Skip to content

Snyk upgrade 03178c54d4c54014129e16dcb9a2eda9#34

Merged
Dargon789 merged 18 commits into21-fixmerge-branch-0xsequencemaster-into-master-f2761efe54451f0b5c2f50f6485c4b5e51ddb32bfrom
snyk-upgrade-03178c54d4c54014129e16dcb9a2eda9
Jun 12, 2025
Merged

Snyk upgrade 03178c54d4c54014129e16dcb9a2eda9#34
Dargon789 merged 18 commits into21-fixmerge-branch-0xsequencemaster-into-master-f2761efe54451f0b5c2f50f6485c4b5e51ddb32bfrom
snyk-upgrade-03178c54d4c54014129e16dcb9a2eda9

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Jun 12, 2025
edited by sourcery-ai bot
Loading

Summary by Sourcery

Regenerate API client and extend it with new endpoints for wallet unlinking, WaaS verification, swap quotes, currency groups, and inventory payment flows. Bump all @0xsequence packages to v1.10.14, add Borne Testnet to network support, introduce a utility for extracting project IDs from access keys (with tests), update development dependencies, and add a Fortify SAST GitHub Actions workflow along with standard issue templates.

New Features:

  • Add new API methods for removing linked wallets, generating and validating WaaS verification URLs, fetching swap quotes, managing currency groups, and handling inventory payment configurations and requests
  • Introduce extractProjectIdFromAccessKey utility to parse project IDs from URL-safe base64 access keys

Enhancements:

  • Regenerate API bindings with webrpc-gen v0.18.7 and update schema hash
  • Add BORNE_TESTNET chain definition and include Borne Testnet in allNetworks across network package

Build:

  • Update pnpm lockfile and bump dev dependencies (express@4.19.2, hardhat@2.20.1)
  • Bump versions of all @0xsequence packages to v1.10.14

CI:

  • Add Fortify AST Scan workflow for automated SAST scans

Documentation:

  • Add GitHub issue templates for bug reports, feature requests, and custom issues

Tests:

  • Add unit tests for access-key extraction utility

dependabot bot and others added 18 commits March 30, 2024 07:24
@dependabot
Bump the npm_and_yarn group across 1 directory with 1 update
a0d71be 
Bumps the npm_and_yarn group with 1 update in the / directory: [express](https://github.com/expressjs/express).


Updates `express` from 4.18.2 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@ScreamingHawk
Update API client (0xsequence#562)
2405feb
@attente
1.10.12
548214a
@Dargon789
Merge branch '0xsequence:master' into master
2f0a536
@Shubhaankar-Sharma
add borne testnet (0xsequence#564)
b8d9604
@attente
1.10.13
04703c1
@yigiterdev
Add borne testnet to all networks
fbe1213
@attente
1.10.14
e228736
@Dargon789
Merge branch '0xsequence:master' into master
4b1880a
@taylanpince @attente
Add extractProjectIdFromAccessKey in utils
08aea9b
@attente
pnpm format && pnpm lint:fix
7e01b57
@Dargon789
Merge branch '0xsequence:master' into master
c292dd5
@Dargon789
Merge branch 'master' into dependabot/npm_and_yarn/npm_and_yarn-secur…
caab6bc 
…ity-group-e0cd778f82
@Dargon789
Merge pull request #1 from Dargon789/dependabot/npm_and_yarn/npm_and_…
bb78b92 
…yarn-security-group-e0cd778f82

Bump the npm_and_yarn group across 1 directory with 1 update
@Dargon789
Create fortify.yml
b12a5dc
@Dargon789
Update issue templates
5cbdca4
@Dargon789
Update CNAME
1d8c21c
@snyk-bot @Dargon789
fix: upgrade @tanstack/react-query from 5.45.1 to 5.64.2
a5b1d91 
Snyk has created this PR to upgrade @tanstack/react-query from 5.45.1 to 5.64.2.

See this package in npm:
@tanstack/react-query

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr
@codesandbox
Copy link

codesandbox bot commented Jun 12, 2025

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@sourcery-ai
Copy link

sourcery-ai bot commented Jun 12, 2025
edited
Loading

Reviewer's Guide

This PR upgrades generated API bindings, adds new blockchain network support, bumps package versions and dependencies, and enhances developer tooling with CI workflows and utilities.

Sequence Diagram for Requesting an Inventory Payment

sequenceDiagram
  actor Client
  participant API
  participant Backend
  Client->>API: requestInventoryPayment(configId, recipient)
  API->>Backend: Process payment request
  Backend-->>API: InventoryPaymentResponse
  API-->>Client: { payment: InventoryPaymentResponse }
Loading

Entity Relationship Diagram for Currency and Inventory Management

erDiagram
  CurrencyGroup {
    int id
    string name
  }
  CurrencyGroupToken {
    int id
    int currencyGroupId
    int chainId
    string tokenAddress
  }
  InventoryPaymentConfig {
    int id
    int projectId
    int chainId
    string paymentTokenAddress
    TokenType paymentTokenType
    number paymentAmount
    string paymentRecipient
  }
  InventoryPayment {
    int id
    int inventoryPaymentConfigId
    string productRecipient
    int paymentChainId
    string paymentTokenAddress
  }

  CurrencyGroup ||--o{ CurrencyGroupToken : "has"
  InventoryPaymentConfig ||--o{ InventoryPayment : "has"
Loading

Class Diagram for Updated API Interface

classDiagram
  class API {
    +removeLinkedWallet(args) RemoveLinkedWalletReturn
    +generateWaaSVerificationURL(args) GenerateWaaSVerificationURLReturn
    +validateWaaSVerificationNonce(args) ValidateWaaSVerificationNonceReturn
    +getSwapQuotes(args) GetSwapQuotesReturn
    +addCurrencyGroup(args) AddCurrencyGroupReturn
    +updateCurrencyGroup(args) UpdateCurrencyGroupReturn
    +listCurrencyGroups() ListCurrencyGroupsReturn
    +deleteCurrencyGroup(args) DeleteCurrencyGroupReturn
    +addInventoryPaymentConfig(args) AddInventoryPaymentConfigReturn
    +getInventoryPaymentConfig(args) GetInventoryPaymentConfigReturn
    +listInventoryPaymentConfigs(args) ListInventoryPaymentConfigsReturn
    +updateInventoryPaymentConfig(args) UpdateInventoryPaymentConfigReturn
    +deleteInventoryPaymentConfig(args) DeleteInventoryPaymentConfigReturn
    +requestInventoryPayment(args) RequestInventoryPaymentReturn
  }
Loading

Class Diagram for New and Updated Data Models

classDiagram
  class TokenType {
    <<Enumeration>>
    ERC20
    ERC721
    ERC1155
  }
  class NftCheckoutParams {
    +string tokenAmount
    +string tokenAddress
    +string tokenSymbol
    +int tokenDecimals
    +string calldata
    +string platform
    +string approvedSpenderAddress
  }
  class SwapQuote {
    string currencyAddress
    string currencyBalance
    string price
    string to
    string transactionData
    string approveData
  }
  class InventoryPaymentResponse {
    int paymentId
    int inventoryPaymentConfigId
    int chainId
    string externalProductId
    string paymentTokenAddress
    TokenType paymentTokenType
    int paymentTokenId
    number paymentTotal
    string expiration
    string signature
    string txTo
    string txData
  }

  InventoryPaymentResponse ..> TokenType
Loading

File-Level Changes

Change Details Files
Upgrade API client generation and extend WebRPC bindings
  • Bump webrpc-gen to v0.18.7 and update schema hash
  • Add TokenType enum and new response types (SwapQuote, CurrencyGroup*, InventoryPayment*, etc.)
  • Introduce new API methods (removeLinkedWallet, getSwapQuotes, inventory payment endpoints, WaaS verification) and client implementations
  • Add GeoblockedError class and map error code
 packages/api/src/api.gen.ts
Integrate Borne testnet support across packages
  • Add BORNE_TESTNET to ChainId enum and networks map
  • Include BORNE_TESTNET in allNetworks configuration
  • Update changelogs in each package to note ‘network: add borne-testnet’
 packages/network/src/constants.ts
packages/network/src/config.ts
*/CHANGELOG.md
Bump versions and dependencies across repo
  • Update package.json versions from 1.10.11 to 1.10.14 for all @0xsequence packages
  • Upgrade root dependencies (express, hardhat, react-query)
  • Refresh pnpm-lock.yaml for cookie, express, ethereumjs-abi resolution
 package.json
packages/*/package.json
pnpm-lock.yaml
Add CI workflow and GitHub issue templates
  • Add Fortify AST scan workflow in .github/workflows/fortify.yml
  • Create bug_report.md, feature_request.md, custom.md issue templates
 .github/workflows/fortify.yml
.github/ISSUE_TEMPLATE/bug_report.md
.github/ISSUE_TEMPLATE/feature_request.md
.github/ISSUE_TEMPLATE/custom.md
Introduce access-key utility in utils package
  • Add extractProjectIdFromAccessKey in access-key.ts
  • Export new utility in utils index
  • Add unit test for access-key extraction
 packages/utils/src/access-key.ts
packages/utils/src/index.ts
packages/utils/tests/access-key.spec.ts
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@vercel

This comment was marked as outdated.

Sign in to view
@Dargon789 Dargon789 merged commit 2ec6a7c into 21-fixmerge-branch-0xsequencemaster-into-master-f2761efe54451f0b5c2f50f6485c4b5e51ddb32b Jun 12, 2025
10 of 18 checks passed
@Dargon789 Dargon789 deleted the snyk-upgrade-03178c54d4c54014129e16dcb9a2eda9 branch June 12, 2025 19:27
@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Jun 12, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Dargon789 @ScreamingHawk @attente @Shubhaankar-Sharma @yigiterdev @taylanpince @snyk-bot