Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVSVCS-1213: replace Ganache with Anvil and upgrade webpack and remove esmify #81

Merged
merged 27 commits into from
Mar 16, 2025
Merged

DEVSVCS-1213: replace Ganache with Anvil and upgrade webpack and remove esmify #81

merged 27 commits into from
Mar 16, 2025

Conversation

FelixFan1992
Copy link
Contributor

@FelixFan1992 FelixFan1992 commented Feb 3, 2025
edited
Loading

This PR replaces Ganache with Anvil and upgrades webpack and removes esmify. This resolves all 5 critical vulnerabilities.

But 2 weeks ago, there is a new critical level vulnerability discovered and published.
GHSA-vjh7-7g9h-fjfh

so now it has 4 new critical vulnerabilities. not because its direct dependencies but bc many packages have dependencies on other packages which are using elliptic <= 6.6.0 . Some of them don't have a recent release so we cannot simply upgrade to a newer version.

@FelixFan1992 FelixFan1992 marked this pull request as ready for review February 4, 2025 16:30
@FelixFan1992 FelixFan1992 changed the title Only webpack and anvil replace Ganache with Anvil and upgrade webpack Feb 4, 2025
timothyF95
timothyF95 reviewed Feb 4, 2025
View reviewed changes
@FelixFan1992 FelixFan1992 changed the title replace Ganache with Anvil and upgrade webpack DEVSVCS-1213: replace Ganache with Anvil and upgrade webpack Feb 5, 2025
zeuslawyer
zeuslawyer reviewed Feb 6, 2025
View reviewed changes
@FelixFan1992 FelixFan1992 changed the title DEVSVCS-1213: replace Ganache with Anvil and upgrade webpack DEVSVCS-1213: replace Ganache with Anvil and upgrade webpack and remove esmify Feb 12, 2025
@chudilka1 chudilka1 self-requested a review February 20, 2025 19:50
chudilka1
chudilka1 previously approved these changes Feb 20, 2025
View reviewed changes
zeuslawyer
zeuslawyer reviewed Feb 25, 2025
View reviewed changes
@cl-sonarqube-production
Copy link

Quality Gate passed Quality Gate passed

Issues
2 New issues
2 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
81.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

zeuslawyer
zeuslawyer approved these changes Mar 14, 2025
View reviewed changes
Copy link
Collaborator

@zeuslawyer zeuslawyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with Thanks!

Noting that comment [1] has been resolved but no plan to handle the sunsetting of anvil-js has been formulated? We are moving from ganache (deprecated) to anvil-js(deprecated) rather than prool.

[1] https://github.com/smartcontractkit/functions-toolkit/pull/81/files#r1970384785

README.md
@@ -593,14 +596,16 @@ return Functions.encodeString(escape("$hello*world?"));

### Local Functions Testnet

> **Note**
> For version 0.3.2 and above of this functions-toolkit package, Anvil is REQUIRED to use `localFunctionsTestnet`. Please run `make install` to install Anvil and all the necessary dependencies. If you already have anvil and/or foundry (the Foundry toolchain) installed, you would not need to run this. But you may want to run `foundryup` to update your version and `npm install` to install packages.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's apply DRY here. Perhaps we ensure this content is complete in the Prereqs section and here simply remind them to double check the Prereqs

Eg: "To use localFunctionsTestnet please make sure your environment is set up as per the #prerequesites, especially in regard to the installation of Foundry/Anvil"

And we can add the make commands to the prereqs?

this way we can update commands/prereqs in the one spot but the user is reminded at the relevant spot.

@FelixFan1992 FelixFan1992 merged commit 88032a3 into main Mar 16, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zeuslawyer zeuslawyer zeuslawyer approved these changes

@anirudhwarrier anirudhwarrier Awaiting requested review from anirudhwarrier

@justinkaseman justinkaseman Awaiting requested review from justinkaseman

@timothyF95 timothyF95 Awaiting requested review from timothyF95

@ernest-nowacki ernest-nowacki Awaiting requested review from ernest-nowacki

@chudilka1 chudilka1 Awaiting requested review from chudilka1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@FelixFan1992 @zeuslawyer @chudilka1 @justinkaseman @timothyF95