added laso and some helpers to improve xp#470
Conversation
|
Repository Guard
Repository GuardCargo dependency pinning
Cross-program Anchor/Solana version consistency
solana-program crate pin
Anchor.toml solana_version
Crate minimum age
Yarn package.json pinning
npm minimum age
Workflow toolchain consistency
GitHub Action SHA pinning
Sensitive program / config changes
Overall status: pass Lockfile freshness (Cargo.lock + yarn.lock) is checked by the workflow directly and cannot be bypassed. The sensitive-diff section is a review hint - CODEOWNERS handles the actual merge gate. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
metapileks
left a comment
There was a problem hiding this comment.
LGTM
Nit: We have this repeating pattern of simulating then sending off the tx with simulation units + 20%. Maybe we can refactor that too.
|
Updating the ledger stuff beyond this package version is only 3 days old, so would rather not. But can resolve in short order. I agree on the common features / libs since we've been using it a lot now, there's a question if it belongs in the SDK in my mind given the fact that we need it for scripts and likely just want coverage on many functions. We'll see how it goes but since I've been using it a lot I think I've got some ideas. |
My hesitance with adding it to the SDK as some form of helper collection is that we're then implying it inside our SDK's semver. And these are things that teams usually ship for themselves. But we can get you set up with a separate collection of scripts if you want these. 😄 |
Awaiting confirmation from Laso, but otherwise the primary pieces are here.