Add token perms for build-and-test.yml #2757
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
panleone
pushed a commit
to panleone/PIVX
that referenced
this pull request
Oct 30, 2024
* Fix deadlock in CSigSharesManager::SendMessages Locking "cs" at this location caused a (potential) deadlock due to changed order of cs and cs_vNodes locking. This changes the method to not require the session object anymore which removes the need for locking. * Pass size of LLMQ instead of llmqType into CSigSharesInv::Init This allows use of sizes which are not supported in chainparams.
Fuzzbawls
added a commit
that referenced
this pull request
Nov 5, 2024
a29d294 Fix deadlock in CSigSharesManager::SendMessages (#2757) (Alexander Block) b4a4e09 Ignore sig share inv messages when we don't have the quorum vvec (#2733) (Alexander Block) a2fb276 On timeout, print members proTxHashes from members which did not send a share (#2731) (Alexander Block) d1084e0 Actually start the timers for sig share and recSig verification (#2730) (Alexander Block) 71092e0 Send/Receive multiple messages as part of one P2P message in CSigSharesManager (#2729) (Alexander Block) e73c238 Merge pull request #2726 from codablock/pr_llmq_sessionids (UdjinM6) 7ccd790 Merge pull request #2725 from codablock/pr_llmq_hashmaps (Alexander Block) a0084f5 Multiple fixes and optimizations for LLMQs and ChainLocks (#2724) (Alexander Block) 0613978 Cleanup successful sessions before doing timeout check (#2712) (Alexander Block) c9127e1 Avoid using ordered maps in LLMQ signing code (#2708) (Alexander Block) Pull request description: Follow up of #2921 each commit backports a PR. you can find the number of the PR in the commit description ACKs for top commit: a29d294 Duddino: utACK a29d294 Fuzzbawls: utACK a29d294 Tree-SHA512: 75483d543f39d85a2924606b1f7c359a45a52e0ebd84bdc06275080db2d07aa657d692461fbf22d23890d3a0394ebffae0c662a2def420d53ebcdb69c974ba6f
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.
The Open Source Security Foundation (OpenSSF) Scorecards also treats not setting token permissions as a high-risk issue.
The
Token-Permissionscategory has a score of 0/10 in Scorecards.This file was fixed automatically using the open-source tool https://github.com/step-security/secure-workflows. If you like the changes and merge them, please consider starring the repo.