Update governance contracts by NachoPal · Pull Request #226 · midnightntwrk/midnight-node

NachoPal · 2025-11-05T17:29:30Z

Overview

#226
New governance contract addresses

🗹 TODO before merging

Ready

📌 Submission Checklist

Changes are backward-compatible (or flagged if breaking)
Pull request description explains why the change is needed
Self-reviewed the diff
I have included a change file, or skipped for this reason:
If the changes introduce a new feature, I have bumped the node minor version
Update documentation (if relevant)
No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

Additional tests are provided (if possible)

🔱 Fork Strategy

Node Runtime Update
Node Client Update
Other:
N/A

Links

…acts

github-actions · 2025-11-05T17:32:01Z

Checkmarx One – Scan Summary & Details – 0d9b443b-2841-49a1-a55e-ab8216ef57e6

New Issues (138)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: nAu3a2Q6fDMCGIKaYOrNnm8Lv%2Bo%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: 3%2Ft1OdUUsiqsxlA99X4Se92y5hI%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: 2mzmj393fCdXKNOw1As%2FxxsNM1Q%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: dcHEY1rm9GWrrlUSUVvuluWxT0U%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: LIcESMGg5ZOcxvvcyWYNCrqccas%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: MKQR7XvEscBXp66Cm%2B%2BVRuOI0ps%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: rJLCqWGSDz1HCcRs5J2EwZn4Jx4%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: vcpAJQhs7VjqMamW8AcsI5htXww%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: wmcaGXOj%2BGt5Wttl8BbJLtH%2BnrM%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: NedSxkdEtO3AzJ0sJ5rQ%2B0tJYSQ%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: yRmnR6JWHZUQ62mQajTXPCii6I4%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: ZOqRkfC9mq6iTfrK1cJ7WxPb978%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: %2BRfbrJUL%2BycNVwVDNZLmsaYtysQ%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: H2TJ1swyV%2FKBqEGNtRJ1BrHoFAw%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: PuN0NkVGwIZ7aFbg1MdtnLWoRrU%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: Kma9mp8c3rmcRdZQdBbVlUOkxgQ%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: B6c5cIreG%2FN54fn%2FcPpg3sBusDM%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: moLR1hHIkLO%2BMIPlj7LmWdu5IX0%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: 1emVtpC8%2BizrUis4nOPJ2tzcibU%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: WBYAHc5cb0xWNQVUHqrGr%2Fw%2BubM%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: 1WCC45YiLKPPsLIe%2FUqC5LTgTN0%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: ftAfNZisdwaZCtOlBPKRd9PHuyU%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: Zu1FZcOBEiE5F3D3lgJD9wxNaUA%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: JU6lwyr9YsOO2jnG%2FufLfLYWMnQ%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: U2%2Bsw%2F5K7h6PS3rG7EVdtxtDQgw%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: PqdYfVglW080pGipj605S1utafg%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 1	details When installing a package, its pin version should be defined `ID: gEKaFxhlla%2Fm9vgYPpUX%2FZmmK40%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: xUjHxnZr9ezscrsGdsgMq9E1N%2Fs%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: Cr9ZJhAQu2Qm0kkFlEN2ZsMIxJo%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: xqxK33ICqhz2PxPR2rpr%2B6E57sw%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: M4Y6DrVTDeltMHV80qNpvrShQ9E%3D`
Apt Get Install Pin Version Not Defined	/Dockerfile: 4	details When installing a package, its pin version should be defined `ID: iffHZzn6uJ5HgRh5XsuEUyv696k%3D`
CVE-2025-59288	Npm-playwright-1.52.0	details Recommended version: 1.55.1 Description: In versions prior to 1.55.1, improper verification of the cryptographic signature in Playwright allows an unauthorized attacker to perform spoofin... Attack Vector: ADJACENT_NETWORK Attack Complexity: HIGH `ID: A%2BQAGtj1C2OoiswgrssI%2BhSeylhMnZaoc7Bgviskcdw%3D` Vulnerable Package
Container Capabilities Unrestricted	/fork-test-compose.yml: 118	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: q1SQP%2Bw5FKruNDwGikShvIAld%2BE%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 382	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: CnItjrz%2B803aY3Q%2Be01hx9z3iHM%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 214	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: ItJBBzAAoNBJDPIwdkwH%2Bg8pnws%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 2	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: vCzVy1jdNn4wUL9tEm4%2BqqAWszI%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 70	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: vWy9BXGm2h11pzL0yk7%2FIG%2Flemw%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 86	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: tDg9MdRBoNyyxDfiUgAXJ4CbfoM%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 188	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: j1Fk6awRyWbW%2BwAifVoHcOnDZdw%3D`
Container Capabilities Unrestricted	/test-compose-latest.yml: 2	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: ChmchZrUAWATKVq%2FD3ILNqgci7k%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 44	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: GppTxKqm2N40GPHKTd4VU3ZuVSQ%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 265	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: SvqBlo%2BqPuBdFcFHCg8YfBlbKNo%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 454	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: SfzKXrAaefWeB4OfLeuLZxnV85w%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 245	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: 3LvGvp%2BgXxhlohDr2KLienNa5%2Fo%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 418	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: il5w6iR9LHc0I6S09PdZ2xLQ%2Fag%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 134	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: OFO9I4m5Ixkp7gjVJ2LpM49%2B5NU%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 314	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: OGmAWStZlo2tROKfY9RC74ECt3E%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 131	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: XcKuOAoNUpto7HFdC3aUSZYt4ZU%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 168	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: qbBKj8KzNDhNn2coPr8liZsunZ4%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 348	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: QK4N89Ye03RM47u9nF2nfFV1Frc%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 102	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: VAkJSLR5VFPNnPQx%2Bh5z4BixzzY%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 150	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: 7qgfWZLjEq9LoTcWQp7uip5JP24%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 97	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: t%2F9BXqPEvZwp9jsI6TfXOpT6FYk%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 159	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: TGCkUrBNkcwsl33v4M7E9rR1TpQ%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 54	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: EDMGpoe9HyhoSJ9IAopUXlTRnWw%3D`
Container Capabilities Unrestricted	/fork-test-compose.yml: 35	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: Q3HA07oRqNqOiD4Fc%2FLYGvxUoZU%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 66	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: %2F0DyC%2BJPNRedfid4GJhKO%2BHGJLQ%3D`
Container Capabilities Unrestricted	/docker-compose.yml: 279	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... `ID: gUgVK1Bb%2FLJPCgBHUaB0UXDJif8%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 337	details Incoming container traffic should be bound to a specific host interface `ID: 6yVCdGOfbDPwikBAdhxUkrVVIUM%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 93	details Incoming container traffic should be bound to a specific host interface `ID: 59iGAEnoXD2gxQDn%2BUmD%2BGwSNVU%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 41	details Incoming container traffic should be bound to a specific host interface `ID: YdB3z22Gb6r8134Nn%2Fb8yG8Tf3U%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 141	details Incoming container traffic should be bound to a specific host interface `ID: 35hrkRKm%2F%2FHyhAcR%2BM0rosIXbXQ%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 225	details Incoming container traffic should be bound to a specific host interface `ID: fl9T%2BmRfM267KfCBkEb6EWi1icU%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 109	details Incoming container traffic should be bound to a specific host interface `ID: AWPCswZ8oeJi0NqMN1PcqRFvnp8%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 77	details Incoming container traffic should be bound to a specific host interface `ID: rijY4GbNkm2p8MLO10z5%2BCu1e1g%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 87	details Incoming container traffic should be bound to a specific host interface `ID: Ux9lA8v7Mz%2F6r%2BOfSDqHJrCMo0E%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 371	details Incoming container traffic should be bound to a specific host interface `ID: 0Wm9ADWUBtCQERxXdmR%2FT3k%2Fup0%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 125	details Incoming container traffic should be bound to a specific host interface `ID: 3%2FO0%2B0W6OMBgzQmgEgWFOi5vCpo%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 157	details Incoming container traffic should be bound to a specific host interface `ID: HOG%2B3p0VxXSf9NqbBJLJ0LbxSMo%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 272	details Incoming container traffic should be bound to a specific host interface `ID: JwEROjGO1loBrWXVUEPMxA1Vy14%3D`
Container Traffic Not Bound To Host Interface	/test-compose-latest.yml: 4	details Incoming container traffic should be bound to a specific host interface `ID: zYxSJHbPoO4pYi%2FD3BIZ3tmrmQ4%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 63	details Incoming container traffic should be bound to a specific host interface `ID: LOyQ3GkF0GHzs6O7mcyvLFZHyM0%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 407	details Incoming container traffic should be bound to a specific host interface `ID: nFDOZOZKCVWyg2arz1QwMjn890s%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 148	details Incoming container traffic should be bound to a specific host interface `ID: HdclvEqhsV3G9TLYd5OSQfzQn4g%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 302	details Incoming container traffic should be bound to a specific host interface `ID: AjWtdpcHinYdPr1ljjLayx4C0ck%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 40	details Incoming container traffic should be bound to a specific host interface `ID: nkbOzb1ToZTTDiYMOsFHpkwkgpo%3D`
Container Traffic Not Bound To Host Interface	/docker-compose.yml: 443	details Incoming container traffic should be bound to a specific host interface `ID: 8zUXuZVhGUnd5pfpqPJBCgpvRm8%3D`
Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 56	details Incoming container traffic should be bound to a specific host interface `ID: BcpXnOQz9Fnb5Ffx9tpgIQrg35M%3D`
Healthcheck Not Set	/docker-compose.yml: 314	details Check containers periodically to see if they are running properly. `ID: %2Bis9WgcbrrOAhy2fJPjUahfqAjw%3D`
Healthcheck Not Set	/fork-test-compose.yml: 168	details Check containers periodically to see if they are running properly. `ID: EVxAZFgQJgHvp8FkuDFLriyMKEg%3D`
Healthcheck Not Set	/fork-test-compose.yml: 150	details Check containers periodically to see if they are running properly. `ID: OwxW2Mk0HzoD0218fBPeNrS6U6Q%3D`
Healthcheck Not Set	/docker-compose.yml: 265	details Check containers periodically to see if they are running properly. `ID: OvJgvrN3hUPIwn0GSseTk0MEgfM%3D`
Healthcheck Not Set	/fork-test-compose.yml: 54	details Check containers periodically to see if they are running properly. `ID: II2H5%2Fjif4jLMBQWFO9YU9wyUDM%3D`
Healthcheck Not Set	/fork-test-compose.yml: 86	details Check containers periodically to see if they are running properly. `ID: Kr3BpyzZfVSqeFcPN%2FNp000Csb4%3D`
Healthcheck Not Set	/docker-compose.yml: 418	details Check containers periodically to see if they are running properly. `ID: aoznIMhKDeOnsUt2sXyX2CmJ0QA%3D`
Healthcheck Not Set	/docker-compose.yml: 348	details Check containers periodically to see if they are running properly. `ID: kcI%2FNdmZOvcTacoVoY9vSPhNDHc%3D`
Healthcheck Not Set	/docker-compose.yml: 97	details Check containers periodically to see if they are running properly. `ID: bfI%2FOjvhmE9HdyiC6b9sfsJdDP4%3D`
Healthcheck Not Set	/fork-test-compose.yml: 70	details Check containers periodically to see if they are running properly. `ID: f3nKgedKNLICkMtp3gqtcjl0MG0%3D`
Healthcheck Not Set	/docker-compose.yml: 279	details Check containers periodically to see if they are running properly. `ID: sPehqxqVdUALr7KIco2pIPV3Onc%3D`
Healthcheck Not Set	/docker-compose.yml: 44	details Check containers periodically to see if they are running properly. `ID: s84p%2FGdZL6SYZvgfKrwBZYwiCFM%3D`
Healthcheck Not Set	/fork-test-compose.yml: 102	details Check containers periodically to see if they are running properly. `ID: g7NQ2yapI9Vdn7tVWNmIn7GB2yE%3D`
Healthcheck Not Set	/fork-test-compose.yml: 118	details Check containers periodically to see if they are running properly. `ID: pDUpW7iW9Vymf4fKnSDuB545twI%3D`
Healthcheck Not Set	/fork-test-compose.yml: 134	details Check containers periodically to see if they are running properly. `ID: eEEkOL%2BNEDbIUpiyfrGw5I5%2BBBc%3D`
Healthcheck Not Set	/docker-compose.yml: 454	details Check containers periodically to see if they are running properly. `ID: FGFzFmUi66fBUpgJIiVzQsACasE%3D`
Healthcheck Not Set	/docker-compose.yml: 382	details Check containers periodically to see if they are running properly. `ID: vK7XHYCLhfbq3WNrGqv3%2B2LK%2Fb0%3D`
Memory Not Limited	/fork-test-compose.yml: 134	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: pjXXo7Yp2cE5Wtky%2BXzF%2Bi3B77o%3D`
Memory Not Limited	/fork-test-compose.yml: 35	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: GQWxl7yL6Dt4Ngn3ZGWM8QYMSWE%3D`
Memory Not Limited	/fork-test-compose.yml: 118	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: %2B16OwHVNPe5w7lUqUJxy2y8RrIc%3D`
Memory Not Limited	/fork-test-compose.yml: 86	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: 53%2B9lOwAlbCtTqxasUY3LZnncEI%3D`
Memory Not Limited	/fork-test-compose.yml: 168	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: cejIOhoPMwZQK16%2FAayTsbtV7pw%3D`
Memory Not Limited	/fork-test-compose.yml: 54	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: HU8tz5pJ%2Fx2xwOJVNN%2BqJ8Sdy68%3D`
Memory Not Limited	/fork-test-compose.yml: 150	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: 1N9B5OsWgvveN2GuyL5O848d1N0%3D`
Memory Not Limited	/fork-test-compose.yml: 102	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: WiW9qfBrY6AhWwFZwjW6brJh3Ts%3D`
Memory Not Limited	/fork-test-compose.yml: 70	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... `ID: 7v65i7ts4b6traMROeudtSOAXOU%3D`
Security Opt Not Set	/fork-test-compose.yml: 118	details Attribute 'security_opt' should be defined. `ID: 5jw1HMKDCpD7EMjIdEAIICslbfw%3D`
Security Opt Not Set	/docker-compose.yml: 214	details Attribute 'security_opt' should be defined. `ID: Ayafbqn1FfB1Rz0xWtP7xk4Yqnw%3D`
Security Opt Not Set	/fork-test-compose.yml: 134	details Attribute 'security_opt' should be defined. `ID: 7lhmYmmX7dXEBGPGQjNp3XFIj3s%3D`
Security Opt Not Set	/fork-test-compose.yml: 70	details Attribute 'security_opt' should be defined. `ID: hDRmSq0NDQzIUQLZd05PspbfejI%3D`
Security Opt Not Set	/docker-compose.yml: 159	details Attribute 'security_opt' should be defined. `ID: hOOvblo9So4tjCobbDNrA%2FKPJ2M%3D`
Security Opt Not Set	/test-compose-latest.yml: 2	details Attribute 'security_opt' should be defined. `ID: NfhnF%2FsxIvLoJ4H0dWGus7aaeyg%3D`
Security Opt Not Set	/fork-test-compose.yml: 86	details Attribute 'security_opt' should be defined. `ID: bdd8BnHIclk1w%2Be3DHZsi8rwaco%3D`
Security Opt Not Set	/fork-test-compose.yml: 102	details Attribute 'security_opt' should be defined. `ID: 939LnL5yK%2F3qfT34ZAeCrev0XFc%3D`
Security Opt Not Set	/docker-compose.yml: 188	details Attribute 'security_opt' should be defined. `ID: jyKnsdSnXZc9ffu0DP0twR%2Fpl8g%3D`
Security Opt Not Set	/fork-test-compose.yml: 168	details Attribute 'security_opt' should be defined. `ID: RUreJwngXzxVW4ATKaEDNKcFxRs%3D`
Security Opt Not Set	/fork-test-compose.yml: 54	details Attribute 'security_opt' should be defined. `ID: kAzDyEj9Jm9Cz%2BLPuu7O4qMK2kc%3D`
Security Opt Not Set	/fork-test-compose.yml: 35	details Attribute 'security_opt' should be defined. `ID: fJ6vdVOtRsywG9XmUFoE7M7EjQA%3D`
Security Opt Not Set	/docker-compose.yml: 44	details Attribute 'security_opt' should be defined. `ID: TSUbVGt2XfQUlGRZITMRDwVUeZc%3D`
Security Opt Not Set	/fork-test-compose.yml: 150	details Attribute 'security_opt' should be defined. `ID: O7DV3N6CcFtVYkp46BRnGVMX7xE%3D`
CVE-2025-5889	Npm-brace-expansion-1.1.11	details Recommended version: 1.1.12 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH `ID: dyr5TN7fRzVIQVkbXH%2F1YeqxoCREXLKJMQR1HE9gRfE%3D` Vulnerable Package
CVE-2025-5889	Npm-brace-expansion-2.0.1	details Recommended version: 2.0.2 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH `ID: MFoE2J%2FY9%2Bokh34zTdwBj9cb%2F6mioVjx%2BoMQ1GjgXZQ%3D` Vulnerable Package
Cpus Not Limited	/fork-test-compose.yml: 86	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: awq%2F%2BNz8cP3Wa0VMQQIFUmjRVwU%3D`
Cpus Not Limited	/fork-test-compose.yml: 150	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: uQh68aWtPElUmgBwJ8nmH15DpFg%3D`
Cpus Not Limited	/fork-test-compose.yml: 54	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: zsbIu8f%2BrWwNHTzHHTx%2F2cXwr1o%3D`
Cpus Not Limited	/fork-test-compose.yml: 168	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: JBK8KK%2B0FiYygYWWITnkBOFXBzU%3D`
Cpus Not Limited	/fork-test-compose.yml: 70	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: w6ToqSj4Hb5Ty%2FMxnkaU9IJBluw%3D`
Cpus Not Limited	/fork-test-compose.yml: 102	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: %2B68V2HAdIKRKskaj57ncFVjGius%3D`
Cpus Not Limited	/fork-test-compose.yml: 35	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: %2BBFcVGxFnZr1YwkSHkIENPPoZ%2BE%3D`
Cpus Not Limited	/fork-test-compose.yml: 134	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: 8koSpysPxhYQlfGYJQryeKJYJ1A%3D`
Cpus Not Limited	/fork-test-compose.yml: 118	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests `ID: t2XfjN%2B8Mwhv9M27lTqe1NVV9dA%3D`
Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working `ID: cX9DYdIA3zklROtosdfIrb0TWAU%3D`
Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working `ID: HHO%2F5%2FlidPj61hrO7ai91gZC2jM%3D`
Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working `ID: 0STjUQqbLiwVcXpW%2BBWxloZ%2F5H8%3D`
Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 13	details Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers. `ID: D99wHQm%2B19OSThFZZX9ypIVabCc%3D`
Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 23	details Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers. `ID: 0YHumHWOxPB796onZNUKAR4bNco%3D`
RUN Instruction Using 'cd' Instead of WORKDIR	/Dockerfile: 1	details When using RUN command 'cd' should only be used for full path. For relative path make use of WORKDIR command instead. `ID: TEK%2FnQYzhnxoHKPIRdZdew4Z4Jc%3D`
Use_of_Unsafe_Keyword	/runtime/build.rs: 19	details The dangerous function, unsafe, was found in use at line 19 in /runtime/build.rs file. Such functions may expose information and allow an attacke... `ID: hD%2FeM4lruc52neMifir2D047TIU%3D` Attack Vector
Use_of_Unsafe_Keyword	/runtime/build.rs: 28	details The dangerous function, unsafe, was found in use at line 28 in /runtime/build.rs file. Such functions may expose information and allow an attacke... `ID: 9Ftn6Z2gOD%2F8P8jH65yeeNzFH4c%3D` Attack Vector

* fix: update node-dev-01 gov contracts * fix: qanet and preview gov contracts * chore: update chain-specs

* fix: update gov contract addresses * Update governance contracts (#226) * fix: update node-dev-01 gov contracts * fix: qanet and preview gov contracts * chore: update chain-specs

* fix: error when loading chain spec for non-dev cfg_preset (#187) (#194) * fix: error when loading chain spec for non-dev cfg_preset --------- Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Squirrel <giles.cope@shielded.io> * chore: PC 1.8 deployment fixes (#201) * chore: node-dev-01 new chain spec with PC 1.8 registrations (#191) * chore: PC 1.8 new registrations (#197) * chore: PC 1.8 new registrations * chore: add governance info * chore: fix chain-spec to match PC 1.8 registration (#200) * Cherry pick: bump to ledger ledger-6.1.0-alpha.5 (#203) (#204) * bump to ledger ledger-6.1.0-alpha.5 (#203) (cherry picked from commit b3fac93) * Change GITHUB_TOKEN to GHP_TOKEN in workflow --------- Co-authored-by: Fenton Haslam <50406962+Fentonhaslam@users.noreply.github.com> * Backport gov (#206) * Fix: Federated Authority configurations (#180) * fix federated authorities for qanet and node-dev-01 * chore: regenerate chain_specs * fix: rebuild preview chainspec --------- Co-authored-by: Ignacio Palacios <ignacio.palacios.santos@gmail.com> * [0.18.0 cherry-pick] Add midnight_ prefix to chain ID to follow Polkadot convention (#216) * Add `midnight_` prefix to chain ID to follow Polkadot convention (#188) * feat: add 'midnight_' prefix to all chain ids Network ID is created as a transformation of the chain id * chore: rebuild chainspecs * docs: add change file * feat: add check on network_id spec conformity * chore: rebuild chainspecs * Backport #142 (#220) * Feat: Federated Authority Observation - querying `db-sync` (#142) * feat: query governance data * test: e2e tests base for governance contracts * feat: adding governance contracts to local-env * aaarrrgggg deploy failing * feat: Governance contracts deployed to local-env * federate-authority-configs updated with expected contracts * feat: new members properly read from the minted nft * chore: clean up * feat: add new calls to set addresses and policy_id + benchmarks * nit * chore: make clippy happy * chore: add change file * feat: replace vec by PolicyId and MainchainAddress * chore: regenerate metadata * chore: make clippy happy * test: add test for contracts info setters * chore: update federated configs with preview real data + test fix * chore: regenerate metadata * chore: rebuild metadata * chore: rebuild chain_specs * [cherry-pick 0.18.0] Deduplicate Mapping types (#166) (#221) * Deduplicate Mapping types (#166) * chore: replace Mapping with MappingEntry Signed-off-by: yHSJ <josh@securitybot.info> * chore: changefile * chore: remove unnecessary conversions * fix: regenerate metadata * chore: update metadata * Add change tag * test: fix test compile errors --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> * chore: rebuild metadata * chore: rebuild chainspecs --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Joshua Marchand (JSHy) <79121297+yHSJ@users.noreply.github.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> * Fix node entrypoint (#217) * fix node entrypoint * test * last try * fix: node entrypoint passing `--` as an arg Found when running with SHOW_CONFIG=1: ``` NAME: args HELP: The arguments passed to the node TYPE: Vec < String > DEFAULT: SOURCES: cli CURRENT_VALUE: "--, " ``` --------- Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> * [cherry-pick 0.18.0] Update cNight Observation for new Datum structure (#189) (#225) * Update cNight Observation for new Datum structure (#189) * feat: update to follow new datum structure * test: fix tests * fix: DustPublicKey deserialized correctly (PM-19983); fix test * fix: check for DustPublicKey length; Fix missing dereg event (PM-20229) * refactor: rename types - more precise naming * refactor: rename fields for precision * feat: wrap cnight array types in new structs * feat: use McBlockHash and TxBlockHash in more places * fix: clippy warnings * docs: add change file * docs: add change file * docs: add change file * build: remove unused dep serde_arrays * chore: update metadata * feat: rename MappingEntry utxo_id -> utxo_tx_hash * feat: update type of utxo_tx_hash * feat: change type of cmst block hash * feat: add check for mapping validator auth token * chore: update sqlx cache * test: fix tests for cnight config validation * chore: update cnight config files * test: use aiken cnight smart contracts * fix: use new mapping validator address * chore: update metadata * test: fix tests after cnight pallet update * test: fix more tests, 2 e2e tests still failing * test: fix mint cnight tx budget * test: remove old typescript local-env tests * build: remove leftover target * build: remove leftover target --------- Co-authored-by: Radosław Sporny <404@rspo.dev> * chore: rebuild chainspecs --------- Co-authored-by: Radosław Sporny <404@rspo.dev> * Update governance contracts (#226) * fix: update node-dev-01 gov contracts * fix: qanet and preview gov contracts * chore: update chain-specs * docs: reset changes (node-0.18.0-rc.5) * fix: npm audit * fix metadata --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Radosław Sporny <404@rspo.dev> Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Squirrel <giles.cope@shielded.io> Co-authored-by: justinfrevert <81839854+justinfrevert@users.noreply.github.com> Co-authored-by: Fenton Haslam <50406962+Fentonhaslam@users.noreply.github.com> Co-authored-by: Ignacio Palacios <ignacio.palacios.santos@gmail.com> Co-authored-by: Joshua Marchand (JSHy) <79121297+yHSJ@users.noreply.github.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix: error when loading chain spec for non-dev cfg_preset (#187) (#194) * fix: error when loading chain spec for non-dev cfg_preset --------- Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Squirrel <giles.cope@shielded.io> * chore: PC 1.8 deployment fixes (#201) * chore: node-dev-01 new chain spec with PC 1.8 registrations (#191) * chore: PC 1.8 new registrations (#197) * chore: PC 1.8 new registrations * chore: add governance info * chore: fix chain-spec to match PC 1.8 registration (#200) * Cherry pick: bump to ledger ledger-6.1.0-alpha.5 (#203) (#204) * bump to ledger ledger-6.1.0-alpha.5 (#203) (cherry picked from commit b3fac93) * Change GITHUB_TOKEN to GHP_TOKEN in workflow --------- Co-authored-by: Fenton Haslam <50406962+Fentonhaslam@users.noreply.github.com> * Backport gov (#206) * Fix: Federated Authority configurations (#180) * fix federated authorities for qanet and node-dev-01 * chore: regenerate chain_specs * fix: rebuild preview chainspec --------- Co-authored-by: Ignacio Palacios <ignacio.palacios.santos@gmail.com> * [0.18.0 cherry-pick] Add midnight_ prefix to chain ID to follow Polkadot convention (#216) * Add `midnight_` prefix to chain ID to follow Polkadot convention (#188) * feat: add 'midnight_' prefix to all chain ids Network ID is created as a transformation of the chain id * chore: rebuild chainspecs * docs: add change file * feat: add check on network_id spec conformity * chore: rebuild chainspecs * Backport #142 (#220) * Feat: Federated Authority Observation - querying `db-sync` (#142) * feat: query governance data * test: e2e tests base for governance contracts * feat: adding governance contracts to local-env * aaarrrgggg deploy failing * feat: Governance contracts deployed to local-env * federate-authority-configs updated with expected contracts * feat: new members properly read from the minted nft * chore: clean up * feat: add new calls to set addresses and policy_id + benchmarks * nit * chore: make clippy happy * chore: add change file * feat: replace vec by PolicyId and MainchainAddress * chore: regenerate metadata * chore: make clippy happy * test: add test for contracts info setters * chore: update federated configs with preview real data + test fix * chore: regenerate metadata * chore: rebuild metadata * chore: rebuild chain_specs * [cherry-pick 0.18.0] Deduplicate Mapping types (#166) (#221) * Deduplicate Mapping types (#166) * chore: replace Mapping with MappingEntry Signed-off-by: yHSJ <josh@securitybot.info> * chore: changefile * chore: remove unnecessary conversions * fix: regenerate metadata * chore: update metadata * Add change tag * test: fix test compile errors --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> * chore: rebuild metadata * chore: rebuild chainspecs --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Joshua Marchand (JSHy) <79121297+yHSJ@users.noreply.github.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> * Fix node entrypoint (#217) * fix node entrypoint * test * last try * fix: node entrypoint passing `--` as an arg Found when running with SHOW_CONFIG=1: ``` NAME: args HELP: The arguments passed to the node TYPE: Vec < String > DEFAULT: SOURCES: cli CURRENT_VALUE: "--, " ``` --------- Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> * [cherry-pick 0.18.0] Update cNight Observation for new Datum structure (#189) (#225) * Update cNight Observation for new Datum structure (#189) * feat: update to follow new datum structure * test: fix tests * fix: DustPublicKey deserialized correctly (PM-19983); fix test * fix: check for DustPublicKey length; Fix missing dereg event (PM-20229) * refactor: rename types - more precise naming * refactor: rename fields for precision * feat: wrap cnight array types in new structs * feat: use McBlockHash and TxBlockHash in more places * fix: clippy warnings * docs: add change file * docs: add change file * docs: add change file * build: remove unused dep serde_arrays * chore: update metadata * feat: rename MappingEntry utxo_id -> utxo_tx_hash * feat: update type of utxo_tx_hash * feat: change type of cmst block hash * feat: add check for mapping validator auth token * chore: update sqlx cache * test: fix tests for cnight config validation * chore: update cnight config files * test: use aiken cnight smart contracts * fix: use new mapping validator address * chore: update metadata * test: fix tests after cnight pallet update * test: fix more tests, 2 e2e tests still failing * test: fix mint cnight tx budget * test: remove old typescript local-env tests * build: remove leftover target * build: remove leftover target --------- Co-authored-by: Radosław Sporny <404@rspo.dev> * chore: rebuild chainspecs --------- Co-authored-by: Radosław Sporny <404@rspo.dev> * Update governance contracts (#226) * fix: update node-dev-01 gov contracts * fix: qanet and preview gov contracts * chore: update chain-specs * Add `preprod` network (#265) * feat: add preprod network * nit * chore: change file * chore: preprod validators * chore: regenerate genesis * fix: align with preview * chore: update preprod pc-config * Revert "chore: update preprod pc-config" This reverts commit 5a43d4c. * Revert "fix: align with preview" This reverts commit 5c4d7e7. * chore: preprod chain-spec * fix: npm audit * fix * remove cache * :/ * change to trixie * Revert "remove cache" This reverts commit e6fdbe2. * recover no cache * Revert "change to trixie" This reverts commit d529e1d. * Revert ":/" This reverts commit 980d1a8. * logs * fix: update to trixie * Revert "logs" This reverts commit 6709891. * undo no-cache --------- Co-authored-by: Radosław Sporny <404@rspo.dev> * docs: reset changes (node-0.18.0-rc.6) * fix: fix main merge * fix: fix main merge 2 * fix: fix main merge 3 * fix: add mainchain memebers for preprod --------- Signed-off-by: yHSJ <josh@securitybot.info> Co-authored-by: Radosław Sporny <404@rspo.dev> Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com> Co-authored-by: Squirrel <giles.cope@shielded.io> Co-authored-by: justinfrevert <81839854+justinfrevert@users.noreply.github.com> Co-authored-by: Fenton Haslam <50406962+Fentonhaslam@users.noreply.github.com> Co-authored-by: Ignacio Palacios <ignacio.palacios.santos@gmail.com> Co-authored-by: Joshua Marchand (JSHy) <79121297+yHSJ@users.noreply.github.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Justin Frevert <justinfrevert@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Signed-off-by: Mike Clay <mike.clay@shielded.io>

NachoPal added 4 commits November 5, 2025 16:49

fix: update node-dev-01 gov contracts

56b9186

fix: qanet and preview gov contracts

f32a874

Merge branch 'release/node-0.18.0' into nacho/update-governance-contr…

13f12a0

…acts

chore: update chain-specs

4d7c3ec

NachoPal requested a review from a team as a code owner November 5, 2025 17:29

NachoPal added the skip-changes-check-all label Nov 5, 2025

NachoPal requested a review from justinfrevert November 5, 2025 17:29

ozgb approved these changes Nov 5, 2025

View reviewed changes

justinfrevert approved these changes Nov 5, 2025

View reviewed changes

NachoPal enabled auto-merge (squash) November 5, 2025 17:33

NachoPal mentioned this pull request Nov 5, 2025

[Upstream #226] Update governance contracts #227

Merged

13 tasks

NachoPal merged commit 49b4acd into release/node-0.18.0 Nov 5, 2025
25 of 28 checks passed

NachoPal deleted the nacho/update-governance-contracts branch November 5, 2025 18:04

NachoPal added a commit that referenced this pull request Nov 12, 2025

Update governance contracts (#226)

e36caa1

* fix: update node-dev-01 gov contracts * fix: qanet and preview gov contracts * chore: update chain-specs

gilescope pushed a commit that referenced this pull request Apr 8, 2026

feat: update ogmios to v6.9.0 (#226)

f8c9c91

m2ux added a commit that referenced this pull request Apr 23, 2026

feat: update ogmios to v6.9.0 (#226)

aa9167d

Signed-off-by: Mike Clay <mike.clay@shielded.io>

m2ux added a commit that referenced this pull request Apr 23, 2026

feat: update ogmios to v6.9.0 (#226)

92ed9f2

Signed-off-by: Mike Clay <mike.clay@shielded.io>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update governance contracts#226

Update governance contracts#226
NachoPal merged 4 commits into
release/node-0.18.0from
nacho/update-governance-contracts

NachoPal commented Nov 5, 2025 •

edited

Loading

Uh oh!

github-actions Bot commented Nov 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

NachoPal commented Nov 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overview

🗹 TODO before merging

📌 Submission Checklist

🧪 Testing Evidence

🔱 Fork Strategy

Links

Uh oh!

github-actions Bot commented Nov 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

NachoPal commented Nov 5, 2025 •

edited

Loading