chore: address failing test_circuits pipeline (#1465)

* test bump for contracts * Patch ethereum-cryptography assertions (#1466) * check patches * Apply patches in workspace node_modules (#1467) * comment out init method * pin packages and finally fix pipelines? * address coderabbit feedback * downgrading due to cve
2026-01-08 22:28:11 -05:00 · 2025-12-04 23:20:55 -08:00
parent f0fe69d23f
commit 1c3b054f3b
6 changed files with 93 additions and 23 deletions
--- a/.cursorignore
+++ b/.cursorignore
@@ -214,9 +214,6 @@ NOTICE
 **/*.zip
 **/*.tar.gz

-# Patch files
-patches/
-
 # ========================================
 # Project Specific Patterns
 # ========================================
--- a/contracts/README.md
+++ b/contracts/README.md
@@ -9,6 +9,7 @@ This is the implementation of contracts for verification and management of ident
 When you do the upgrade, be careful with this storage patterns

 - You can not change the order in which the contract state variables are declared, nor their type.
+- The upgradeable contracts currently target OpenZeppelin 5.x.

 Pls see this page for more details:
 https://docs.openzeppelin.com/upgrades-plugins/writing-upgradeable#modifying-your-contracts
--- a/contracts/package.json
+++ b/contracts/package.json
@@ -79,8 +79,8 @@
    "@nomiclabs/hardhat-ethers": "^2.2.3",
    "@openpassport/zk-kit-lean-imt": "^0.0.6",
    "@openpassport/zk-kit-smt": "^0.0.1",
-    "@openzeppelin/contracts": "^5.0.2",
-    "@openzeppelin/contracts-upgradeable": "^5.1.0",
+    "@openzeppelin/contracts": "5.0.2",
+    "@openzeppelin/contracts-upgradeable": "5.0.2",
    "@selfxyz/common": "workspace:^",
    "@zk-kit/imt": "^2.0.0-beta.4",
    "@zk-kit/imt.sol": "^2.0.0-beta.12",
--- a/patches/ethereum-cryptography+2.2.1.patch
+++ b/patches/ethereum-cryptography+2.2.1.patch
@@ -0,0 +1,44 @@
+diff --git a/node_modules/ethereum-cryptography/utils.js b/node_modules/ethereum-cryptography/utils.js
+index cedfa36..b494c49 100644
+--- a/node_modules/ethereum-cryptography/utils.js
+++ b/node_modules/ethereum-cryptography/utils.js
+@@ -8,11 +8,18 @@ exports.bytesToUtf8 = bytesToUtf8;
+ exports.hexToBytes = hexToBytes;
+ exports.equalsBytes = equalsBytes;
+ exports.wrapHash = wrapHash;
+-const _assert_1 = __importDefault(require("@noble/hashes/_assert"));
+const assertModule = __importDefault(require("@noble/hashes/_assert"));
+ const utils_1 = require("@noble/hashes/utils");
+-const assertBool = _assert_1.default.bool;
+const assertBool = (assertModule.default && assertModule.default.bool) ||
+    assertModule.bool ||
+    ((value) => {
+        if (typeof value !== "boolean")
+            throw new TypeError(`Expected boolean, not ${value}`);
+    });
+ exports.assertBool = assertBool;
+-const assertBytes = _assert_1.default.bytes;
+const assertBytes = (assertModule.default && assertModule.default.bytes) ||
+    assertModule.bytes ||
+    assertModule.abytes;
+ exports.assertBytes = assertBytes;
+ var utils_2 = require("@noble/hashes/utils");
+ Object.defineProperty(exports, "bytesToHex", { enumerable: true, get: function () { return utils_2.bytesToHex; } });
+diff --git a/node_modules/ethereum-cryptography/esm/utils.js b/node_modules/ethereum-cryptography/esm/utils.js
+index 8e771ea..b3eed9d 100644
+--- a/node_modules/ethereum-cryptography/esm/utils.js
+++ b/node_modules/ethereum-cryptography/esm/utils.js
+@@ -1,7 +1,11 @@
+ import assert from "@noble/hashes/_assert";
+ import { hexToBytes as _hexToBytes } from "@noble/hashes/utils";
+-const assertBool = assert.bool;
+-const assertBytes = assert.bytes;
+const assertBool = (assert?.bool) ||
+    ((value) => {
+        if (typeof value !== "boolean")
+            throw new TypeError(`Expected boolean, not ${value}`);
+    });
+const assertBytes = assert.bytes || assert.abytes;
+ export { assertBool, assertBytes };
+ export { bytesToHex, bytesToHex as toHex, concatBytes, createView, utf8ToBytes } from "@noble/hashes/utils";
+ // buf.toString('utf8') -> bytesToUtf8(buf)
--- a/scripts/run-patch-package.cjs
+++ b/scripts/run-patch-package.cjs
@@ -90,18 +90,46 @@ if (!isExecutableAvailableOnPath('patch-package')) {

 // Run patch-package with better error handling
 try {
+  const rootPatchRun = spawnSync('patch-package', ['--patch-dir', 'patches'], {
+    cwd: repositoryRootPath,
+    shell: true,
+    stdio: isCI ? 'pipe' : 'inherit',
+    timeout: 30000
+  });
+  if (rootPatchRun.status === 0) {
+    if (!isCI) console.log('✓ Patches applied to root workspace');
+  } else {
+    const errorOutput = rootPatchRun.stderr?.toString() || rootPatchRun.stdout?.toString() || '';
+    console.error(`patch-package failed for root workspace (exit code ${rootPatchRun.status})`);
+    if (errorOutput) console.error(errorOutput);
+    if (!isCI) process.exit(1);
+  }
+
  // Also patch app/node_modules if it exists
-  const appPath = path.join(repositoryRootPath, 'app');
-  const appNodeModules = path.join(appPath, 'node_modules');
-  if (fs.existsSync(appNodeModules)) {
-    const appPatchRun = spawnSync('patch-package', ['--patch-dir', '../patches'], {
-      cwd: appPath,
+  // Workspaces with isolated node_modules due to limited hoisting
+  const workspaceRoots = [
+    { name: 'app', path: path.join(repositoryRootPath, 'app') },
+    { name: 'contracts', path: path.join(repositoryRootPath, 'contracts') }
+  ];
+
+  for (const workspace of workspaceRoots) {
+    const workspaceNodeModules = path.join(workspace.path, 'node_modules');
+    if (!fs.existsSync(workspaceNodeModules)) continue;
+
+    const workspacePatchRun = spawnSync('patch-package', ['--patch-dir', '../patches'], {
+      cwd: workspace.path,
      shell: true,
      stdio: isCI ? 'pipe' : 'inherit',
      timeout: 30000
    });
-    if (appPatchRun.status === 0 && !isCI) {
-      console.log('✓ Patches applied to app workspace');
+
+    if (workspacePatchRun.status === 0) {
+      if (!isCI) console.log(`✓ Patches applied to ${workspace.name} workspace`);
+    } else {
+      const errorOutput = workspacePatchRun.stderr?.toString() || workspacePatchRun.stdout?.toString() || '';
+      console.error(`patch-package failed for ${workspace.name} workspace (exit code ${workspacePatchRun.status})`);
+      if (errorOutput) console.error(errorOutput);
+      if (!isCI) process.exit(1);
    }
  }
 } catch (error) {
--- a/yarn.lock
+++ b/yarn.lock
@@ -5836,19 +5836,19 @@ __metadata:
  languageName: node
  linkType: hard

-"@openzeppelin/contracts-upgradeable@npm:^5.1.0":
-  version: 5.5.0
-  resolution: "@openzeppelin/contracts-upgradeable@npm:5.5.0"
+"@openzeppelin/contracts-upgradeable@npm:5.0.2":
+  version: 5.0.2
+  resolution: "@openzeppelin/contracts-upgradeable@npm:5.0.2"
  peerDependencies:
-    "@openzeppelin/contracts": 5.5.0
-  checksum: 10c0/66a0050e8e4d2d68acbf14e272387a1b859a57353d32ac929389b40660d0bc1ff590c904f464f20e307a6632cfcaf86a9400e6c83bc466f5d174595bfc5e0e31
+    "@openzeppelin/contracts": 5.0.2
+  checksum: 10c0/0bd47a4fa0ba8084c1df9573968ff02387bc21514d846b5feb4ad42f90f3ba26bb1e40f17f03e4fa24ffbe473b9ea06c137283297884ab7d5b98d2c112904dc9
  languageName: node
  linkType: hard

-"@openzeppelin/contracts@npm:^5.0.2":
-  version: 5.5.0
-  resolution: "@openzeppelin/contracts@npm:5.5.0"
-  checksum: 10c0/884ab2850ff380c11d042ce50ebecf8fad2f784105554d8826a4160126d17e96b8a636400e5640ac227d7e8f8754477835ead8acb2668355b83e2509ca7fca63
+"@openzeppelin/contracts@npm:5.0.2":
+  version: 5.0.2
+  resolution: "@openzeppelin/contracts@npm:5.0.2"
+  checksum: 10c0/d042661db7bb2f3a4b9ef30bba332e86ac20907d171f2ebfccdc9255cc69b62786fead8d6904b8148a8f26946bc7c15eead91b95f75db0c193a99d52e528663e
  languageName: node
  linkType: hard

@@ -7678,8 +7678,8 @@ __metadata:
    "@nomiclabs/hardhat-ethers": "npm:^2.2.3"
    "@openpassport/zk-kit-lean-imt": "npm:^0.0.6"
    "@openpassport/zk-kit-smt": "npm:^0.0.1"
-    "@openzeppelin/contracts": "npm:^5.0.2"
-    "@openzeppelin/contracts-upgradeable": "npm:^5.1.0"
+    "@openzeppelin/contracts": "npm:5.0.2"
+    "@openzeppelin/contracts-upgradeable": "npm:5.0.2"
    "@selfxyz/common": "workspace:^"
    "@typechain/ethers-v6": "npm:^0.4.3"
    "@typechain/hardhat": "npm:^8.0.3"