Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ddex yaml time #8515

Merged
merged 6 commits into from
May 20, 2024
Merged

ddex yaml time #8515

merged 6 commits into from
May 20, 2024

Conversation

stereosteve
Copy link
Contributor

such docker much yaml wow

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 16, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 4b63ba9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@stereosteve stereosteve requested review from michellebrier and phelpsdb and removed request for phelpsdb and michellebrier May 16, 2024 18:58
@audius-infra
Copy link
Collaborator

Preview this change https://demo.audius.co/ddex-docker

@audius-infra
Copy link
Collaborator

Preview this change https://demo.audius.co/ddex-docker

@pull-request-size pull-request-size bot added size/L and removed size/M labels May 17, 2024
@audius-infra
Copy link
Collaborator

Preview this change https://demo.audius.co/ddex-docker

@audius-infra
Copy link
Collaborator

Preview this change https://demo.audius.co/ddex-docker

@socket-security Socket Security
Copy link

socket-security bot commented May 17, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@alch/alchemy-web3@1.4.6 network 0 6.65 MB brian-alchemy
npm/@amplitude/node@1.9.2 network +4 590 kB kevinpagtakhan
npm/@amplitude/react-native@2.17.2 None 0 187 kB hao.yu
npm/@apollo/client@3.3.7 environment, network Transitive: eval +2 3.3 MB apollo-bot
npm/@babel/cli@7.7.0 Transitive: environment, filesystem, shell, unsafe +30 7.68 MB nicolo-ribaudo
npm/@babel/plugin-proposal-class-static-block@7.21.0 Transitive: environment, filesystem, unsafe +37 7.91 MB nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx@7.21.0 Transitive: environment, filesystem, unsafe +32 7.69 MB nicolo-ribaudo
npm/@babel/plugin-transform-runtime@7.18.2 unsafe Transitive: environment, filesystem +30 7.61 MB nicolo-ribaudo
npm/@babel/preset-env@7.22.15 environment Transitive: filesystem, unsafe +114 9.64 MB nicolo-ribaudo
npm/@babel/preset-typescript@7.22.15 Transitive: environment, filesystem, unsafe +40 8.1 MB nicolo-ribaudo
npm/@babel/register@7.7.0 environment, filesystem Transitive: unsafe +29 7.6 MB nicolo-ribaudo
npm/@babel/runtime@7.18.3 None 0 201 kB nicolo-ribaudo
npm/@certusone/wormhole-sdk@0.1.1 filesystem Transitive: environment, network +3 15.3 MB evan-gray
npm/@changesets/cli@2.27.1 environment, filesystem, shell +27 1.43 MB changesets-release-bot
npm/@cloudflare/kv-asset-handler@0.3.1 None +1 126 kB wrangler-publisher
npm/@coinbase/cbpay-js@1.2.0 None 0 172 kB lachiet
npm/@coinflowlabs/react-native@2.1.5 Transitive: environment, eval, network +7 12.1 MB meeder-coinflow
npm/@coinflowlabs/react@3.1.5 network 0 206 kB meeder-coinflow
npm/@coral-xyz/anchor@0.29.0 environment, filesystem, network +3 2.23 MB acheroncrypto
npm/@elastic/elasticsearch@8.1.0 Transitive: network +1 2.45 MB delvedor
npm/@emotion/babel-plugin@11.11.0 environment +9 2.84 MB emotion-release-bot
npm/@emotion/babel-preset-css-prop@11.11.0 environment Transitive: filesystem, unsafe +32 7.63 MB emotion-release-bot
npm/@emotion/css@11.11.2 environment +8 527 kB emotion-release-bot
npm/@emotion/eslint-plugin@11.11.0 environment 0 101 kB emotion-release-bot
npm/@emotion/native@11.11.0 environment +1 75.3 kB emotion-release-bot
npm/@emotion/react@11.11.1 environment +9 856 kB emotion-release-bot
npm/@emotion/server@11.11.0 environment +2 77.7 kB emotion-release-bot
npm/@emotion/styled@11.11.0 environment +7 311 kB emotion-release-bot
npm/@esbuild-plugins/node-globals-polyfill@0.2.3 None 0 105 kB xmorse
npm/@escape.tech/mookme@2.4.1 environment, filesystem, shell +4 271 kB steffthestunt
npm/@ethersproject/solidity@5.0.5 None +7 475 kB ricmoo
npm/@fingerprintjs/fingerprintjs-pro@3.5.6 eval, network +1 852 kB surgie
npm/@google/model-viewer@3.3.0 network 0 30.9 MB google-wombot
npm/@gorhom/portal@1.0.9 None 0 89.6 kB gorhom
npm/@hcaptcha/react-hcaptcha@0.3.6 None 0 30.8 kB brdlyptrs
npm/@improbable-eng/grpc-web-node-http-transport@0.15.0 network +1 77.8 kB marcuslongmuir
npm/alchemy-sdk@2.0.1 None 0 1.44 MB brian-alchemy
npm/nodemon@2.0.19 environment, filesystem, shell Transitive: network +17 835 kB remy
npm/prom-client@14.0.1 filesystem, network, unsafe 0 105 kB simenb
npm/web3@1.7.5 Transitive: network +63 14.5 MB jdevcs

🚮 Removed packages: npm/@openzeppelin/test-helpers@0.5.5, npm/@openzeppelin/upgrades@2.8.0, npm/@solana-mobile/dapp-store-cli@0.8.2, npm/@truffle/hdwallet-provider@1.7.0, npm/@typescript-eslint/eslint-plugin@5.55.0, npm/@typescript-eslint/parser@5.55.0, npm/async@2.6.4, npm/babel-register@6.26.0, npm/bignumber.js@8.1.1, npm/eslint-config-prettier@8.7.0, npm/eslint-plugin-prettier@4.2.1, npm/eslint@8.36.0, npm/ethereumjs-abi@0.6.7

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented May 17, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/nodemon@2.0.19
  • Install script: postinstall
  • Source: node bin/postinstall || exit 0
Install scripts npm/@apollo/protobufjs@1.2.7
  • Install script: postinstall
  • Source: node scripts/postinstall
  • orphan: npm/@apollo/protobufjs@1.2.7
Install scripts npm/web3@1.7.5
  • Install script: postinstall
  • Source: echo "WARNING: the web3-shh and web3-bzz api will be deprecated in the next version"
Install scripts npm/web3-bzz@1.7.5
  • Install script: postinstall
  • Source: echo "WARNING: the web3-bzz api will be deprecated in the next version"
Install scripts npm/web3-shh@1.7.5
  • Install script: postinstall
  • Source: echo "WARNING: the web3-shh api will be deprecated in the next version"

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/nodemon@2.0.19
  • @SocketSecurity ignore npm/@apollo/protobufjs@1.2.7
  • @SocketSecurity ignore npm/web3@1.7.5
  • @SocketSecurity ignore npm/web3-bzz@1.7.5
  • @SocketSecurity ignore npm/web3-shh@1.7.5

@audius-infra
Copy link
Collaborator

Preview this change https://demo.audius.co/ddex-docker

@stereosteve stereosteve merged commit 981954f into main May 20, 2024
39 of 46 checks passed
@stereosteve stereosteve deleted the ddex-docker branch May 20, 2024 14:21
audius-infra pushed a commit that referenced this pull request May 20, 2024
Audius Protocol v0.6.107
bcd8e9b 
[981954f] ddex yaml time (#8515) Steve Perkins
[692e5cb] [PROTO-1690] Elasticsearch cluster health check (#8548) Danny
[bebe484] mediorum: in memory image cache (#8544) Steve Perkins
[5a7f3e3] Tighter over-replication threshold (#8539) Steve Perkins
[fdc248d] [C-4277] Prevent empty albums in feed (#8444) Dylan Jeffers
[c7ec583] Local development fixes (lint, compose, deps) (#8486) Danny
[ba67563] Fix CRM log message (#8507) Raymond Jacobson
schottra added a commit that referenced this pull request May 21, 2024
@schottra
Merge remote-tracking branch 'origin/main' into pay-2924-shadow-user-…
2d3b11c 
…endpoints

* origin/main: (57 commits)
  [PROTO-1836] Add ApiKey with requests (#8567)
  Fix allowed api key test (#8571)
  Upgrade mobile apps to .98 (#8566)
  [PROTO-1835] Enforce allowed api keys for stream (#8565)
  [PROTO-1833] Index allowed api keys (#8564)
  [PROTO-1832] Add app name along with stream requests (#8559)
  [PAY-3049, QA-1307] filter premium albums from feed if flag off; fix feed spacing (#8562)
  [PAY-2767] Premium albums mobile analytics (#8549)
  PROTO-1823: mri plugin (#8519)
  [C-4402] Use completed at for cooldown check (#8557)
  [C-4304] Delete image code cruft (#8554)
  Filter out all premium content on USDC_PURCHASES flag (#8560)
  Lint check should actually fail, not modify in place. (#8558)
  [C-4401] Fix reward in cooldown button (#8537)
  Parallelize discovery and AAO attestations  (#8545)
  [QA-1294] Refetch collection tracks after edit (#8553)
  Fix mobile-web add track to album and create album (#8551)
  ddex docker: keep src dir (#8556)
  Audius Protocol v0.6.107
  ddex yaml time (#8515)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michellebrier michellebrier michellebrier approved these changes

Assignees
No one assigned
Labels
size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stereosteve @audius-infra @michellebrier