Merge branch 'develop' into rename-genesis-assertion-hash-method

Author: TucksonDev

.github/workflows/contract-tests.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: stable
+          version: v1.3.6
           cache: false
 
       - name: Setup node/yarn
@@ -51,7 +51,7 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: stable
+          version: v1.3.6
           cache: false
 
       - name: Setup nodejs
@@ -64,7 +64,7 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: stable
+          version: v1.3.6
           cache: false
 
       - name: Check Contracts Format
@@ -134,7 +134,7 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: stable
+          version: v1.3.6
           cache: false
 
       - uses: OffchainLabs/actions/run-nitro-test-node@main
@@ -267,7 +267,7 @@ jobs:
   #     - name: Install Foundry
   #       uses: foundry-rs/foundry-toolchain@v1
   #       with:
-  #         version: stable
+  #         version: v1.3.6
   #         cache: false
 
   #     - name: Setup node/yarn

audit-ci.jsonc

@@ -16,21 +16,17 @@
     "GHSA-wprv-93r4-jj2p",
     // Open Zeppelin: Base64 encoding may read from potentially dirty memory
     "GHSA-9vx6-7xxf-x967",
-    // semver vulnerable to Regular Expression Denial of Service
-    "GHSA-c2qf-rxjj-qqgw",
     // Server-Side Request Forgery in axios
     "GHSA-8hc4-vh64-cxmj",
-    // Regular Expression Denial of Service (ReDoS) in micromatch
-    "GHSA-952p-6rrq-rcjv",
     // cookie accepts cookie name, path, and domain with out of bounds characters
     "GHSA-pxg6-pf52-xh8x",
-    // Regular Expression Denial of Service (ReDoS) in cross-spawn
-    "GHSA-3xgq-45jj-v275",
     // axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
     "GHSA-jr5f-v2jv-69x6",
-    // Homograph attack allows Unicode lookalike characters to bypass validation
-    "GHSA-xq7p-g2vc-g82p",
-    // brace-expansion Regular Expression Denial of Service vulnerability
-    "GHSA-v6h2-p8h4-qcjw"
+    // tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
+    "GHSA-52f5-9888-hmc6",
+    // Axios is vulnerable to DoS attack through lack of data size check
+    "GHSA-4hjh-wcwx-xvwj",
+    // form-data uses unsafe random function in form-data for choosing boundary
+    "GHSA-fjxv-7rqg-78g4"
   ]
 }

foundry.toml

@@ -30,14 +30,12 @@ compilation_restrictions = [
 skip = ['test/*']
 
 [profile.test]
-inherit = "default"
 optimizer = false
 additional_compiler_profiles = []
 compilation_restrictions = []
 skip = []
 
 [profile.yul]
-inherit = "default"
 src = 'yul'
 out = 'out/yul'
 libs = ['node_modules', 'lib']

yarn.lock

@@ -2170,6 +2170,16 @@ es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
   dependencies:
     es-errors "^1.3.0"
 
+es-set-tostringtag@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
+  integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
+  dependencies:
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.6"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.2"
+
 escalade@^3.1.1:
   version "3.2.0"
   resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5"
@@ -2656,12 +2666,14 @@ form-data@^2.2.0:
     mime-types "^2.1.12"
 
 form-data@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
-  integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
+  integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
   dependencies:
     asynckit "^0.4.0"
     combined-stream "^1.0.8"
+    es-set-tostringtag "^2.1.0"
+    hasown "^2.0.2"
     mime-types "^2.1.12"
 
 [email protected]:
@@ -2766,7 +2778,7 @@ get-intrinsic@^1.1.3, get-intrinsic@^1.2.4:
     has-symbols "^1.0.3"
     hasown "^2.0.0"
 
-get-intrinsic@^1.3.0:
+get-intrinsic@^1.2.6, get-intrinsic@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
   integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
@@ -4421,12 +4433,13 @@ [email protected]:
   integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 
 sha.js@^2.4.0, sha.js@^2.4.11, sha.js@^2.4.8:
-  version "2.4.11"
-  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
-  integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==
+  version "2.4.12"
+  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.12.tgz#eb8b568bf383dfd1867a32c3f2b74eb52bdbf23f"
+  integrity sha512-8LzC5+bvI45BjpfXU8V5fdU2mfeKiQe1D1gIMn7XUlF3OTUrpdJpPPH4EMAnF0DsHHdSZqCdSss5qCmJKuiO3w==
   dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
+    inherits "^2.0.4"
+    safe-buffer "^5.2.1"
+    to-buffer "^1.2.0"
 
 sha1@^1.1.1:
   version "1.1.1"