From c8a754d7a41bb5de3d1c87b6150fe93b86ad047f Mon Sep 17 00:00:00 2001 From: Bartek Date: Tue, 15 Oct 2024 15:56:23 +0200 Subject: [PATCH 1/5] fix audit --- audit-ci.jsonc | 11 +--------- package.json | 7 ++++-- yarn.lock | 59 +++++++++++++++++++++++++++++++++----------------- 3 files changed, 45 insertions(+), 32 deletions(-) diff --git a/audit-ci.jsonc b/audit-ci.jsonc index 7a87fa4a7..3b1ff2640 100644 --- a/audit-ci.jsonc +++ b/audit-ci.jsonc @@ -104,15 +104,6 @@ // Issue with sol2uml library that generates UML diagrams from Solidity code. Only used at build time. // from: @offchainlabs/l1-l3-teleport-contracts>@arbitrum/nitro-contracts>sol2uml>axios // from: @offchainlabs/l1-l3-teleport-contracts>@arbitrum/token-bridge-contracts>@arbitrum/nitro-contracts>sol2uml>axios - "GHSA-wf5p-g6vw-rhxx", - // elliptic - // waiting for it to release a fix but low severity so we can ignore it - // from: @ethersproject/signing-key>elliptic - // https://github.com/advisories/GHSA-49q7-c7j4-3p7m - "GHSA-49q7-c7j4-3p7m", - // https://github.com/advisories/GHSA-977x-g7h5-7qgw - "GHSA-977x-g7h5-7qgw", - // https://github.com/advisories/GHSA-f7q4-pwc6-w24p - "GHSA-f7q4-pwc6-w24p" + "GHSA-wf5p-g6vw-rhxx" ] } diff --git a/package.json b/package.json index 6153ca94b..377220bfd 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "@typescript-eslint/eslint-plugin-tslint": "^5.27.1", "@typescript-eslint/parser": "^5.14.0", "audit-ci": "^6.3.0", - "axios": "^1.6.5", + "axios": "^1.7.4", "chai": "^4.2.0", "chalk": "^4.1.0", "dotenv": "^10.0.0", @@ -93,6 +93,9 @@ "resolutions": { "lodash.pick": "https://github.com/lodash/lodash/archive/refs/tags/4.17.21.tar.gz", "**/@ethersproject/providers/ws": "7.5.10", - "**/hardhat/ws": "7.5.10" + "**/hardhat/ws": "7.5.10", + "**/hardhat/@sentry/node/cookie": "0.7.0", + "**/micromatch": "4.0.8", + "**/elliptic": "6.5.7" } } diff --git a/yarn.lock b/yarn.lock index 92a334607..d710e1c2e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2024,12 +2024,12 @@ axios@^0.27.2: follow-redirects "^1.14.9" form-data "^4.0.0" -axios@^1.6.5: - version "1.6.5" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.5.tgz#2c090da14aeeab3770ad30c3a1461bc970fb0cd8" - integrity sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg== +axios@^1.7.4: + version "1.7.7" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f" + integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q== dependencies: - follow-redirects "^1.15.4" + follow-redirects "^1.15.6" form-data "^4.0.0" proxy-from-env "^1.1.0" @@ -2109,7 +2109,14 @@ brace-expansion@^2.0.1: dependencies: balanced-match "^1.0.0" -braces@^3.0.2, braces@~3.0.2: +braces@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" + integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== + dependencies: + fill-range "^7.1.1" + +braces@~3.0.2: version "3.0.2" resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107" integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A== @@ -2521,10 +2528,10 @@ convert-svg-to-png@^0.6.4: dependencies: convert-svg-core "^0.6.4" -cookie@^0.4.1: - version "0.4.2" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432" - integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA== +cookie@0.7.0, cookie@^0.4.1: + version "0.7.0" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.0.tgz#2148f68a77245d5c2c0005d264bc3e08cfa0655d" + integrity sha512-qCf+V4dtlNhSRXGAZatc1TasyFO6GjohcOul807YOb5ik3+kQSnb4d7iajeCL8QHaJ4uZEjCgiCJerKXwdRVlQ== crc-32@^1.2.0: version "1.2.2" @@ -2753,10 +2760,10 @@ electron-to-chromium@^1.4.535: resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.556.tgz#97385917eb6ea3ac6a3378cf87bb39ee1db96e76" integrity sha512-6RPN0hHfzDU8D56E72YkDvnLw5Cj2NMXZGg3UkgyoHxjVhG99KZpsKgBWMmTy0Ei89xwan+rbRsVB9yzATmYzQ== -elliptic@6.5.4, elliptic@^6.5.2, elliptic@^6.5.4: - version "6.5.4" - resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.4.tgz#da37cebd31e79a1367e941b592ed1fbebd58abbb" - integrity sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ== +elliptic@6.5.4, elliptic@6.5.6, elliptic@^6.5.2, elliptic@^6.5.4: + version "6.5.6" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.6.tgz#ee5f7c3a00b98a2144ac84d67d01f04d438fa53e" + integrity sha512-mpzdtpeCLuS3BmE3pO3Cpp5bbjlOPY2Q0PgoF+Od1XZrHLYI28Xe3ossCmYCQt11FQKEYd9+PF8jymTvtWJSHQ== dependencies: bn.js "^4.11.9" brorand "^1.1.0" @@ -3288,6 +3295,13 @@ fill-range@^7.0.1: dependencies: to-regex-range "^5.0.1" +fill-range@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" + integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== + dependencies: + to-regex-range "^5.0.1" + find-cache-dir@^3.2.0: version "3.3.2" resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.2.tgz#b30c5b6eff0730731aea9bbd9dbecbd80256d64b" @@ -3352,11 +3366,16 @@ flatted@^3.1.0: resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.5.tgz#76c8584f4fc843db64702a6bd04ab7a8bd666da3" integrity sha512-WIWGi2L3DyTUvUrwRKgGi9TwxQMUEqPOPQBVi71R96jZXJdFskXEmf54BoZaS1kknGODoIGASGEzBUYdyMCBJg== -follow-redirects@^1.12.1, follow-redirects@^1.14.9, follow-redirects@^1.15.4: +follow-redirects@^1.12.1, follow-redirects@^1.14.9: version "1.15.5" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020" integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw== +follow-redirects@^1.15.6: + version "1.15.9" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1" + integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ== + for-each@^0.3.3: version "0.3.3" resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.3.tgz#69b447e88a0a5d32c3e7084f3f1710034b21376e" @@ -4426,12 +4445,12 @@ merge2@^1.3.0, merge2@^1.4.1: resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== -micromatch@^4.0.2, micromatch@^4.0.4: - version "4.0.5" - resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6" - integrity sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA== +micromatch@4.0.8, micromatch@^4.0.2, micromatch@^4.0.4: + version "4.0.8" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.8.tgz#d66fa18f3a47076789320b9b1af32bd86d9fa202" + integrity sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA== dependencies: - braces "^3.0.2" + braces "^3.0.3" picomatch "^2.3.1" mime-db@1.52.0: From 4122527f03435b9c59bb6a44c14886a520b2abc1 Mon Sep 17 00:00:00 2001 From: Bartek Date: Tue, 15 Oct 2024 17:35:53 +0200 Subject: [PATCH 2/5] fix test --- tests/integration/eth.test.ts | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/integration/eth.test.ts b/tests/integration/eth.test.ts index 1e2e46715..fff74171e 100644 --- a/tests/integration/eth.test.ts +++ b/tests/integration/eth.test.ts @@ -27,7 +27,6 @@ import { fundParentSigner, fundChildSigner, mineUntilStop, - prettyLog, skipIfMainnet, } from './testHelpers' import { ChildToParentMessage } from '../../src/lib/message/ChildToParentMessage' @@ -139,10 +138,6 @@ describe('Ether', async () => { 'balance failed to update after eth deposit' ) - const waitResult = await rec.waitForChildTransactionReceipt( - childSigner.provider! - ) - const l1ToL2Messages = await rec.getEthDeposits(childSigner.provider!) expect(l1ToL2Messages.length).to.eq(1, 'failed to find 1 l1 to l2 message') const l1ToL2Message = l1ToL2Messages[0] @@ -160,7 +155,6 @@ describe('Ether', async () => { 1, 'failed to find 1 parent-to-child message' ) - const parentToChildMessage = parentToChildMessages[0] const testWalletL2EthBalance = await childSigner.getBalance() expect(testWalletL2EthBalance.toString(), 'final balance').to.eq( From a0ee52e8d9e4030fcc64434f47c42ca2244aa9ad Mon Sep 17 00:00:00 2001 From: Bartek Date: Tue, 15 Oct 2024 18:01:28 +0200 Subject: [PATCH 3/5] fix test --- tests/integration/eth.test.ts | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tests/integration/eth.test.ts b/tests/integration/eth.test.ts index fff74171e..bd08b07a7 100644 --- a/tests/integration/eth.test.ts +++ b/tests/integration/eth.test.ts @@ -27,6 +27,7 @@ import { fundParentSigner, fundChildSigner, mineUntilStop, + prettyLog, skipIfMainnet, } from './testHelpers' import { ChildToParentMessage } from '../../src/lib/message/ChildToParentMessage' @@ -138,26 +139,32 @@ describe('Ether', async () => { 'balance failed to update after eth deposit' ) - const l1ToL2Messages = await rec.getEthDeposits(childSigner.provider!) - expect(l1ToL2Messages.length).to.eq(1, 'failed to find 1 l1 to l2 message') - const l1ToL2Message = l1ToL2Messages[0] + const waitResult = await rec.waitForChildTransactionReceipt( + childSigner.provider! + ) const walletAddress = await parentSigner.getAddress() - expect(l1ToL2Message.to).to.eq(walletAddress, 'message inputs value error') - expect(l1ToL2Message.value.toString(), 'message inputs value error').to.eq( - parseEther(amount).toString() - ) const parentToChildMessages = await rec.getEthDeposits( childSigner.provider! ) - expect(parentToChildMessages.length).to.eq( - 1, - 'failed to find 1 parent-to-child message' + const parentToChildMessage = parentToChildMessages[0] + + expect(parentToChildMessage.to).to.eq( + walletAddress, + 'message inputs value error' ) + expect( + parentToChildMessage.value.toString(), + 'message inputs value error' + ).to.eq(parseEther(amount).toString()) + + expect(waitResult.complete).to.eq(true, 'eth deposit not complete') + expect(waitResult.childTxReceipt).to.exist + expect(waitResult.childTxReceipt).to.not.be.null - const testWalletL2EthBalance = await childSigner.getBalance() - expect(testWalletL2EthBalance.toString(), 'final balance').to.eq( + const testWalletChildEthBalance = await childSigner.getBalance() + expect(testWalletChildEthBalance.toString(), 'final balance').to.eq( parseEther(amount).toString() ) }) From 72f749a3a8a33057b2826422755a503c12a38769 Mon Sep 17 00:00:00 2001 From: Bartek Date: Tue, 15 Oct 2024 18:22:29 +0200 Subject: [PATCH 4/5] fix --- tests/integration/eth.test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/eth.test.ts b/tests/integration/eth.test.ts index bd08b07a7..6b584520c 100644 --- a/tests/integration/eth.test.ts +++ b/tests/integration/eth.test.ts @@ -27,7 +27,6 @@ import { fundParentSigner, fundChildSigner, mineUntilStop, - prettyLog, skipIfMainnet, } from './testHelpers' import { ChildToParentMessage } from '../../src/lib/message/ChildToParentMessage' From 3bea5399113446f93edcea6943a4cef26b941391 Mon Sep 17 00:00:00 2001 From: Bartek Date: Wed, 16 Oct 2024 11:27:45 +0200 Subject: [PATCH 5/5] fix --- tests/integration/eth.test.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/integration/eth.test.ts b/tests/integration/eth.test.ts index 6b584520c..59e764a1f 100644 --- a/tests/integration/eth.test.ts +++ b/tests/integration/eth.test.ts @@ -149,6 +149,10 @@ describe('Ether', async () => { ) const parentToChildMessage = parentToChildMessages[0] + expect(parentToChildMessages.length).to.eq( + 1, + 'failed to find 1 parent-to-child message' + ) expect(parentToChildMessage.to).to.eq( walletAddress, 'message inputs value error'