[DI-48] fix: replace vulnerable tj-actions actions with dorny/paths-filter #3595
Conversation
Replace all tj-actions actions (changed-files, verify-changed-files, branch-names) with secure alternatives to mitigate the security vulnerability. Used dorny/paths-filter for file checking and bash scripts for branch name detection. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
WalkthroughThis pull request updates GitHub Actions workflows by replacing older Changes
Sequence Diagram(s)sequenceDiagram
participant Event as GitHub Event
participant Filter as dorny/paths-filter
participant Step as Workflow Step
Event->>Filter: Trigger file change detection (Solidity, GolangCI, yarn.lock)
Filter-->>Event: Return outputs (sol, config, yarn)
Event->>Step: Evaluate conditions based on outputs
Step-->>Event: Execute subsequent actions (e.g., label management)
sequenceDiagram
participant Event as GitHub Event
participant Script as Custom Branch Script
participant Next as Subsequent Step
Event->>Script: Provide GITHUB_REF input
Script-->>Event: Output is_default & current_branch
Event->>Next: Use branch info for further processing
Poem
Tip ⚡🧪 Multi-step agentic review comment chat (experimental)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (2)
.github/workflows/goreleaser-actions.yml (1)
160-165: Branch Extraction CustomizationThe custom branch name extraction script (using parameter expansion and writing to $GITHUB_OUTPUT) clearly replaces the vulnerable tj‑actions/branch‑names action. Please verify that this logic robustly handles all potential formats of
GITHUB_REF(for example, non‑standard branch prefixes or tags) so that subsequent steps correctly interpret the branch status..github/workflows/packages.yml (1)
89-93: Simplified Changed Files ListingThe “List changed files” step now explicitly echoes that
yarn.lockhas changed when detected. This simplified messaging aids in debugging. Double‑check that this meets your expectations for reporting file changes.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/go.yml(3 hunks).github/workflows/goreleaser-actions.yml(1 hunks).github/workflows/packages.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/go.yml
56-56: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
64-64: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
464-464: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
620-620: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/packages.yml
70-70: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: SonarCloud
- GitHub Check: Cloudflare Pages
🔇 Additional comments (2)
.github/workflows/packages.yml (2)
77-88: Label Management Based on Yarn.lock ChangesThe conditional blocks for adding and removing the
needs-yarn-installlabel now rely on the updated output (steps.filter-yarn-lock.outputs.yarn). This logic appears sound; please verify that it functions as planned in both pull request and push scenarios.
69-76:❓ Verification inconclusive
Update dorny/paths-filter Version for Yarn.lock Filtering
The new “Filter changed files” step in this workflow uses
dorny/paths-filter@v2to detect changes inyarn.lock. Since static analysis recommends updating the runner version, please consider upgrading to a more recent version (for example, v3) to avoid potential issues.
What is the latest stable version of the GitHub Action dorny/paths-filter, and does its v3 release provide significant improvements for detecting changes in yarn.lock compared to v2?🧰 Tools
🪛 actionlint (1.7.4)
70-70: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| uses: dorny/paths-filter@v2 | ||
| id: filter-changed-files | ||
| with: | ||
| files: | | ||
| *.go | ||
| filters: | | ||
| go: | ||
| - '*.go' |
There was a problem hiding this comment.
💡 Verification agent
❓ Verification inconclusive
Upgrade dorny/paths-filter in Go Files Change Detection
The “Filter Changed files” step (for Go files) is implemented with dorny/paths-filter@v2. As static analysis indicates that this version is too old, please consider updating to a supported release (such as v3) for enhanced reliability.
Action Required: Upgrade dorny/paths-filter Action in Workflow
Our search confirms that the workflow file at .github/workflows/go.yml (lines 464–469) still uses dorny/paths-filter@v2. Static analysis indicates that this version is outdated, and upgrading to a supported release (e.g., v3) would provide enhanced reliability. Please update the version reference and verify that the new version integrates smoothly with the existing workflow configuration.
- File:
.github/workflows/go.yml - Lines: 464–469 (update the
usesdirective fromdorny/paths-filter@v2todorny/paths-filter@v3)
🧰 Tools
🪛 actionlint (1.7.4)
464-464: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| uses: dorny/paths-filter@v2 | ||
| with: | ||
| files: | | ||
| **/*.sol | ||
| filters: | | ||
| sol: | ||
| - '**/*.sol' |
There was a problem hiding this comment.
💡 Verification agent
❓ Verification inconclusive
Update dorny/paths-filter Version for Solidity Changes
The step for checking Solidity file changes uses dorny/paths-filter@v2, which static analysis flagged as outdated. Consider upgrading to a newer version (e.g. v3) to ensure compatibility and improved performance on GitHub Actions.
Action Required: Upgrade dorny/paths-filter Version in Workflow
In .github/workflows/go.yml at lines 56–60, the workflow currently uses:
uses: dorny/paths-filter@v2Static analysis indicates that version 2 is outdated for handling recent Solidity file changes. Upgrading to dorny/paths-filter@v3 should improve compatibility and performance on GitHub Actions. Please update the version accordingly. For example:
- uses: dorny/paths-filter@v2
+ uses: dorny/paths-filter@v3🧰 Tools
🪛 actionlint (1.7.4)
56-56: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| id: golangci_changed | ||
| uses: tj-actions/changed-files@v26.1 | ||
| uses: dorny/paths-filter@v2 | ||
| with: | ||
| # note: without building a yaml tree of our workflow, we won't be able to tell if golangci version changed so any ci change triggers full lint. | ||
| files: | | ||
| .golangci.yml | ||
| .golangci-version | ||
| .github/workflows/go.yml | ||
| filters: | | ||
| config: | ||
| - '.golangci.yml' | ||
| - '.golangci-version' |
There was a problem hiding this comment.
💡 Verification agent
🛠️ Refactor suggestion
❓ Verification inconclusive
Update dorny/paths-filter Version for GolangCI Check
Similarly, the “Check For GolangCI Changes” step is using dorny/paths-filter@v2. Upgrading this action to a newer version would help avoid potential runtime issues and align with current best practices.
Action Required: Upgrade dorny/paths-filter to a newer version
In the workflow file (.github/workflows/go.yml, lines 63–70) the “Check For GolangCI Changes” step currently uses dorny/paths-filter@v2. To help prevent potential runtime issues and to stay in line with current best practices, please update this action to the latest available version (e.g., dorny/paths-filter@v3 if available). Ensure that after updating you verify the filtering behavior—especially the detection of changes to .golangci.yml and .golangci-version—remains as expected.
🧰 Tools
🪛 actionlint (1.7.4)
64-64: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| - name: Filter Changed files | ||
| uses: dorny/paths-filter@v2 | ||
| id: filter-changed-files | ||
| with: | ||
| files: | | ||
| *.go | ||
| filters: | | ||
| go: | ||
| - '*.go' | ||
|
|
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Upgrade dorny/paths-filter in Module Generation
Another instance of dorny/paths-filter@v2 appears in the module generation section. Upgrading this action to a current version will improve consistency and compatibility across your workflows.
Action Required: Upgrade dorny/paths-filter to the Latest Version Across Workflows
It appears that the dorny/paths-filter@v2 action is used in multiple workflow files:
- In
.github/workflows/go.ymlat lines 619–626. - In the module generation workflow (as mentioned in your comment).
For improved consistency and compatibility, please upgrade all usages of this action (including the module generation instance) to the latest released version.
🏁 Script executed:
#!/bin/bash
# Search for all usages of dorny/paths-filter with version "v2" in GitHub workflow files.
rg "dorny/paths-filter@v2" .github/workflowsLength of output: 357
Upgrade dorny/paths-filter Action Version Across Workflows
The GitHub workflows currently reference dorny/paths-filter@v2 in multiple locations:
- In
.github/workflows/go.yml(including lines 619–626). - In
.github/workflows/packages.yml(which appears to cover module generation).
Upgrading all instances to the latest version will improve consistency and compatibility across your workflows. Please update these references accordingly.
🧰 Tools
🪛 actionlint (1.7.4)
620-620: the runner of "dorny/paths-filter@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
* Ft/ponder ix hyp evm (#3571) * add hyperevm to ponder ix * addtl hypevm chain config --------- Co-authored-by: parodime <noreply@protochainresearch.com> * Publish - @synapsecns/rfq-indexer-api@1.1.0 - @synapsecns/rfq-indexer@0.0.7 * ponder ix - set hyperEVM block range to 50 * fix: hyperEVM block range * ponder ix - alter hype start block * Fix multi-architecture build for Hyperliquid Node Image (#3574) * hl docker image * fix(workflow): move date tag creation to separate step in hyperliquid workflow 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com> * fix(workflow): remove load flag and use local image for tagging in hyperliquid workflow * fix(workflow): use build-push-action for date tagging in hyperliquid workflow * feat(workflow): add multi-architecture support and mainnet image build for hyperliquid * fix(workflow): update hyperliquid workflow to use local Dockerfile for better multi-arch support * fix(hyperliquid): update binary URL paths to match node documentation * fix(hyperliquid): temporarily skip GPG verification due to inconsistent path issues * fix(hyperliquid): always use Testnet binary since Mainnet binary is not publicly accessible * fix(hyperliquid): use correct URL for Mainnet binary --------- Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * feat: Swap Engines [SYN-29] [SYN-35] (#3563) * feat: SIR binding, StepParams, ZapData encoding * feat: engine quote/route structs * feat: slippage utils * feat: no-op engine * feat: add Default Engine * feat: Kyber, Li.FI engines * feat: paraSwap module * feat: SwapEngineSet * feat: add SwapEngineSet to SDK * feat: Synapse Intent Router * feat: expose swapV2 * feat: add swapV2 controller * feat: add swapV2 route * fix: null behaviour consistent with bridge route * fix: remove originUserAddress for swapV2 * feat: swapV2 to use native amounts (wei) * fix: swap/v2 route * fix: tests * feat: add production contracts * chore: reorder KyberSwap chains, add bnerachain * feat: expand list of supported chains for /swap/v2 * refactor: use named paramters for swapV2 * fix: set default slippage to 0.5%; stringify tx.value * chore: generate docs * Publish - @synapsecns/rest-api@1.10.0 - @synapsecns/sdk-router@0.13.0 - @synapsecns/synapse-interface@0.42.6 - @synapsecns/widget@0.9.17 - @synapsecns/rfq-indexer@0.0.8 * fix: mockCallRevert internal revert (#3575) * Publish - @synapsecns/contracts-rfq@0.16.2 * feat(contracts-rfq): deploy SIR [SYN-29] (#3573) * fix: adjust comment for #3467 * chore: mainnet -> ethereum * feat: update deploy scripts, prepare create2 salts * chore: add deployments from new chains * chore: add chain IDs to foundry.toml * chore: add utility scripts * deploy: SIR and periphery on 12 chains * deploy: SIR at 0x512000...000512 address * fix: update SIR address * Publish - @synapsecns/contracts-rfq@0.17.0 - @synapsecns/rest-api@1.10.1 - @synapsecns/sdk-router@0.14.0 - @synapsecns/synapse-interface@0.42.7 - @synapsecns/widget@0.9.18 * feat: SDK new chains [SYN-45] (#3535) * feat: add HyperEVM to sdk-router * feat: use staging RFQ API [REVERT LATER] * feat: add HYPE-USDC, HYPE-ETHto the bridge map * fix: add HYPE, HyperEVM to rest-api * feat: update rest-api bridge map * chore: add envs for api urls (#3537) Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * chore: make prod RFQ API the default value * feat: support multiple RFQ APIs * fix: don't report negative bridge fee for RFQ * test: adjus the amount of token pairs for USDC --------- Co-authored-by: trajan0x <83933037+trajan0x@users.noreply.github.com> Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * Publish - @synapsecns/rest-api@1.11.0 - @synapsecns/sdk-router@0.15.0 - @synapsecns/synapse-interface@0.43.0 - @synapsecns/widget@0.9.19 * fix: hide slippage between different type of assets for now [SYN-39] (#3590) * Publish - @synapsecns/synapse-interface@0.43.1 * Support Swap V2 endpoint on Synapse REST client (#3593) * fix(rest-api): swap v2 errors (#3594) * fix: check if tx is defined * chore: correct endpoint name in error * Publish - @synapsecns/rest-api@1.11.1 * feat: sdk/api bridgeV2 for SynapseRFQ [SYN-66] (#3588) * feat: scaffold bridgeV2 * feat: complete bridgeV2, scaffold module impls * feat: airdrop amount in bridgeV2 * feat: bridgeV2 for SynapseRFQ * fix: add more info to SwapEngine quotes, type assertions * feat: /bridge/v2 * chore: generate docs * refactor: steps params manipulation * feat: cap origin slippage * feat: cache getAllQuotes calls * fix(rest-api): improve bridge v2 response format - Replace BigNumber response objects with string values - Rename maxAmountOutStr to maxAmountOut for cleaner API - Update swagger documentation to reflect changes 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * feat(restclient): add bridge v2 endpoint support - Add GetBridgeV2 and related parameters to REST client - Update type definitions for bridge v2 response format - Synchronize with recent bridge v2 API changes 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> * [DI-48] fix: replace vulnerable tj-actions actions with dorny/paths-filter (#3595) Replace all tj-actions actions (changed-files, verify-changed-files, branch-names) with secure alternatives to mitigate the security vulnerability. Used dorny/paths-filter for file checking and bash scripts for branch name detection. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * chore(rest-api): edit README to trigger republish (#3597) * Publish - @synapsecns/rest-api@1.12.0 * chore(sdk-router): edit README to trigger republish (#3598) * Publish - @synapsecns/rest-api@1.12.1 - @synapsecns/sdk-router@0.16.0 - @synapsecns/synapse-interface@0.43.2 - @synapsecns/widget@0.9.20 * chore(sdk-router): cleanup types, remove unused utilities (#3600) * feat: add Prettify utility type for better IDE type display Adds a Prettify<T> utility type that improves how types are displayed in the IDE: - Applied to union types to show all properties - Applied to Partial/Required patterns to show complete property set - Applied to complex types with optional properties 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore(sdk-router): apply Prettify to complex types - Add Prettify utility type to intersection types and type modifiers - Create PartialZapDataV1 type for better reusability - Update function signatures to use new type definitions - Improve IDE display of complex types 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore(sdk-router): remove unused entity files and utils Removed deprecated entity files and utility functions that are no longer needed in the SDK router package. These files were likely imported from another SDK and are not currently being used. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor(sdk-router): centralize utilities through utils/index.ts - Modified utils/index.ts to use export * from each utility module - Updated all imports to reference the centralized utils module instead of individual utility files - This change makes the codebase more maintainable and easier to refactor 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore(sdk-router): enforce alphabetical ordering of imports - Added alphabetical ordering rule to ESLint configuration - Auto-fixed imports order in all files to comply with the new rule - This enforces a consistent import style throughout the codebase 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor(sdk-router): replace BigintIsh with ethers' BigNumberish Replace all occurrences of custom BigintIsh type with the standard BigNumberish from ethers.js. This standardizes the codebase by using established types from the core library. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> * Publish - @synapsecns/rest-api@1.12.2 - @synapsecns/sdk-router@0.16.1 - @synapsecns/synapse-interface@0.43.3 - @synapsecns/widget@0.9.21 * fix(rest-api,sdk-router): `/bridge/v2` and `swap/v2` endpoint standardisation [SYN-77] (#3602) * refactor: consistent params naming in swap/bridge V2 * feat: enrich SwapQuoteV2 * feat: enrich BridgeQuoteV2 * feat: update V2 endpoints in rest-api * chore: update the swagger docs * refactor: id ordering * chore: regenerate restclient * chore: fix example router address in `/swap/v2` response * fix: add swap module name, same token swaps * fix: unify swap/bridge module names in V2 only * chore: unified "module name" in rest-api * fix: remove string cast * fix: SDK tests * Apply suggestions from code review Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Publish - @synapsecns/rest-api@1.12.3 - @synapsecns/sdk-router@0.16.2 - @synapsecns/synapse-interface@0.43.4 - @synapsecns/widget@0.9.22 * chore(sdk-router): cleanup logging, engine priorities (#3610) * refactor: clean up engine priorities * chore: remove execution time logging * fix: adjust engine priorities * Publish - @synapsecns/rest-api@1.12.4 - @synapsecns/sdk-router@0.16.3 - @synapsecns/synapse-interface@0.43.5 - @synapsecns/widget@0.9.23 * feat(rest-api,sdk-router): intent endpoint [SYN-77] (#3613) * feat: scaffold `intent` function * feat: scaffold multiple txs in bridgeV2 * feat: optional `tokenOut` in bridge token candidate search * feat: allow multiple txs in `bridgeV2` * feat: single-chain swap intents * feat: cross-chain intents * feat: expose `/intent` endpoint * chore: generate swagger * fix: report all module names within the intent step * chore: rename into "default pools" engine * chore: update swagger, regenerate client * fix: prevent errors on unsupported RFQ routes in V2 endpoints * fix: block times, supported intent chains * fix: fromAmount string * Publish - @synapsecns/rest-api@1.13.0 - @synapsecns/sdk-router@0.17.0 - @synapsecns/synapse-interface@0.43.6 - @synapsecns/widget@0.9.24 * fix(sdk-router): export intent types (#3620) * fix: export intent types * fix: export bridge types * fix: export swap types * fix: imports in tests * Publish - @synapsecns/rest-api@1.13.1 - @synapsecns/sdk-router@0.17.1 - @synapsecns/synapse-interface@0.43.7 - @synapsecns/widget@0.9.25 * upgrading to reference cortex much more * adding new links etc * Publish - @synapsecns/bridge-docs@0.6.7 - @synapsecns/explorer-ui@0.5.15 - @synapsecns/synapse-interface@0.43.8 - @synapsecns/widget@0.9.26 * fix(sdk-router): exported slippage type (#3634) * fix: use slippagePercentage in exported types * fix: use slippage percentage in rest-api * Publish - @synapsecns/rest-api@1.13.2 - @synapsecns/sdk-router@0.17.2 - @synapsecns/synapse-interface@0.43.9 - @synapsecns/widget@0.9.27 * fix(sdk-router, rest-api): stringify BigNumber in exported V2 types [SYN-77] (#3636) * fix: stringify BigNumber in exported V2 types * fix: update bridge modules * fix: update V2 operations * fix: update rest-api * Publish - @synapsecns/rest-api@1.13.3 - @synapsecns/sdk-router@0.17.3 - @synapsecns/synapse-interface@0.43.10 - @synapsecns/widget@0.9.28 * Update bl * fix(sdk-router): restrict `fromAmount` to `string` in the exported intent parameters (#3645) * chore: fix existing documentation * fix: restrict fromAmount type to string in exported parameters * Publish - @synapsecns/rest-api@1.13.4 - @synapsecns/sdk-router@0.17.4 - @synapsecns/synapse-interface@0.43.11 - @synapsecns/widget@0.9.29 * fix(sdk-router): add decimals to intent steps (#3646) * refactor: isolate token decimals retrieval * fix: add decimal metadata to each intent step * fix: make tokenMetadataFetcher optional * Publish - @synapsecns/rest-api@1.13.5 - @synapsecns/sdk-router@0.17.5 - @synapsecns/synapse-interface@0.43.12 - @synapsecns/widget@0.9.30 * fix(sdk-router): add `HYPEREVM` to intents supported chains * chore: small change to publish 9abecbe (#3648) * Publish - @synapsecns/rest-api@1.13.6 - @synapsecns/sdk-router@0.17.6 - @synapsecns/synapse-interface@0.43.13 - @synapsecns/widget@0.9.31 * fix(sdk-router): swap engine improvements, remove cap on RFQ origin slippage (#3652) * fix: exclude RFQ sources on KyberSwap * fix: paraSwap partner, LiFi timing strategy * feat: use FBI for Route V2 zap data * fix: make minToAmount requied in SwapEngineRoute * fix: don't cap origin slippage * fix: don't use interceptor without origin swaps * Publish - @synapsecns/rest-api@1.13.7 - @synapsecns/sdk-router@0.17.7 - @synapsecns/synapse-interface@0.43.14 - @synapsecns/widget@0.9.32 * removing old routes and tokens * Publish - @synapsecns/bridge-docs@0.6.8 * Adding hyperevm to the explorer (#3647) * adding hyperevm [goreleaser] * updating chart color * fixing pricing issues [goreleaser] * fix for native tokens [goreleaser] * fixing bera weth [goreleaser] * removing all old fetcher changes * [goreleaser] * lint --------- Co-authored-by: parodime <jordan@protochainresearch.com> * Publish - @synapsecns/explorer-ui@0.5.16 * adding hyperevm to constants * Publish - @synapsecns/bridge-docs@0.6.9 - @synapsecns/explorer-ui@0.5.17 - @synapsecns/rest-api@1.13.8 - @synapsecns/synapse-constants@1.8.10 * Deprecate and remove go restclient module [SYN-88] (#3658) --------- Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * SYN-86 Delete Old exporters and remove unused code (#3656) Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * SYN-87 Remove SignOz functionality from opbot (#3657) * SYN-87 Remove SignOz functionality from opbot - Removed SignOz client and package - Removed SignOz configuration fields - Removed traceCommand dependent on SignOz - Updated README to remove SignOz references - Added CLAUDE.md for automated operations - Fixed formatting and ensured code builds correctly * update go.work.sum * Fix goimports formatting issues for linting * [goreleaser] * nuke signoz example [goreleaser] --------- Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> * feat(contracts-rfq): fast bridge interceptor [SYN-84] (#3649) * feat: scaffold FastBridgeInterceptor * test: add coverage * feat: implement interceptor * test: different decimals ratio * docs: improve FastBridgeInterceptor documentation - Add clear NatSpec documentation to both implementation and interface - Focus user documentation on integration aspects - Clarify contract behavior and edge cases - Follow Solidity documentation standards - Fix typo in interface documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: fix lint * refactor: relabel percentage vars * build: deploy Interceptor on supported mainnets --------- Co-authored-by: Claude <noreply@anthropic.com> * Publish - @synapsecns/contracts-rfq@0.18.0 * feat(contracts-rfq): sir new deployments (#3662) * build: add new chains to config * chore: deploy on avax and polygon * Publish - @synapsecns/contracts-rfq@0.19.0 * fix(sdk-router): address utils, URLs in constructor, ParaSwap surplus (#3660) * fix: `handleNativeToken` non-checksummed address, reorganize * fix: export address utils * refactor: handleParams * test: ensure that 0xEE is working with integrations * feat: pass paraswap surplus to user * feat: allow passing URLs in SDK constructor * fix: use Gas.Zip contract deposit * fix: types * feat: intents with gas.zip * build: add sdk:stream script * feat: add Avax, Ploygon to intents chain ids * refactor: chainProviders init logic * fix: enforce gas.zip min/max usd value * Publish - @synapsecns/rest-api@1.13.9 - @synapsecns/sdk-router@0.17.8 - @synapsecns/synapse-interface@0.43.15 - @synapsecns/widget@0.9.33 * fix(sdk-router): faster intent quotes, time logging, Paraswap surplus [SYN-97] (#3672) * fix: make logExecutionTime more generic * chore: add execition time logging * fix: paraswap surplus * fix: use longer cache for RFQ available tokens, shorter cache for quotes * feat: getFastestQuote * chore: remove old getBestQuote * fix: timeouts * chore: fix incorrect comments * fix: make logging work with minimised package * fix: prevent unhandled rejections in quote processing - Improve _getFastestQuote to properly handle all promises even when returning early - Use Promise.allSettled in the background to ensure all rejections are caught - Maintain fast response time while avoiding unhandled promise rejections 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: ensure timing is logged even when methods throw errors - Wrap method execution in try/finally to log execution time in all cases - Ensure original errors are propagated properly - Simplify code with direct return in try block 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: ensure consistent cache keys in FastBridgeRouterSet - Fix cache key inconsistency in getAllQuotes method - Ensure cache keys match between get and set operations - Use enum values directly in cache key construction 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: variable shadowing --------- Co-authored-by: Claude <noreply@anthropic.com> * Publish - @synapsecns/rest-api@1.13.10 - @synapsecns/sdk-router@0.17.9 - @synapsecns/synapse-interface@0.43.16 - @synapsecns/widget@0.9.34 * fix(sdk-router): gas.zip block height (#3675) * feat: add latest block endpoint * fix: don't use gas.zip quotes for stale chains * fix: getBlock error cases * fix: safer API data manipulation * Publish - @synapsecns/rest-api@1.13.11 - @synapsecns/sdk-router@0.17.10 - @synapsecns/synapse-interface@0.43.17 - @synapsecns/widget@0.9.35 --------- Co-authored-by: parodime <jordan@protochainresearch.com> Co-authored-by: parodime <noreply@protochainresearch.com> Co-authored-by: parodime <parodime@users.noreply.github.com> Co-authored-by: trajan0x <83933037+trajan0x@users.noreply.github.com> Co-authored-by: Trajan0x <trajan0x@users.noreply.github.com> Co-authored-by: ChiTimesChi <ChiTimesChi@users.noreply.github.com> Co-authored-by: vro <168573323+golangisfun123@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: defi-moses <jakedinero@protonmail.com> Co-authored-by: Moses <103143573+Defi-Moses@users.noreply.github.com> Co-authored-by: Defi-Moses <Defi-Moses@users.noreply.github.com> Co-authored-by: aureliusbtc <82057759+aureliusbtc@users.noreply.github.com>
Replace all tj-actions actions (changed-files, verify-changed-files, branch-names) with secure alternatives to mitigate the security vulnerability. Used dorny/paths-filter for file checking and bash scripts for branch name detection.
🤖 Generated with Claude Code
Co-Authored-By: Claude noreply@anthropic.com
Description
A clear and concise description of the features you're adding in this pull request.
Additional context
Add any other context about the problem you're solving.
Metadata
Summary by CodeRabbit