chore: ignore RUSTSEC (foundry-rs#13011) #325
Merged
Dargon789 merged 23 commits intoDargon789:mainfrom Jan 12, 2026
Merged
Conversation
* update deny for CI * Update more
Co-authored-by: tefyosL-sol <[email protected]>
* Update mod.rs * Update mod.rs
* chore(evm): deprecate RawCallResult::from_execution_result * remove `RawCallResult::from_execution_result` completely --------- Co-authored-by: DaniPopes <[email protected]>
* feat: uncomment transaction replacement test after alloy fix * fix compile issue * removed the attempt to get receipt for the replaced transaction since it never gets mined.
* Remove duplicate logic in TxSigner::address() implementations * expend to sign_transaction * use delegate
update alloy
* chore: remove RUSTSEC-2024-0437 * chore: bump release deps * chore: fmt * chore: remove lru advisory * chore: add lru advisory * chore: bump ratatui to remove lru ignore rustsec --------- Co-authored-by: Matthias Seitz <[email protected]>
Pin nightly toolchain to 2026-01-10 to fix CI compilation failures with the current nightly. See alloy-rs/alloy#3500
flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'github:nix-community/fenix/e2b0f06' (2026-01-03)
→ 'github:nix-community/fenix/334c4b4' (2026-01-10)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/e19dfc8' (2026-01-02)
→ 'github:rust-lang/rust-analyzer/714d047' (2026-01-09)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/16c7794' (2026-01-02)
→ 'github:NixOS/nixpkgs/3146c6a' (2026-01-10)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: grandizzy <[email protected]>
Updating git repository `https://github.com/rust-cli/rexpect` Updating git repository `https://github.com/paradigmxyz/solar.git` Skipping git submodule `https://github.com/argotorg/solidity.git` due to update strategy in .gitmodules Updating git repository `https://github.com/tempoxyz/tempo` Updating git repository `https://github.com/paradigmxyz/reth` Locking 42 packages to latest compatible versions Updating alloy-chains v0.2.24 -> v0.2.25 Updating alloy-trie v0.9.2 -> v0.9.3 Updating annotate-snippets v0.12.5 -> v0.12.10 Updating anstyle-svg v0.1.11 -> v0.1.12 Updating async-compression v0.4.36 -> v0.4.37 Updating bon v3.8.1 -> v3.8.2 Updating bon-macros v3.8.1 -> v3.8.2 Updating cc v1.2.51 -> v1.2.52 Updating clap_complete v4.5.64 -> v4.5.65 Updating compression-codecs v0.4.35 -> v0.4.36 Updating data-encoding v2.9.0 -> v2.10.0 Updating evmole v0.8.1 -> v0.8.2 Updating find-msvc-tools v0.1.6 -> v0.1.7 Unchanged generic-array v0.14.7 (available: v0.14.9) Updating h2 v0.4.12 -> v0.4.13 Unchanged icu_collections v2.0.0 (available: v2.1.1) Unchanged icu_normalizer v2.0.1 (available: v2.1.1) Unchanged icu_normalizer_data v2.0.0 (available: v2.1.1) Unchanged icu_properties v2.0.2 (available: v2.1.2) Unchanged icu_properties_data v2.0.1 (available: v2.1.2) Unchanged idna_adapter v1.1.0 (available: v1.2.1) Updating indexmap v2.12.1 -> v2.13.0 Updating jiff v0.2.17 -> v0.2.18 Updating jiff-static v0.2.17 -> v0.2.18 Updating libc v0.2.179 -> v0.2.180 Unchanged matchit v0.8.4 (available: v0.8.6) Unchanged mdbook v0.4.52 (available: v0.5.2) Updating nybbles v0.4.6 -> v0.4.7 Updating proc-macro2 v1.0.104 -> v1.0.105 Updating prost v0.14.1 -> v0.14.3 Updating prost-derive v0.14.1 -> v0.14.3 Updating prost-types v0.14.1 -> v0.14.3 Updating quote v1.0.42 -> v1.0.43 Unchanged rand v0.8.5 (available: v0.9.2) Updating rapidhash v4.2.0 -> v4.2.1 Unchanged reqwest v0.12.28 (available: v0.13.1) Updating rustls v0.23.35 -> v0.23.36 Updating serde_json v1.0.148 -> v1.0.149 Updating snapbox v0.6.23 -> v0.6.24 Updating svm-rs v0.5.22 -> v0.5.23 Updating svm-rs-builds v0.5.22 -> v0.5.23 Updating syn v2.0.113 -> v2.0.114 Updating tokio-stream v0.1.17 -> v0.1.18 Updating tokio-util v0.7.17 -> v0.7.18 Updating toml v0.9.10+spec-1.1.0 -> v0.9.11+spec-1.1.0 Updating tracy-client v0.18.3 -> v0.18.4 Updating tracy-client-sys v0.27.0 -> v0.28.0 Updating unicase v2.8.1 -> v2.9.0 Updating unicode-width v0.2.0 -> v0.2.2 Updating url v2.5.7 -> v2.5.8 Unchanged vergen v8.3.2 (available: v9.0.6) Updating zerocopy v0.8.31 -> v0.8.33 Updating zerocopy-derive v0.8.31 -> v0.8.33 Updating zmij v1.0.9 -> v1.0.12 note: to see how you depend on a package, run `cargo tree --invert <dep>@<ver>` Co-authored-by: mattsse <[email protected]> Co-authored-by: grandizzy <[email protected]>
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
Reviewer's GuideThis PR updates several dependencies and CI toolchains, tightens the RUSTSEC deny configuration, and removes or refactors unused/obsolete APIs and helpers across multiple crates while making small behavior fixes related to blob sidecars, solar source selection, lint diagnostics, wallet signing, and tests. Class diagram for updated LintContext diagnostics helpersclassDiagram
class Session
class LintConfig
class Lint
class DiagBuilder {
help(str help) DiagBuilder
code(DiagId id) DiagBuilder
span(MultiSpan span) DiagBuilder
emit()
}
class LintContext {
-sess : &Session
-with_description : bool
-with_json_emitter : bool
-config : &LintConfig
-active_lints : Vec~Lint~
+new(sess, with_description, with_json_emitter, config, active_lints) LintContext
+session() &Session
+emit_lint(lint, span)
+emit_lint_for_node(lint, node_id, span)
-add_help(diag, help) DiagBuilder
}
LintContext --> Session : uses
LintContext --> LintConfig : uses
LintContext --> Lint : configures
LintContext --> DiagBuilder : builds diagnostics
Flow diagram for get_solar_sources_from_compile_output with ignored importsflowchart TD
A[start get_solar_sources_from_compile_output]
A --> B[receive config, output, target_paths, ignored_paths]
B --> C{target_paths provided
and non empty}
C -- yes --> D[initialize source_paths from target_paths]
C -- no --> E[initialize source_paths from all solidity sources in project]
D --> F[initialize queue with initial source_paths]
E --> F
F --> G{queue not empty?}
G -- yes --> H[pop path from queue]
H --> I[insert path into source_paths]
I --> J[iterate imports of path from output.graph]
J --> K{import is ignored?}
K -- yes --> G
K -- no --> L[push import path into queue]
L --> G
G -- no --> M[build SolcVersionedInput from source_paths and config]
M --> N[return SolcVersionedInput]
subgraph ignore_check
J --> K
end
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- Several public APIs and RPC variants are removed (e.g.
EthRequest::GetBlobSidecarsByBlockId,EthApi::anvil_get_blob_sidecars_by_block_id,Backend::get_blob_sidecars_by_block_id,SessionSource::to_script_source,CheatsConfigfields, etc.); if these are part of the public surface or used by downstream tooling, consider adding a deprecation path or a dedicated breaking-change note before dropping them. - The CI/docs workflows pin the toolchain to
nightly-2026-01-10; please double‑check that this is an intended and valid Rust toolchain date (rather than, say,2025-01-10) to avoid future failures when the toolchain cannot be resolved.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Several public APIs and RPC variants are removed (e.g. `EthRequest::GetBlobSidecarsByBlockId`, `EthApi::anvil_get_blob_sidecars_by_block_id`, `Backend::get_blob_sidecars_by_block_id`, `SessionSource::to_script_source`, `CheatsConfig` fields, etc.); if these are part of the public surface or used by downstream tooling, consider adding a deprecation path or a dedicated breaking-change note before dropping them.
- The CI/docs workflows pin the toolchain to `nightly-2026-01-10`; please double‑check that this is an intended and valid Rust toolchain date (rather than, say, `2025-01-10`) to avoid future failures when the toolchain cannot be resolved.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Summary of ChangesHello @Dargon789, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request performs a comprehensive update of project dependencies, ensuring the codebase leverages the latest features, bug fixes, and security patches from upstream crates. Concurrently, it streamlines the project by removing deprecated or unused functionalities across core components like the Anvil RPC, cheatcodes, and CLI tools, enhancing maintainability and reducing technical debt. The changes also reflect an ongoing effort to manage security advisories by adjusting the ignored RUSTSEC list. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request is a significant dependency update, primarily for the alloy crates, which has led to a series of beneficial refactorings and cleanups. The changes include adopting new APIs, removing duplicated code, and deleting unused functions and configuration fields, which improves maintainability. Security is also enhanced by addressing previously ignored RUSTSEC advisories. Additionally, the re-enabling of previously disabled tests is a positive step for code quality. Overall, this is a well-executed maintenance PR.
This was
linked to
issues
Jan 16, 2026
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Solution
PR Checklist
22be38e
4a0ed09
0bdd213
Summary by Sourcery
Update dependencies and CI toolchain while cleaning up unused APIs and improving blob transaction and linting behavior.
Enhancements:
Build:
deny.tomlso they surface in dependency checks.CI:
nightlychannel.Tests:
BlobTransactionSidecartyping and re-enable transaction replacement receipt assertions for stronger coverage.Chores: