Update dependency cross-fetch to v3.1.5 [SECURITY] (#168)

* move dev-utils from monorepo back into this repo. it makes more sense here after all fix not being able to run yarn build from local packages * upgrade to final 1.x web3 release ever * its highly recommended to use example.com for examples and tests as is reserved by IANA exactly for that * Update dependency cross-fetch to v3.1.5 [SECURITY] Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * test failing but good progress * ge vs code debugger working again * move dev-utils from monorepo back into this repo. it makes more sense here after all --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Aaron DeRuvo <[email protected]>
celo-org · Mar 21, 2024 · c42682d · c42682d
1 parent 5335af5
commit c42682d
Show file tree

Hide file tree

Showing 57 changed files with 1,012 additions and 490 deletions.
diff --git a/.changeset/brave-spies-own.md b/.changeset/brave-spies-own.md
@@ -0,0 +1,5 @@
+---
+'@celo/dev-utils': patch
+---
+
+Bump web3 to 1.10.4
diff --git a/.changeset/friendly-penguins-happen.md b/.changeset/friendly-penguins-happen.md
@@ -0,0 +1,8 @@
+---
+'@celo/network-utils': patch
+'@celo/contractkit': patch
+'@celo/explorer': patch
+'@celo/celocli': patch
+---
+
+Bump Cross Fetch to fix security vulnerability
diff --git a/.changeset/lemon-doors-rescue.md b/.changeset/lemon-doors-rescue.md
@@ -0,0 +1,19 @@
+---
+'@celo/wallet-hsm-azure': patch
+'@celo/wallet-hsm-aws': patch
+'@celo/wallet-hsm-gcp': patch
+'@celo/wallet-ledger': patch
+'@celo/wallet-remote': patch
+'@celo/wallet-local': patch
+'@celo/wallet-base': patch
+'@celo/wallet-hsm': patch
+'@celo/wallet-rpc': patch
+'@celo/transactions-uri': patch
+'@celo/network-utils': patch
+'@celo/contractkit': patch
+'@celo/connect': patch
+'@celo/utils': patch
+'@celo/celocli': patch
+---
+
+Bump web3-\* to 1.10.4 -- Some consumers may be forced to upgrade their web3 instance to the same version 
diff --git a/.gitignore b/.gitignore
@@ -71,7 +71,6 @@ packages/sdk/identity/*
 packages/sdk/encrypted-backup/*
 packages/protocol/*
 packages/celotool/*
-packages/dev-utils/*
 packages/metadata-crawler/*
 packages/helm-charts/*
 # temp json file for deploy-sdks script

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -1,38 +1,6 @@
 {
   "version": "0.2.0",
   "configurations": [
-    {
-      "name": "Debug PhoneNumberPrivacy Combiner Tests",
-      "type": "node",
-      "request": "launch",
-      "runtimeArgs": [
-        "--inspect-brk",
-        "${workspaceRoot}/node_modules/.bin/jest",
-        "--rootDir",
-        "${workspaceFolder}/packages/phone-number-privacy",
-        "--runInBand",
-        "${workspaceFolder}/packages/phone-number-privacy/combiner/test/**",
-      ],
-      "console": "integratedTerminal",
-      "internalConsoleOptions": "neverOpen",
-      "port": 9229
-    },
-    {
-      "name": "Debug PhoneNumberPrivacy Signer Tests",
-      "type": "node",
-      "request": "launch",
-      "runtimeArgs": [
-        "--inspect-brk",
-        "${workspaceRoot}/node_modules/.bin/jest",
-        "--rootDir",
-        "${workspaceFolder}/packages/phone-number-privacy/signer",
-        "--runInBand",
-        "${workspaceFolder}/packages/phone-number-privacy/signer/test/**",
-      ],
-      "console": "integratedTerminal",
-      "internalConsoleOptions": "neverOpen",
-      "port": 9229
-    },
     {
       "name": "Debug ContractKit Tests",
       "type": "node",
@@ -41,9 +9,9 @@
         "--inspect-brk",
         "${workspaceRoot}/node_modules/.bin/jest",
         "--rootDir",
-        "${workspaceFolder}/packages/contractkit",
+        "${workspaceFolder}/packages/sdk/contractkit",
         "--runInBand",
-        "${workspaceFolder}/packages/contractkit/src/**/*.test.ts",
+        "${workspaceFolder}/packages/sdk/contractkit/src/**/*.test.ts",
       ],
       "console": "integratedTerminal",
       "internalConsoleOptions": "neverOpen",

diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -22,9 +22,9 @@
     "node": ">=16"
   },
   "scripts": {
-    "clean": "tsc -b . --clean",
+    "clean": "yarn run --top-level tsc -b . --clean",
     "dev": "yarn build && ts-node ./bin/dev.js",
-    "build": "tsc -b .",
+    "build": "yarn run --top-level tsc -b .",
     "docs": "./generate_docs.sh",
     "lint": "yarn run --top-level eslint -c .eslintrc.js ",
     "prepublish": "",
@@ -61,20 +61,20 @@
     "bip32": "3.1.0",
     "chalk": "^2.4.2",
     "command-exists": "^1.2.9",
-    "cross-fetch": "3.0.6",
+    "cross-fetch": "3.1.5",
     "debug": "^4.1.1",
     "ethers": "5",
     "fs-extra": "^8.1.0",
     "humanize-duration": "^3.29.0",
     "path": "^0.12.7",
     "prompts": "^2.0.1",
     "randombytes": "^2.0.1",
-    "web3": "1.10.0",
-    "web3-utils": "^1.10.0"
+    "web3": "1.10.4",
+    "web3-utils": "^1.10.4"
   },
   "devDependencies": {
     "@celo/celo-devchain": "^7.0.0",
-    "@celo/dev-utils": "0.0.1-beta.1",
+    "@celo/dev-utils": "0.0.2",
     "@celo/typescript": "workspace:^",
     "@types/debug": "^4.1.4",
     "@types/fs-extra": "^8.0.0",
@@ -83,7 +83,6 @@
     "@types/ledgerhq__hw-transport-node-hid": "^4.22.2",
     "@types/node": "^18.7.16",
     "@types/prompts": "^1.1.1",
-    "@types/web3": "^1.0.18",
     "jest": "^29.0.2",
     "oclif": "^4.3.4",
     "prettier": "1.19.1",

diff --git a/packages/cli/src/commands/account/authorize.test.ts b/packages/cli/src/commands/account/authorize.test.ts
@@ -8,7 +8,6 @@ import Authorize from './authorize'
 import Register from './register'
 
 process.env.NO_SYNCCHECK = 'true'
-
 testWithGanache('account:authorize cmd', (web3: Web3) => {
   test('can authorize vote signer', async () => {
     const accounts = await web3.eth.getAccounts()

diff --git a/packages/cli/src/commands/account/claim-domain.ts b/packages/cli/src/commands/account/claim-domain.ts
@@ -12,7 +12,7 @@ export default class ClaimDomain extends ClaimCommand {
   }
   static args = ClaimCommand.args
   static examples = [
-    'claim-domain ~/metadata.json --domain test.com --from 0x47e172F6CfB6c7D01C1574fa3E2Be7CC73269D95',
+    'claim-domain ~/metadata.json --domain example.com --from 0x47e172F6CfB6c7D01C1574fa3E2Be7CC73269D95',
   ]
   self = ClaimDomain
   async run() {

diff --git a/packages/cli/src/commands/account/claim-storage.ts b/packages/cli/src/commands/account/claim-storage.ts
@@ -12,7 +12,7 @@ export default class ClaimStorage extends ClaimCommand {
   }
   static args = ClaimCommand.args
   static examples = [
-    'claim-storage ~/metadata.json --url http://test.com/myurl --from 0x47e172F6CfB6c7D01C1574fa3E2Be7CC73269D95',
+    'claim-storage ~/metadata.json --url http://example.com/myurl --from 0x47e172F6CfB6c7D01C1574fa3E2Be7CC73269D95',
   ]
   self = ClaimStorage
 

diff --git a/packages/cli/src/commands/account/claims.test.ts b/packages/cli/src/commands/account/claims.test.ts
@@ -52,7 +52,7 @@ testWithGanache('account metadata cmds', (web3: Web3) => {
 
     test('account:claim-domain cmd', async () => {
       generateEmptyMetadataFile()
-      const domain = 'test.com'
+      const domain = 'example.com'
       await testLocally(ClaimDomain, ['--from', account, '--domain', domain, emptyFilePath])
       const metadata = await readFile()
       const claim = metadata.findClaim(ClaimTypes.DOMAIN)
@@ -84,7 +84,7 @@ testWithGanache('account metadata cmds', (web3: Web3) => {
           '--from',
           account,
           '--url',
-          'https://test.com',
+          'https://example.com',
         ])
       })
 
@@ -97,7 +97,13 @@ testWithGanache('account metadata cmds', (web3: Web3) => {
 
     it('cannot register metadata', async () => {
       await expect(
-        testLocally(RegisterMetadata, ['--force', '--from', account, '--url', 'https://test.com'])
+        testLocally(RegisterMetadata, [
+          '--force',
+          '--from',
+          account,
+          '--url',
+          'https://example.com',
+        ])
       ).rejects.toThrow("Some checks didn't pass!")
     })
   })

diff --git a/packages/cli/src/commands/releasecelo/set-account.ts b/packages/cli/src/commands/releasecelo/set-account.ts
@@ -26,7 +26,7 @@ export default class SetAccount extends ReleaseGoldBaseCommand {
   static examples = [
     'set-account --contract 0x5719118266779B58D0f9519383A4A27aA7b829E5 --property name --value mywallet',
     'set-account --contract 0x5719118266779B58D0f9519383A4A27aA7b829E5 --property dataEncryptionKey --value 0x041bb96e35f9f4b71ca8de561fff55a249ddf9d13ab582bdd09a09e75da68ae4cd0ab7038030f41b237498b4d76387ae878dc8d98fd6f6db2c15362d1a3bf11216',
-    'set-account --contract 0x5719118266779B58D0f9519383A4A27aA7b829E5 --property metaURL --value www.test.com',
+    'set-account --contract 0x5719118266779B58D0f9519383A4A27aA7b829E5 --property metaURL --value www.example.com',
   ]
 
   async run() {

diff --git a/packages/dev-utils/.eslintrc.js b/packages/dev-utils/.eslintrc.js
@@ -0,0 +1,3 @@
+module.exports = {
+  extends: '../../.eslintrc.js',
+}
diff --git a/packages/dev-utils/.gitignore b/packages/dev-utils/.gitignore
@@ -0,0 +1 @@
+lib
diff --git a/packages/dev-utils/README.md b/packages/dev-utils/README.md
@@ -0,0 +1,3 @@
+# packages/dev-utils
+
+This is a `utils` package that is meant to be used as a devDependency. It's primary use case is to reuse the ganache setup currently present in `cli` and `contractkit`. Due to the way jest uses globalSetup, depending packages will still need to define their own setup/teardown files.
diff --git a/packages/dev-utils/eslint.tsconfig.json b/packages/dev-utils/eslint.tsconfig.json
@@ -0,0 +1,3 @@
+{
+  "extends": "./tsconfig.json"
+}
diff --git a/packages/dev-utils/package.json b/packages/dev-utils/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "@celo/dev-utils",
+  "version": "0.0.2",
+  "description": "util package for celo packages that should only be a devDependency",
+  "main": "./lib/index.js",
+  "types": "./lib/index.d.ts",
+  "author": "Celo",
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/celo-org/celo-monorepo/tree/master/packages/dev-utils",
+  "repository": "https://github.com/celo-org/celo-monorepo/tree/master/packages/dev-utils",
+  "keywords": [
+    "celo"
+  ],
+  "files": [
+    "lib/*"
+  ],
+  "scripts": {
+    "build": "yarn run --top-level tsc -b .",
+    "lint": "yarn run --top-level eslint -c .eslintrc.js ",
+    "prepack": "yarn build"
+  },
+  "dependencies": {
+    "bignumber.js": "^9.0.0",
+    "fs-extra": "^8.1.0",
+    "ganache": "npm:@celo/[email protected]",
+    "targz": "^1.0.1",
+    "tmp": "^0.1.0",
+    "web3": "1.10.4",
+    "web3-core-helpers": "1.10.4"
+  },
+  "devDependencies": {
+    "@tsconfig/recommended": "^1.0.3",
+    "@types/fs-extra": "^8.1.0",
+    "@types/targz": "1.0.0"
+  },
+  "engines": {
+    "node": ">=18.14.2"
+  }
+}
diff --git a/packages/dev-utils/src/describeEach.ts b/packages/dev-utils/src/describeEach.ts
@@ -0,0 +1,9 @@
+export interface TestCase {
+  label: string
+}
+
+export function describeEach<T extends TestCase>(testCases: T[], fn: (testCase: T) => void) {
+  for (const testCase of testCases) {
+    describe(testCase.label, () => fn(testCase))
+  }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# packages/dev-utils

		This is a `utils` package that is meant to be used as a devDependency. It's primary use case is to reuse the ganache setup currently present in `cli` and `contractkit`. Due to the way jest uses globalSetup, depending packages will still need to define their own setup/teardown files.