Skip to content

bump polkadot sdk & regenerate BHR/BHW#3170

Open
rosarp wants to merge 2 commits into
paritytech:masterfrom
rosarp:rs-bump-polkadot-sdk-issue-3167
Open

bump polkadot sdk & regenerate BHR/BHW#3170
rosarp wants to merge 2 commits into
paritytech:masterfrom
rosarp:rs-bump-polkadot-sdk-issue-3167

Conversation

@rosarp
Copy link
Copy Markdown
Member

@rosarp rosarp commented Aug 15, 2025
edited
Loading

This fixes issue #3167

@rosarp rosarp requested a review from bkontur August 18, 2025 15:49
@rosarp
Copy link
Copy Markdown
Member Author

rosarp commented Aug 19, 2025

polkadot-sdk zombienet bridges test passed

image

@rosarp rosarp marked this pull request as ready for review September 5, 2025 15:45
@rosarp rosarp requested a review from a team as a code owner September 5, 2025 15:45
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 2, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedproc-macro2@​1.0.93 ⏵ 1.0.9781 +110093100100
Updatedparity-scale-codec@​3.7.4 ⏵ 3.7.58310093100100
Updatedsubxt@​0.40.1 ⏵ 0.43.11001009310090

View full report

@rosarp rosarp mentioned this pull request Apr 6, 2026
Merged
@rosarp @claude
bump polkadot-sdk to master#8680d7c1
c12e2f7 
Squashed branch work: SDK hash bump + Cargo.lock/dep alignment,
regenerated BHR/BHW codegen, spec_version bumps, CI rust + zombienet
workflow, bump-polkadot-sdk skill.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@rosarp rosarp force-pushed the rs-bump-polkadot-sdk-issue-3167 branch from 95e84f0 to c12e2f7 Compare June 1, 2026 14:14
@cla-bot-2021
Copy link
Copy Markdown

cla-bot-2021 Bot commented Jun 1, 2026

User @claude, please sign the CLA here.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 1, 2026
edited
Loading

Warning

[Security]

Socket has found a problem with the dependencies from this PR. Check the details below to solve the issue. If the affected dependency is unreachable, we still recommend you to use a patched version.

Remember: according to Parity's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: cargo hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

CVE: GHSA-3v94-mw7p-v465 hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses (HIGH)

Affected versions: >= 0.25.0-alpha.3 <= 0.25.2

Patched version: No patched versions

From: ?cargo/hickory-proto@0.25.2

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/hickory-proto@0.25.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@rosarp
removed workflow from this PR
3767e3e 
moved to separate PR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bkontur bkontur Awaiting requested review from bkontur

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rosarp