contracts icon indicating copy to clipboard operation
contracts copied to clipboard

Published 20 hours ago verified publisher icon graphprotocol

[IA 00] - test: Add extra tests for Indexing Agreements

Open matiasedgeandnode opened this issue 5 months ago • 3 comments

matiasedgeandnode avatar Jun 19 '25 15:06 matiasedgeandnode

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​winston@​2.4.4991003576100
Added@​types/​json5@​2.2.01001003576100
Added@​types/​bs58@​4.0.41001005677100
Added@​types/​eslint__js@​8.42.31001006177100
Added@​types/​glob@​7.2.01001006776100
Added@​types/​minimist@​1.2.51001006776100
Added@​types/​sinon-chai@​3.2.121001006877100
Added@​tenderly/​api-client@​1.1.0761007090100
Added@​stylistic/​eslint-plugin@​1.8.11001007095100
Added@​types/​chai-as-promised@​7.1.81001007279100
Added@​types/​yargs@​16.0.91001007377100
Addedarbos-precompiles@​1.0.2811007481100
Added@​types/​chai@​4.3.201001007584100
Added@​types/​chai@​4.3.41001007584100
Added@​types/​mocha@​10.0.101001007580100
Added@​types/​inquirer@​7.3.31001007582100
Added@​types/​mocha@​8.2.31001007680100
Added@​types/​mocha@​9.1.11001007680100
Addedcoingecko-api@​1.0.108910010076100
Added@​types/​debug@​4.1.121001008776100
Added@​typechain/​ethers-v6@​0.5.11001009378100
Added@​typechain/​hardhat@​9.1.010010010079100
Added@​typechain/​hardhat@​2.3.110010010079100
Added@​typechain/​hardhat@​4.0.010010010079100
Added@​typechain/​ethers-v5@​7.2.0991009379100
Added@​typechain/​ethers-v5@​9.0.0991009379100
Addedbignumber.js@​9.1.210010010079100
Addedchai@​4.3.410010010079100
Addedchai@​4.5.010010010079100
See 8 more rows in the dashboard

View full report

socket-security[bot] avatar Jun 19 '25 15:06 socket-security[bot]

[!WARNING] Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn Critical
[email protected] has a Critical CVE.

CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL)

Affected versions: >= 0

Patched version: No patched versions

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security[bot] avatar Jun 19 '25 15:06 socket-security[bot]

test: Add extra tests for Indexing Agreements

Generated at commit: 1651716f094c2e3195f0afa03af260131f682be8

🚨 Report Summary

Severity Level Results
Contracts Critical High Medium Low Note Total 2 4 0 15 39 60
Dependencies Critical High Medium Low Note Total 0 0 0 0 0 0

For more details view the full report in OpenZeppelin Code Inspector

openzeppelin-code[bot] avatar Jun 19 '25 16:06 openzeppelin-code[bot]

Final PR here

matiasedgeandnode avatar Sep 10 '25 14:09 matiasedgeandnode