Refactor dependencies to use latest versions and update CI workflows for safe-modules-allowance. #490
Conversation
…for safe-modules-allowance.
mmv08
requested review from
nlordell,
akshay-ap and
remedcu
and removed request for
a team
…acts version 1.4.1.
modules/allowances/package.json
Outdated
| "author": "richard@gnosis.io", | ||
| "license": "ISC", | ||
| "author": "safe-global", | ||
| "license": "GPL-3.0", |
There was a problem hiding this comment.
FYI: GPL-3.0 is deprecated. https://spdx.org/licenses/GPL-3.0.html
There was a problem hiding this comment.
This is the one we use in the other files, I'd raise this with legal. It says the identifier has been deprecated but not the license. We need a translation from legalese
There was a problem hiding this comment.
I changed it to GPL because this is the one we use in other files. I see it's deprecated and asked in Slack which one we should use.
Let's address this later in a different PR (I can also revert the change until we get more clarity)
There was a problem hiding this comment.
This is the one we use in the other files, I'd raise this with legal. It says the identifier has been deprecated but not the license. We need a translation from legalese
The non-deprecated identifier is GPL-3.0-only.
There was a problem hiding this comment.
Basically, the GPL-3.0 identifier was ambiguous because GPL has a "license update clause" (meaning that if they come up with a GPL-4, then all GPL-3 code will also be licensed under v4). In SPDX, this was represented by GPL-3.0-or-later. GPL-3.0 changed to GPL-3.0-only to avoid confusion (as it is the GPL license opting out of the "license update clause").
There was a problem hiding this comment.
Looking at the contract code, this should be LGPL-3.0-only (see the SPDX identifier used in the Solidity code).
…ctories. * Remove unnecessary directory references in Safe4337Module.conf * Update package paths in SignatureLengthCheck.conf, TransactionExecutionMethods.conf and ValidationDataLastBitOne.conf * Refactor checkSignatures function in Account.sol to be viewless
| @@ -15,9 +15,10 @@ | |||
| ], | |||
| "rule_sanity": "basic", | |||
| "solc": "solc8.23", | |||
| "solc_allow_path":"../../node_modules", | |||
There was a problem hiding this comment.
Previously there was a bug with solc's allow path option and certora-cli, now it's fixed we can use it and get rid of the crazy direct links
| "@account-abstraction=../../node_modules/.pnpm/@account-abstraction+contracts@0.7.0/node_modules/@account-abstraction", | ||
| "@safe-global=../../node_modules/.pnpm/@safe-global+safe-contracts@1.4.1-build.0_ethers@6.13.2_bufferutil@4.0.8_utf-8-validate@5.0.10_/node_modules/@safe-global" | ||
| "@account-abstraction=node_modules/@account-abstraction", | ||
| "@safe-global=node_modules/@safe-global" |
Pull Request Test Coverage Report for Build 12297832552Details
💛 - Coveralls |
|
I updated the licenses everywhere to be LGPL-3.0 only, except the recovery module, because I wasn't sure if we could change the license since it's a distribution of another project. |
mmv08
force-pushed
the
deps/bump
branch
6 times, most recently
from
a71cbef to
fbc6511
Compare
- Bump Node.js version requirement from ^20 to ^22 in package.json files. - Update various dependencies including: - `dotenv` from ^16.4.5 to ^16.4.7 - `eslint-plugin-react-refresh` from ^0.4.14 to ^0.4.16 - `prettier` from ^3.4.1 to ^3.4.2 - `sherif` from ^1.0.2 to ^1.1.1 - `viem` from 2.21.51 to 2.21.54 - `@types/node` from ^20.14.10 to ^22.10.2 - `hardhat` from ^2.22.16 to ^2.22.17 - `solidity-coverage` from ^0.8.13 to ^0.8.14 - `@safe-global/safe-deployments` from ^1.37.18 to ^1.37.22 - Ensure compatibility with updated versions across all affected modules. This update enhances the stability and security of the project by keeping dependencies up to date.
This PR:
ISafeused in tests and in the production codepnpmin the Safe Allowance module