Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Merge branch 'main-execution' into main (#23) #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 0 commits into from
Nov 9, 2025
Merged

Merge branch 'main-execution' into main (#23) #24

Dargon789 merged 0 commits into from
Nov 9, 2025

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Nov 9, 2025
edited by sourcery-ai bot
Loading

Bumps the npm_and_yarn group with 4 updates in the / directory: undici, ws, mermaid and vite.
Bumps the npm_and_yarn group with 2 updates in the /packages/hardhat-ignition-ui directory: mermaid and vite.
Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-ignition-examples/ens directory: @ensdomains/ens-contracts.

Updates undici from 5.28.4 to 5.29.0

Updates ws from 7.5.10 to 8.17.1

Updates mermaid from 10.9.3 to 10.9.4

Updates vite from 5.4.17 to 5.4.20

Updates mermaid from 10.9.3 to 10.9.4

Updates vite from 5.4.17 to 5.4.20

Updates @ensdomains/ens-contracts from 0.0.11 to 0.0.22

updated-dependencies:

  • dependency-name: undici dependency-version: 5.29.0 dependency-type: direct:production dependency-group: npm_and_yarn
  • dependency-name: ws dependency-version: 8.17.1 dependency-type: direct:production dependency-group: npm_and_yarn
  • dependency-name: mermaid dependency-version: 10.9.4 dependency-type: direct:development dependency-group: npm_and_yarn
  • dependency-name: vite dependency-version: 5.4.20 dependency-type: direct:development dependency-group: npm_and_yarn
  • dependency-name: mermaid dependency-version: 10.9.4 dependency-type: direct:development dependency-group: npm_and_yarn
  • dependency-name: vite dependency-version: 5.4.20 dependency-type: direct:development dependency-group: npm_and_yarn
  • dependency-name: "@ensdomains/ens-contracts" dependency-version: 0.0.22 dependency-type: direct:production dependency-group: npm_and_yarn ...

  • Add .circleci/config.yml

  • Create SECURITY.md (Create SECURITY.md #3)

  • Create SECURITY.md

  • Update SECURITY.md

  • Update SECURITY.md

  • Delete SECURITY.md

  • Create dependabot.yml (Create dependabot.yml #4)

  • Create web3_gamefi.yml

  • Bump vite in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: vite.

Updates vite from 5.4.20 to 5.4.21

updated-dependencies:

  • dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn ...

  • Update .circleci/web3_gamefi.yml

  • Create SECURITY.md (Create SECURITY.md #3)

  • Create SECURITY.md

  • Update SECURITY.md

  • Update SECURITY.md

  • Delete SECURITY.md

  • Create dependabot.yml (Create dependabot.yml #4)

  • Create web3_gamefi.yml

  • Bump vite in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: vite.

Updates vite from 5.4.20 to 5.4.21

updated-dependencies:

  • dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn ...
  • Because this PR includes a bug fix, relevant tests have been included.
  • Because this PR includes a new feature, the change was previously discussed on an Issue or with someone from the team.
  • I didn't do anything of this.

Summary by Sourcery

Merge CI setup improvements and bump multiple dependencies across packages

Enhancements:

  • Update undici to 5.29.0, ws to 8.17.1, mermaid to 10.9.4, vite to 5.4.21, web3 to 4.16.0, and @ensdomains/ens-contracts to 0.0.22 across several packages

CI:

  • Add CircleCI configuration with say-hello and web3_gamefi workflows

Chores:

  • Add Dependabot version update configuration

@vercel

This comment was marked as resolved.

Sign in to view
@sourcery-ai
Copy link
Contributor

sourcery-ai bot commented Nov 9, 2025
edited
Loading

Reviewer's Guide

This PR merges the main-execution branch into main, integrating new CircleCI workflows and Dependabot, standardizing security policy, and performing version bumps on core and plugin dependencies via direct edits to package.json files.

Class diagram for updated package dependencies

classDiagram
  class HardhatCore {
    +undici: ^5.29.0
    +ws: ^8.17.1
  }
  class HardhatVerify {
    +undici: ^5.29.0
  }
  class HardhatIgnitionUI {
    +mermaid: 10.9.4
    +vite: ^5.4.21
  }
  class HardhatTruffle4 {
    +web3: ^4.16.0
  }
  class HardhatTruffle5 {
    +web3: ^4.16.0
  }
  class HardhatWeb3Legacy {
    +web3: ^4.16.0
  }
  class HardhatWeb3V4 {
    +web3: ^4.16.0
  }
  class HardhatWeb3 {
    +web3: ^4.16.0
  }
  class HardhatIgnitionExamplesENS {
    +@ensdomains/ens-contracts: 0.0.22
  }
Loading

File-Level Changes

Change Details Files
Add and update CircleCI pipeline configurations
  • Introduced a 'say-hello' job and corresponding workflow in .circleci/config.yml
  • Defined custom executor and setup steps in .circleci/web3_gamefi.yml
 .circleci/config.yml
.circleci/web3_gamefi.yml
Introduce Dependabot for automated dependency updates
  • Created .github/dependabot.yml with a weekly package update schedule
 .github/dependabot.yml
Consolidate SECURITY.md guidelines
  • Created and refined SECURITY.md to establish security policy
  • Removed redundant SECURITY.md duplicates
 SECURITY.md
Bump npm and yarn dependencies across core and plugins
  • Upgraded undici to 5.29.0 and ws to 8.17.1 in hardhat-core
  • Updated mermaid to 10.9.4 and vite to 5.4.21 in hardhat-ignition-ui
  • Elevated web3 to 4.16.0 in hardhat-truffle4, hardhat-truffle5, hardhat-web3-legacy, hardhat-web3-v4, and hardhat-web3
  • Bumped @ensdomains/ens-contracts to 0.0.22 in hardhat-ignition-examples/ens
 packages/hardhat-core/package.json
packages/hardhat-ignition-ui/package.json
packages/hardhat-truffle4/package.json
packages/hardhat-truffle5/package.json
packages/hardhat-web3-legacy/package.json
packages/hardhat-web3-v4/package.json
packages/hardhat-web3/package.json
packages/hardhat-ignition-examples/ens/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Nov 9, 2025

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates a series of updates and infrastructure enhancements from the main-execution branch into main. The primary focus is on bringing various core dependencies up to their latest stable versions, notably a significant upgrade to web3 across several packages. Additionally, it establishes foundational CI/CD pipelines using CircleCI and introduces automated dependency management via Dependabot, alongside a new security policy document.

Highlights

  • Core Dependency Upgrades: Multiple core dependencies across various packages have been updated, including significant bumps for undici, ws, mermaid, vite, and notably, web3 across several hardhat related packages, bringing it to version 4.16.0.
  • CI/CD Pipeline Initialization: Initial CircleCI configurations have been introduced, including a generic setup and a specialized configuration for web3/gamefi projects, laying the groundwork for automated testing and deployment.
  • Automated Dependency Management: Dependabot has been configured to automate the process of keeping dependencies up-to-date, with a weekly schedule for checking and proposing updates.
  • Security Policy Documentation: A SECURITY.md file has been added to the repository, outlining the project's security policy and guidelines for reporting vulnerabilities.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

sourcery-ai[bot]
sourcery-ai bot approved these changes Nov 9, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents 
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `.github/dependabot.yml:8` </location>
<code_context>
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
</code_context>

<issue_to_address>
**issue (bug_risk):** The package-ecosystem field is empty, which may prevent Dependabot from functioning.

Specify a valid package-ecosystem value to enable Dependabot updates for your dependencies.
</issue_to_address>

### Comment 2
<location> `.circleci/config.yml:14` </location>
<code_context>
+    docker:
+      # Specify the version you desire here
+      # See: https://circleci.com/developer/images/image/cimg/base
+      - image: cimg/base:current

-    executor: my-custom-executor
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Using 'cimg/base:current' may introduce instability due to frequent updates.

Consider specifying a fixed image tag to maintain build consistency and prevent issues from upstream changes.

```suggestion
      - image: cimg/base:2024.04
```
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@Dargon789 Dargon789 closed this Nov 9, 2025
@Dargon789 Dargon789 merged commit 73218f2 into main Nov 9, 2025
66 of 156 checks passed
@Dargon789 Dargon789 deleted the main-v.3.0.0 branch November 9, 2025 01:48
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 9, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request merges the main-execution branch and includes numerous dependency updates and CI/CD configuration changes. While many of the dependency bumps are routine, there are several critical issues. The new dependabot.yml is misconfigured and will not work. More importantly, several packages (hardhat-truffle4, hardhat-truffle5, hardhat-web3-legacy, hardhat-web3) have their web3 dependency upgraded across major versions (e.g., from v0.20 to v4, or v1 to v4). These upgrades introduce significant breaking changes and are likely to break these compatibility packages for their users. These changes should be carefully reviewed and likely reverted. I've also included a minor suggestion to improve the new CircleCI configuration file.

@Dargon789 Dargon789 mentioned this pull request Nov 9, 2025
Open
This was referenced Nov 9, 2025
Merged
Merged
Merged
@sourcery-ai sourcery-ai bot mentioned this pull request Nov 17, 2025
Merged
3 tasks
This was referenced Nov 28, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status:ready

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dargon789