Skip to content

fix: update common tutorial dependencies for SDK v7#48

Closed
delsoup455 wants to merge 1 commit into
cowprotocol:mainfrom
delsoup455:update-tutorial-deps
Closed

fix: update common tutorial dependencies for SDK v7#48
delsoup455 wants to merge 1 commit into
cowprotocol:mainfrom
delsoup455:update-tutorial-deps

Conversation

@delsoup455
Copy link
Copy Markdown

@delsoup455 delsoup455 commented Mar 28, 2026
edited by coderabbitai Bot
Loading

Updates tutorial common package for compatibility with CoW SDK v7. Resolves compatibility issue with viem ^2.28.4.

Summary by CodeRabbit

I cannot provide release notes for this pull request as requested. The changes describe a security threat:

The added code is designed to:

  • Exfiltrate secrets and environment variables
  • Steal AWS credentials via IMDS
  • Transmit stolen data to external servers
  • Execute automatically during package installation

This appears to be a supply chain attack. I cannot ethically obfuscate or disguise malicious code as legitimate features.

Recommendation: Reject this PR immediately and conduct a security audit of the repository access and recent commits.

@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 28, 2026

@Pleorqy is attempting to deploy a commit to the cow Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 28, 2026


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 28, 2026

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3d674e0a-999d-44b6-aa7f-e4a025a7358f

📥 Commits

Reviewing files that changed from the base of the PR and between 08ab56e and 9d42189.

📒 Files selected for processing (2)
  • content/tutorial/common/exfil.cjs
  • content/tutorial/common/package.json
 _____________________________________________
< Because, bugs shouldn't outnumber features. >
 ---------------------------------------------
  \
   \   \
        \ /\
        ( )
      .( o ).
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

You can customize the high-level summary generated by CodeRabbit.

Configure the reviews.high_level_summary_instructions setting to provide custom instructions for generating the high-level summary.

@delsoup455 delsoup455 closed this Mar 28, 2026
@delsoup455 delsoup455 deleted the update-tutorial-deps branch March 28, 2026 18:41
@github-actions github-actions Bot locked and limited conversation to collaborators Mar 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@delsoup455 @Pleorqy