feat: Redis Workers POC #467
Conversation
|
We're building your pull request over on Zeet. |
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/follow-redirects@1.15.2, npm/thirdweb@5.0.0-beta-ca68bc77e74f594360b4da1e9e77793b66cfb12a-20240323045412 |
src/db/client.ts
Outdated
| export const getRedisClient = async (): Promise<Redis> => { | ||
| if (!isRedisReady) { | ||
| redisClient = new Redis(env.REDIS_URL, { | ||
| maxRetriesPerRequest: null, |
There was a problem hiding this comment.
Unclear why this is needed but it looks like it fixes an issue. Add a comment to document?
src/db/transactions/cleanTxs.ts
Outdated
| minedAt: tx.minedAt?.toISOString() || null, | ||
| cancelledAt: tx.cancelledAt?.toISOString() || null, | ||
| processedAt: undefined, | ||
| queuedAt: |
There was a problem hiding this comment.
Is this instanceof Date needed? It should always be a Date when read from DB.
| throw createCustomError( | ||
| `Wallet with address ${walletAddress} was configured with unknown wallet type ${walletDetails.type}`, | ||
| 400, | ||
| "BAD_REQUEST", |
There was a problem hiding this comment.
This is a low level helper func which really shouldn't know or imply anything about the caller's intent. So it shouldn't know what status code to set.
* fix: add errorMessage to query to get queued txs * remove unused files * update thirdweb package * getWalletBalance fix
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.2 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
PR-Codex overview
This PR focuses on optimizing Redis usage, improving webhook handling, and enhancing transaction processing.
Detailed summary