Skip to content
This repository was archived by the owner on Mar 1, 2024. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: maticnetwork/contracts
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: Wrathchylde75/contracts
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 10 commits
  • 5 files changed
  • 2 contributors

Commits on Apr 4, 2022

  1. fix: upgrade openzeppelin-solidity from 2.2.0 to 2.5.1 

    Snyk has created this PR to upgrade openzeppelin-solidity from 2.2.0 to 2.5.1.

See this package in npm:
https://www.npmjs.com/package/openzeppelin-solidity

See this project in Snyk:
https://app.snyk.io/org/wrathchyld/project/2d925c9f-f239-4093-84ac-4b831afe911b?utm_source=github&utm_medium=referral&page=upgrade-pr
    @snyk-bot
    snyk-bot committed Apr 4, 2022

    Unverified

    This user has not yet uploaded their public signing key.
    GPG key ID: 09541BBFF0C4C795
    Learn about vigilant mode
    Copy the full SHA
    fd7cdbf View commit details

Commits on Apr 11, 2022

  1. fix: package.json & package-lock.json to reduce vulnerabilities 

    The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
    @snyk-bot
    snyk-bot committed Apr 11, 2022

    Unverified

    This user has not yet uploaded their public signing key.
    GPG key ID: 09541BBFF0C4C795
    Learn about vigilant mode
    Copy the full SHA
    dcaa4f9 View commit details

Commits on Apr 12, 2022

  1. Merge pull request #9 from Wrathchyld/snyk-fix-e76e52741c158bdeb2e8f3… 

    …ecf5303815

[Snyk] Security upgrade @truffle/hdwallet-provider from 1.4.3 to 1.6.0
    Jerry Robertson authored Apr 12, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    187aca7 View commit details

Commits on Apr 24, 2022

  1. Create codeql-analysis.yml

    Jerry Robertson authored Apr 24, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    bcd12ad View commit details

  2. Localhost 4242 

    https://www.facebook.com/jerry.robertson.9847
    Jerry Robertson authored Apr 24, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    82d0440 View commit details

  3. Create snyk-infrastructure.yml

    Jerry Robertson authored Apr 24, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    86c837e View commit details

  4. Merge pull request #4 from Wrathchyld/snyk-upgrade-c90bb7117d5b8aa2e2… 

    …0993674bbcabf4

[Snyk] Upgrade openzeppelin-solidity from 2.2.0 to 2.5.1
    Jerry Robertson authored Apr 24, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b60117b View commit details

  5. Update Migrations.sol 

    0xA7ff0d561cd15eD525e31bbe0aF3fE34ac2059F60x2fd44da6bbf93ce6f321f1752da917cd6a063391f8042ac014f5fc68fdfb2daa0x4Ddc2D193948926D02f9B1fE9e1daa0718270ED5https://www.facebook.com/jerry.robertson.9847
    Jerry Robertson authored Apr 24, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7dbf63b View commit details

Commits on May 19, 2022

  1. fix: package.json & package-lock.json to reduce vulnerabilities 

    The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-NUNJUCKS-1079083
    @snyk-bot
    snyk-bot committed May 19, 2022

    Unverified

    This user has not yet uploaded their public signing key.
    GPG key ID: 09541BBFF0C4C795
    Learn about vigilant mode
    Copy the full SHA
    9beb321 View commit details

Commits on May 25, 2022

  1. Merge pull request #10 from Wrathchyld/snyk-fix-3cb0521564fede6693247… 

    …f7839a80e85

[Snyk] Fix for 6 vulnerabilities
    Jerry Robertson authored May 25, 2022

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d67873d View commit details
Showing with 1,446 additions and 659 deletions.
  1. +70 −0 .github/workflows/codeql-analysis.yml
  2. +53 −0 .github/workflows/snyk-infrastructure.yml
  3. +3 −3 contracts/Migrations.sol
  4. +1,315 −651 package-lock.json
  5. +5 −5 package.json
70 changes: 70 additions & 0 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ main ]
pull_request:Wrathchyld
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '15 11 * * 0'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
53 changes: 53 additions & 0 deletions .github/workflows/snyk-infrastructure.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

# A sample workflow which checks out your Infrastructure as Code Configuration files,
# such as Kubernetes, Helm & Terraform and scans them for any security issues.
# The results are then uploaded to GitHub Security Code Scanning
#
# For more examples, including how to limit scans to only high-severity issues
# and fail PR checks, see https://github.com/snyk/actions/

name: Snyk Infrastructure as Code

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '23 19 * * 4'

permissions:
contents: read

jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Snyk to check configuration files for security issues
# Snyk can be used to break the build when it detects security issues.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
# Add the path to the configuration file that you would like to test.
# For example `deployment.yaml` for a Kubernetes deployment manifest
# or `main.tf` for a Terraform configuration file
file: your-file-to-test.yaml
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
6 changes: 3 additions & 3 deletions contracts/Migrations.sol
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
pragma solidity ^0.5.2;

contract Migrations {
address public owner;
address public owner;0xA7ff0d561cd15eD525e31bbe0aF3fE34ac2059F6
uint256 public last_completed_migration;

modifier restricted() {
if (msg.sender == owner) _;
}
} Jerry Robertson

constructor() public {
owner = msg.sender;
}
} Jerry Robertson

function setCompleted(uint256 completed) public restricted {
last_completed_migration = completed;
1,966 changes: 1,315 additions & 651 deletions package-lock.json
View file

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -75,18 +75,18 @@
"truffle-contract-size": "^1.0.1"
},
"dependencies": {
"@truffle/hdwallet-provider": "^1.4.0",
"@truffle/hdwallet-provider": "^1.6.0",
"commander": "^4.0.1",
"ethereumjs-abi": "^0.6.5",
"ethereumjs-block": "2.1.0",
"ethereumjs-tx": "1.3.7",
"ethereumjs-util": "6.0.0",
"ganache-cli": "^6.8.0-istanbul.0",
"glob": "^7.1.6",
"merkle-patricia-tree": "2.3.2",
"nunjucks": "^3.2.0",
"openzeppelin-solidity": "2.2.0",
"merkle-patricia-tree": "3.0.0",
"nunjucks": "^3.2.3",
"openzeppelin-solidity": "2.5.1",
"solidity-rlp": "^2.0.0",
"truffle-plugin-verify": "^0.3.8"
"truffle-plugin-verify": "^0.5.5"
}
}