config values and can break consumers relying on exported constants beyond BLOCKCHAIN_IDS.
Additional Locations (1)
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if: github.event.pull_request.merged == true || github.event_name == 'push' | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout target branch (Test_Publish_Query) | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| ref: Test_Publish_Query | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Set up Git identity | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
|
|
||
| - name: Fetch latest v8/develop | ||
| run: git fetch origin v8/develop | ||
|
|
||
| - name: Merge v8/develop into Test_Publish_Query | ||
| run: | | ||
| git merge origin/v8/develop --no-edit || echo "Merge failed but continuing" | ||
|
|
||
| - name: Push updated branch | ||
| run: git push origin HEAD:Test_Publish_Query No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 22 days ago
To fix the issue, an explicit permissions block should be added to either the root of the workflow or to the individual job in the workflow YAML file. Since this workflow pushes commits to a branch (git push) and performs merges, it requires contents: write permission for repository contents (code, branches). The safest and most maintainable fix is to add a permissions block at the root of the YAML file (below name: and before on:), giving contents: write. This immediately clarifies what the workflow can do, prevents privilege escalation should defaults change, and adheres to GitHub's security guidelines.
Implementation Steps:
- Edit
.github/workflows/auto-merge-main-to-Test_Publish_Query.yml. - Insert the following after the
name:line (line 1), before theon:block:permissions: contents: write
| @@ -1,4 +1,6 @@ | ||
| name: Auto Merge v8/develop into Test_Publish_Query | ||
| permissions: | ||
| contents: write | ||
|
|
||
| on: | ||
| push: |
…e keeping create wrapper
Add EIP-1559 gas mode, nonce reservation, and exposed asset creation phases Bump to 8.2.3
Note
Scope
constants/constants.js(ESM) with CJS exports inconstants/index.cjsandconstants/index.js; removes legacyconstants.js.Key changes
MAX_FILE_SIZE, predicates, chain IDs/configs, gas settings, default params, paranet enums).BLOCKCHAIN_IDSand re-exports for ESM/CJS consumers.constants/constants.js, useBLOCKCHAIN_IDS, load.envPRIVATE_KEY, and adjust client options.CI/Docs/Config
v8/developintoTest_Publish_Query..gitignoreentries..env.examplewithPRIVATE_KEY.Written by Cursor Bugbot for commit 4327d03. This will update automatically on new commits. Configure here.