Skip to content

Update dependency solidity-coverage to v0.8.16 #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency solidity-coverage to v0.8.16 #10

wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Apr 7, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
solidity-coverage 0.8.5 -> 0.8.16 age confidence

Release Notes

sc-forks/solidity-coverage (solidity-coverage)

v0.8.16: 0.8.16

Compare Source

Support for custom storage layout syntax

This version updates the plugin's parser dependency to support the layout and at keywords introduced in Solidity v0.8.29

What's Changed

Full Changelog: sc-forks/solidity-coverage@v0.8.15...v0.8.16

v0.8.15: 0.8.15

Compare Source

Speed up test runs when using viaIR

This release adds an irMinimum option which should improve execution speeds if you're generating coverage with solc's viaIR mode enabled. The plugin has handled viaIR for about a year but it runs more slowly in that setting because it has to search for execution traces across a wider range of opcodes. The performance hit is especially notable in solidity code that iterates hundreds of times in loops.

NOTE: Not all code will compile withirMinimum (you may get stack-too-deep errors unfortunately). But if yours does, this option should make things faster for you.

Usage

// .solcover.js
module.exports = {
  irMinimum: true,
}

What's Changed

New Contributors

Full Changelog: sc-forks/solidity-coverage@v0.8.14...v0.8.15

v0.8.14: 0.8.14

Compare Source

What's Changed

New Contributors

Full Changelog: sc-forks/solidity-coverage@v0.8.13...v0.8.14

v0.8.13

Compare Source

🐛 Bug Fixes

This release fixes a bug that caused the plugin to error when used with hardhat-viem in combination with a forked network.

What's Changed

New Contributors

Full Changelog: sc-forks/solidity-coverage@v0.8.12...v0.8.13

v0.8.12

Compare Source

What's Changed

  • Adds "work-around" support for the hardhat-viem plugin. If you're using viem, run the coverage task with: 
    SOLIDITY_COVERAGE=true npx hardhat coverage
  • Adds support for solc v0.4.x
  • Fixes a bug where plugin crashed if the contract sources directory name contained a period.
  • Fixes a bug where instrumentation failed if there was whitespace between require statement and the terminating semi-colon
PRs

Full Changelog: sc-forks/solidity-coverage@v0.8.11...v0.8.12

v0.8.11

Compare Source

===================

  • Check all SWAP opcodes for inst. hashes when viaIR is true (#​873)

v0.8.10

Compare Source

===================

  • Check all PUSH opcodes for instr. hashes when viaIR is true (#​871)

v0.8.9

Compare Source

==================

  • Fix duplicate hash logic (#​868)
  • Improve organization of edge case code in collector (#​869)

v0.8.8

Compare Source

==================

  • Coerce sources path to absolute path if necessary (#​866)
  • Only inject file-level instr. for first pragma in file (#​865)

v0.8.7

Compare Source

==================

  • Documentation Cleanup & Improvements for 0.8.7 release
    (#​859)
  • Add tests for file-level function declarations
    (#​858)
  • Add try / catch unit tests (#​857)
  • Fix test project configs for viaIR detection in overrides
    (#​856)
  • Enable coverage when viaIR compiler flag is true
    (#​854)
  • Add missing onPreCompile hook
    (#​851)
  • Remove ganache-cli related code from API & tests
    (#​849)
  • Add command option to specify the source files to run the coverage on
    (#​838)

v0.8.6

Compare Source

==================

  • Add test for multi-contract files with inheritance
    (#​836)
  • Add test for modifiers with post-conditions (#​835)
  • Document Istanbul check-coverage cli command
    (#​834)
  • Throw error when mocha parallel is set to true
    (#​833)
  • Fix instrumentation error for virtual modifiers
    (#​832)
  • Add test for file level using for statements
    (#​831)
  • Fix chained ternary conditionals instrumentation
    (#​830)
  • Update faq.md with an optimizer config workaround
    (#​822)
  • Upgrade solidity-parser to 0.18.0 (#​829)
  • Perform ternary conditional injections before branch injections
    (#​828)
  • Add drips funding config (#​827)

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security
Copy link

socket-security bot commented Apr 7, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednext@​13.4.28225939870
Added@​parcel/​watcher-android-arm64@​2.4.11001003579100
Added@​parcel/​watcher-darwin-arm64@​2.4.11001003579100
Added@​parcel/​watcher-darwin-x64@​2.4.11001003579100
Added@​parcel/​watcher-freebsd-x64@​2.4.11001003578100
Added@​parcel/​watcher-linux-arm-glibc@​2.4.11001003579100
Added@​parcel/​watcher-linux-arm64-glibc@​2.4.11001003579100
Added@​parcel/​watcher-linux-arm64-musl@​2.4.11001003579100
Added@​parcel/​watcher-linux-x64-glibc@​2.4.11001003579100
Added@​parcel/​watcher-linux-x64-musl@​2.4.11001003579100
Added@​parcel/​watcher-win32-arm64@​2.4.11001003579100
Added@​parcel/​watcher-win32-ia32@​2.4.11001003578100
Added@​parcel/​watcher-win32-x64@​2.4.11001003579100
Added@​next/​swc-darwin-arm64@​13.4.21001003799100
Added@​next/​swc-darwin-x64@​13.4.21001003799100
Added@​next/​swc-linux-arm64-gnu@​13.4.21001003799100
Added@​next/​swc-linux-arm64-musl@​13.4.21001003799100
Added@​next/​swc-linux-x64-gnu@​13.4.21001003799100
Added@​next/​swc-linux-x64-musl@​13.4.21001003799100
See 228 more rows in the dashboard

View full report

@renovate renovate bot force-pushed the renovate/solidity-coverage-0.x-lockfile branch from 1f31b2c to 21621f0 Compare April 19, 2025 03:29
@renovate renovate bot changed the title Update dependency solidity-coverage to v0.8.14 Update dependency solidity-coverage to v0.8.15 Apr 19, 2025
@socket-security
Copy link

socket-security bot commented Apr 19, 2025
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Block High
[email protected] has Telemetry.

Note: Can be disabled by setting the environment variable NEXT_TELEMETRY_DISABLED=1 . See https://nextjs.org/telemetry for more information

From: packages/react-app/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
[email protected] is a AI-detected potential code anomaly.

Notes: The code appears to have risky practices such as downloading and executing binaries without validation and potential code execution via execSync. It does not contain obvious malware, but there is a risk associated with executing downloaded binaries and scripts without proper validation or integrity checks.

Confidence: 1.00

Severity: 0.60

From: packages/react-app/yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
[email protected] has a Critical CVE.

CVE: GHSA-f82v-jwr5-mffw Authorization Bypass in Next.js Middleware (CRITICAL)

Affected versions: >= 13.0.0, < 13.5.9

Patched version: 13.5.9

From: packages/react-app/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate
Update dependency solidity-coverage to v0.8.16
f323954 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/solidity-coverage-0.x-lockfile branch from 21621f0 to f323954 Compare May 11, 2025 03:47
@renovate renovate bot changed the title Update dependency solidity-coverage to v0.8.15 Update dependency solidity-coverage to v0.8.16 May 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant