[Snyk] Upgrade solidity-coverage from 0.7.22 to 0.8.0 #77
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade solidity-coverage from 0.7.22 to 0.8.0. See this package in npm: https://www.npmjs.com/package/solidity-coverage See this project in Snyk: https://app.snyk.io/org/superfarmgit/project/0a6f608e-86ba-48d0-8eb3-ca8709be8825?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade solidity-coverage from 0.7.22 to 0.8.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: solidity-coverage
-
0.8.0 - 2022-09-05
⚠️ This version requires Hardhat >= 2.11.0 (Ethereum Merge)
- vertigo: a mutation testing framework
- tarantula: a fault localization tool
-
0.8.0-rc.test.0 - 2022-04-26
-
0.8.0-rc.1 - 2022-03-29
-
0.8.0-beta.1 - 2022-03-29
-
0.8.0-beta.0 - 2021-01-13
- vertigo: a mutation testing framework
- tarantula: a fault localization tool
- A unified diff of the public API changes in your contracts
- Natspec documentation coverage
-
0.7.22 - 2022-09-05
from solidity-coverage GitHub release notesHi!
New Features
A central focus of the 0.8.0 release is improving the coverage tool's branch detection.
Beginning with this version the following syntax is measured as a branch:
OR conditions
When a logical expression is composed with the
||operator, both sides can be considered branches. To test the entire expression...
amust equal 1, 2 and neither of those values. (Thanks to Gnosis engineer @ rmeissner for proposing this in #175)Ternary Conditionals
Long ago, when Solidity was 0.4, solidity-coverage treated ternary conditionals like regular if/else statements. Some language improvements v0.5 subsequently made this impossible. Now it's back...
Modifier Invocations
Solidity-coverage already covers the code within modifier definitions. However, each modifier invocation at the function level should really be considered its own branch. Some of the most critical logic in Solidity contracts is handled this way (ex:
onlyOwner). Testing the pass/fail cases for each occurrence of these gates protects you from accidentally removing them during a refactor.Because it's possible to write a modifier which performs a preparatory task and never reverts, there's a new option (
modifierWhitelist) which allows you to exclude specific modifiers from branch measurement.And if you don't like modifier invocation coverage you can turn it off by setting the option
measureModifierCoveragetofalse.(Many thanks to OpenZeppelin engineer @ nventuro for proposing this improvement in #286 and helping to design it.)
Test Matrix
The hardhat and truffle plugins support a new cli flag:
--matrix. (Short for "test matrix".)This flag generates a JSON object that maps which tests in your suite hit which lines of code. (An example can be seen at docs/matrix.md. More info can be found in the advanced docs, here.)
This data is useful for many advanced testing applications - Security researcher @ JoranHonig has written two that are worth checking out.
Coverage is often a core component of fuzzing and generative test strategies because it helps narrow the range of inputs required to traverse every path in the code. If you're working on applications like this and have ideas for how solidity-coverage might serve your ends, please feel free to open an issue.
Note to Truffle users
solidity-coveragefor Truffle is moving to its own repository and published under a different name (details soon...).Hi!
This beta contains several new features. A central focus of the next major release is improving the coverage tool's branch detection.
Beginning with this version the following syntax is measured as a branch:
OR conditions
When a logical expression is composed with the
||operator, both sides can be considered branches. To test the entire expression...
amust equal 1, 2 and neither of those values. (Thanks to Gnosis engineer @ rmeissner for proposing this in #175)Ternary Conditionals
Long ago, when Solidity was 0.4, solidity-coverage treated ternary conditionals like regular if/else statements. Some language improvements v0.5 subsequently made this impossible. Now it's back...
Modifier Invocations
Solidity-coverage already covers the code within modifier definitions. However, each modifier invocation at the function level should really be considered its own branch. Some of the most critical logic in Solidity contracts is handled this way (ex:
onlyOwnerandnonReentrant). Testing the pass/fail cases for each occurrence of these gates protects you from accidentally removing them during a refactor or emergency patch.Because it's possible to write a modifier which performs a preparatory task and never reverts, there's a new option (
modifierWhitelist) which allows you to exclude specific modifiers from branch measurement.And if you don't like modifier invocation coverage you can turn it off by setting the option
measureModifierCoveragetofalse.(Many thanks to OpenZeppelin engineer @ nventuro for proposing this improvement in #286 and helping to design it.)
Test Matrix
The hardhat and truffle plugins support a new cli flag:
--matrix. (Short for "test matrix".)This flag generates a JSON object that maps which tests in your suite hit which lines of code. (An example can be seen at docs/matrix.md. More info can be found in the advanced docs, here.)
This data is useful for many advanced testing applications - Consensys security researcher @ JoranHonig has written two that are worth checking out.
Coverage is often a core component of fuzzing and generative test strategies because it helps narrow the range of inputs required to traverse every path in the code. If you're working on applications like this and have ideas for how solidity-coverage might serve your ends, please feel free to open an issue.
What's Coming!
We're hoping to get a major release out by the beginning of February (2021). It will include two additional features you can run in CI to get better feedback about what's changing in your code from PR to PR.
Commit messages
Package name: solidity-coverage
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs