kleros · jaybuidl · Feb 21, 2025 · Feb 21, 2025
@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         egress-policy: audit
 
@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
+      uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,7 +61,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
+      uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -74,6 +74,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
+      uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
       with:
         category: "/language:${{matrix.language}}"
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         disable-sudo: true
         egress-policy: block
@@ -50,13 +50,13 @@ jobs:
         yarn set version 4.5.1
 
     - name: Setup Node.js environment
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
       with:
         node-version: 20.x   
         cache: yarn
 
     - name: Cache node modules
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
       env:
         cache-name: cache-node-modules
       with:
@@ -71,7 +71,7 @@ jobs:
       run: yarn workspace @kleros/kleros-v2-contracts install
 
     - name: Install Foundry
-      uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0
+      uses: foundry-rs/foundry-toolchain@de808b1eea699e761c404bda44ba8f21aba30b2c # v1.3.1
 
     - name: Install lcov
       run: sudo apt-get install -y lcov
@@ -81,7 +81,7 @@ jobs:
       working-directory: contracts
 
     - name: Upload a build artifact
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
       with:    
         name: code-coverage-report    
         path: contracts/coverage
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           disable-sudo: true
           egress-policy: block

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

@@ -35,7 +35,7 @@ jobs:
     environment: ${{ inputs.graph_environment }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -56,7 +56,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -78,14 +78,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
+        uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
         with:
           sarif_file: results.sarif
@@ -17,7 +17,7 @@ jobs:
       version: ${{ steps.set-version.outputs.version }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         disable-sudo: true
         egress-policy: block
@@ -44,13 +44,13 @@ jobs:
         yarn set version 4.5.1
 
     - name: Setup Node.js environment
-      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
       with:
         node-version: 20.x   
         cache: yarn
 
     - name: Cache node modules
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+      uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
       env:
         cache-name: cache-node-modules
       with:
@@ -72,7 +72,7 @@ jobs:
       working-directory: web
 
     - name: Create Sentry release
-      uses: getsentry/action-release@f6dfa3d84a1c740b94aa45255c5e032b744a095d # v1.9.0
+      uses: getsentry/action-release@ffb64465339ef6fb868e2fc261318d78ae0ed8d9 # v1.10.5
       env:
         SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
         SENTRY_ORG: ${{ secrets.SENTRY_ORG }}

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 

@@ -11,7 +11,7 @@
     "node": ">=16.0.0"
   },
   "volta": {
-    "node": "18.19.0"
+    "node": "18.20.6"
   },
   "publishConfig": {
     "access": "public",
@@ -73,7 +73,7 @@
     "@kleros/kleros-v2-eslint-config": "workspace:^",
     "@kleros/kleros-v2-prettier-config": "workspace:^",
     "@kleros/kleros-v2-tsconfig": "workspace:^",
-    "@logtail/pino": "^0.4.22",
+    "@logtail/pino": "^0.5.0",
     "@nomicfoundation/hardhat-chai-matchers": "^2.0.8",
     "@nomicfoundation/hardhat-ethers": "^3.0.8",
     "@nomiclabs/hardhat-solhint": "^4.0.1",

@@ -14,7 +14,7 @@
   ],
   "type": "module",
   "volta": {
-    "node": "20.18.2"
+    "node": "20.18.3"
   },
   "publishConfig": {
     "access": "public",
@@ -49,7 +49,7 @@
     "typescript": "^5.6.3",
     "vite": "^5.4.11",
     "vite-plugin-dts": "^4.3.0",
-    "vite-plugin-node-polyfills": "^0.22.0",
+    "vite-plugin-node-polyfills": "^0.23.0",
     "wagmi": "^2.14.0"
   },
   "dependencies": {

@@ -15,7 +15,7 @@
   ],
   "type": "commonjs",
   "volta": {
-    "node": "20.18.2"
+    "node": "20.18.3"
   },
   "publishConfig": {
     "access": "public",

@@ -29,7 +29,7 @@
   ],
   "packageManager": "[email protected]",
   "volta": {
-    "node": "20.18.2",
+    "node": "20.18.3",
     "yarn": "4.6.0"
   },
   "devDependencies": {
@@ -57,10 +57,10 @@
     "minimatch@npm:3.0.4": "npm:3.0.8",
     "minimatch@npm:^3.0.4": "npm:3.0.8",
     "nanoid^3.3.1": "npm:3.3.4",
-    "node-fetch": "npm:2.6.7",
+    "node-fetch": "npm:[email protected]",
     "underscore@npm^3.0.4": "npm:1.12.1",
     "eth-sig-util@npm:^1.4.2": "npm:3.0.0",
-    "fast-xml-parser": "npm:4.2.5",
+    "fast-xml-parser": "npm:[email protected]",
     "@babel/traverse:^7.22.5": "npm:7.23.6",
     "yargs-unparser@npm:1.6.0": "npm:1.6.4",
     "dompurify@npm:^2.4.0": "npm:2.5.7",

@@ -25,7 +25,7 @@ services:
       GRAPH_LOG: info
     stop_grace_period: 5s
   ipfs:
-    image: ipfs/go-ipfs:v0.22.0
+    image: ipfs/go-ipfs:v0.33.2
     ports:
       - "5001:5001"
     volumes:

@@ -69,7 +69,7 @@
     "stop-local-indexer": "docker compose -f ../services/graph-node/docker-compose.yml down && rm -rf ../services/graph-node/data"
   },
   "volta": {
-    "node": "20.18.2"
+    "node": "20.18.3"
   },
   "dependencies": {
     "@graphprotocol/graph-ts": "^0.37.0"

@@ -8,8 +8,8 @@
   "license": "MIT",
   "type": "module",
   "volta": {
-    "node": "20.18.2",
-    "yarn": "4.5.1"
+    "node": "20.18.3",
+    "yarn": "4.6.0"
   },
   "scripts": {
     "clean": "rimraf .next src/graphql-generated src/hooks/contracts/generated.ts",
@@ -55,7 +55,7 @@
     "@tanstack/react-query": "^5.61.0",
     "@wagmi/connectors": "^5.5.0",
     "@wagmi/core": "^2.16.3",
-    "@yornaath/batshit": "^0.9.0",
+    "@yornaath/batshit": "^0.10.0",
     "graphql": "^16.9.0",
     "graphql-request": "^7.1.2",
     "next": "14.2.18",
@@ -68,7 +68,7 @@
     "react-use": "^17.5.1",
     "styled-components": "^5.3.3",
     "typewriter-effect": "^2.21.0",
-    "vanilla-jsoneditor": "^0.21.6",
+    "vanilla-jsoneditor": "^0.23.0",
     "viem": "^2.21.50",
     "wagmi": "^2.14.10"
   }

@@ -74,7 +74,7 @@
     "rimraf": "^6.0.1",
     "typescript": "^5.6.3",
     "vite": "^5.4.11",
-    "vite-plugin-node-polyfills": "^0.21.0",
+    "vite-plugin-node-polyfills": "^0.23.0",
     "vite-plugin-svgr": "^4.3.0",
     "vite-tsconfig-paths": "^4.3.2"
   },
@@ -98,7 +98,7 @@
     "@types/react-modal": "^3.16.3",
     "@wagmi/connectors": "^5.5.0",
     "@wagmi/core": "^2.16.3",
-    "@yornaath/batshit": "^0.9.0",
+    "@yornaath/batshit": "^0.10.0",
     "chart.js": "^3.9.1",
     "chartjs-adapter-moment": "^1.0.1",
     "chartjs-plugin-datalabels": "^2.2.0",