Skip to content

❄️ Graph Horizon and Subgraph Service ❄️ #944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 663 commits into from
Sep 15, 2025
Merged

❄️ Graph Horizon and Subgraph Service ❄️ #944

merged 663 commits into from
Sep 15, 2025

Conversation

pcarranzav
Copy link
Member

No description provided.

@openzeppelin-code OpenZeppelin Code
Copy link

openzeppelin-code bot commented Feb 20, 2024
edited
Loading

❄️ Graph Horizon and Subgraph Service ❄️

Generated at commit: 1eb425080df31143186e0f60606c57d7e9fd93ca

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 2
4
0
15
39
60
Dependencies Critical
High
Medium
Low
Note
Total		 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

@tmigone tmigone changed the title [WIP/Experimental] Horizon draft changes [WIP/Experimental] BREAKING CHANGE: Horizon draft changes Feb 20, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Feb 21, 2024
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
@openzeppelin/[email protected] has a Critical CVE.

CVE: GHSA-fg47-3c2x-m2wr TimelockController vulnerability in OpenZeppelin Contracts (CRITICAL)

Affected versions: >= 4.0.0 < 4.3.1; >= 3.3.0 < 3.4.2

Patched version: 3.4.2

From: packages/contracts/package.jsonnpm/@openzeppelin/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@openzeppelin/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@codecov Codecov
Copy link

codecov bot commented Feb 21, 2024
edited
Loading

Codecov Report

❌ Patch coverage is 86.76471% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.84%. Comparing base (cbda0fc) to head (1eb4250).
⚠️ Report is 665 commits behind head on main.

Files with missing lines Patch % Lines
...ges/contracts/contracts/rewards/RewardsManager.sol 82.14% 5 Missing ⚠️
...ges/contracts/contracts/l2/curation/L2Curation.sol 50.00% 2 Missing ⚠️
packages/contracts/contracts/staking/Staking.sol 75.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #944      +/-   ##
==========================================
- Coverage   86.06%   82.84%   -3.22%     
==========================================
  Files          47       47              
  Lines        2074     2093      +19     
  Branches      613      620       +7     
==========================================
- Hits         1785     1734      -51     
- Misses        289      359      +70
Flag Coverage Δ
unittests 82.84% <86.76%> (-3.22%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@tmigone tmigone force-pushed the horizon branch 2 times, most recently from 76aa677 to 33b5790 Compare March 14, 2024 18:40
@socket-security Socket Security
Copy link

socket-security bot commented Mar 14, 2024
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​openzeppelin/​contracts@​5.3.0 ⏵ 3.4.110025 -7095 -590100
Added@​types/​json5@​2.2.01001003576100
Added@​openzeppelin/​foundry-upgrades@​0.4.0571009185100
Updated@​graphql-yoga/​plugin-persisted-operations@​3.13.6 ⏵ 3.15.2100 +110066 +398 +3100
Added@​graphprotocol/​sdk@​0.6.0771007288100
Added@​nomicfoundation/​hardhat-foundry@​1.2.0881007390100
Added@​nomicfoundation/​hardhat-toolbox@​4.0.0981007487100
Added@​wagmi/​cli@​2.5.1971007697100
Added@​ethersproject/​providers@​5.7.2991009579100
Added@​nomicfoundation/​ignition-core@​0.15.139910079100100
Added@​typechain/​ethers-v6@​0.5.11001009379100
Added@​typechain/​hardhat@​9.1.010010010080100
Updated@​types/​node@​20.17.58 ⏵ 20.19.14100 +110081 +196100
Updated@​nomicfoundation/​hardhat-network-helpers@​1.0.12 ⏵ 1.1.0100 +110082 +296 -2100
Added@​nomicfoundation/​hardhat-ignition-ethers@​0.15.149910084100100
Added@​nomicfoundation/​hardhat-chai-matchers@​2.1.0991009688100
Updated@​openzeppelin/​contracts-upgradeable@​5.3.0 ⏵ 5.4.0100100 +510090 +1100
Updated@​openzeppelin/​contracts@​5.3.0 ⏵ 5.4.0100100 +510091 +1100
Added@​nomicfoundation/​hardhat-ignition@​0.15.139810091100100
Updated@​eslint/​js@​9.28.0 ⏵ 9.35.010010091 +194 -1100
Updated@​changesets/​cli@​2.29.4 ⏵ 2.29.797 +1100100 +195 +4100
Updatedaxios@​1.9.0 ⏵ 1.12.299100 +1510097 +1100
Added@​nomicfoundation/​hardhat-ethers@​3.0.810010010098100
Added@​nomicfoundation/​hardhat-verify@​2.1.19910010099100
Updated@​typescript-eslint/​eslint-plugin@​8.33.1 ⏵ 8.44.0100 +2100100 +23100 +4100
Updated@​typescript-eslint/​parser@​8.33.1 ⏵ 8.44.0100 +1100100 +32100 +4100

View full report

@tmigone tmigone force-pushed the horizon branch 4 times, most recently from 1b27dfa to cae2490 Compare March 21, 2024 20:37
@tmigone tmigone changed the title [WIP/Experimental] BREAKING CHANGE: Horizon draft changes [WIP] Horizon draft changes Apr 12, 2024
@tmigone tmigone changed the title [WIP] Horizon draft changes [WIP] Horizon changes Apr 12, 2024
@tmigone tmigone changed the title [WIP] Horizon changes [WIP] Graph Horizon May 17, 2024
pcarranzav
pcarranzav commented Jun 6, 2024
View reviewed changes
Copy link
Member Author

@pcarranzav pcarranzav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments for now - still reviewing

pcarranzav
pcarranzav commented Jun 6, 2024
View reviewed changes
Copy link
Member Author

@pcarranzav pcarranzav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more comments, still reviewing...

pcarranzav
pcarranzav commented Jun 6, 2024
View reviewed changes
Copy link
Member Author

@pcarranzav pcarranzav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moar

pcarranzav
pcarranzav commented Jun 7, 2024
View reviewed changes
Copy link
Member Author

@pcarranzav pcarranzav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple more comments - finished going through the main Solidity code

@tmigone tmigone marked this pull request as ready for review June 7, 2024 23:56
@tmigone tmigone changed the title [WIP] Graph Horizon Graph Horizon and Subgraph Service Jun 7, 2024
@tmigone tmigone changed the title Graph Horizon and Subgraph Service ❄️ Graph Horizon and Subgraph Service ❄️ Jun 8, 2024
@tmigone tmigone changed the title ❄️ Graph Horizon and Subgraph Service ❄️ ☀️ Graph Horizon and Subgraph Service ☀️ Sep 6, 2024
@Maikol Maikol changed the title ☀️ Graph Horizon and Subgraph Service ☀️ ❄️ Graph Horizon and Subgraph Service ❄️ Oct 11, 2024
@Maikol Maikol changed the title ❄️ Graph Horizon and Subgraph Service ❄️ ☀️ Graph Horizon and Subgraph Service ☀️ Dec 17, 2024
tmigone and others added 28 commits July 10, 2025 15:41
@tmigone
ci: remove unnecessary workflows
a32f413 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
chore: add script to compare bytecode
9d85394 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
chore: use bytecode instead of deployedBytecode in bytecode compare s…
523d3b1 
…cript

Signed-off-by: Tomás Migone <[email protected]>
@tmigone
Merge pull request #1187 from graphprotocol/tmigone/horizon-interfaces
8812eb1
@Maikol
fix: interfaces architecture and add missing GNS functions
51c2c1d
@Maikol
feat: add vesting interfaces for Horizon protocol
bd38c83
@Maikol
chore: release [email protected] and [email protected]
59e87cf
@Maikol
fix: export conditions order in interfaces package for Next.js compat…
d28477f 
…ibility
@Maikol
chore: extract horizon and subgraph-service addresses to a new addres…
4689fec 
…s-book package
@Maikol
Merge pull request #1211 from graphprotocol/mde/address-book-package
ef8b05d 
chore: extract horizon and subgraph-service addresses to a new address-book package
@Maikol
chore: release [email protected]
0834478
@Maikol
chore: add CHANGELOG for [email protected]
db7fd6d
@Maikol
fix: add missing nextAccountSeqID and multicall to IL2GNSToolshed int…
f22e83a 
…erface
@Maikol
chore: release [email protected]
f3107aa
@tmigone
fix: ensure published toolshed does not use workspace nomenclature
d939135 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
fix(toolshed): address book path resolution
eaff905 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
chore: bump package version
3ac3614 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
fix: allow indexers from registering multiple times to set registrati…
6927618 
…on params

Signed-off-by: Tomás Migone <[email protected]>
@tmigone
feat: add receipt recover signer function for graph tally
3e95a5e 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
fix: update toolshed interface and ops scripts
b8f84ae 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
Merge pull request #1215 from graphprotocol/tmigone/register-fix
8e7f89a
@tmigone
chore: bump package versions
1fcda4c 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
fix: timestampNs in RAV type should be a bigint
40bfff9 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
chore: bump toolshed version
32b53c1 
Signed-off-by: Tomás Migone <[email protected]>
@tmigone
fix: rav signing and recovering bug
ac4e1ea 
Signed-off-by: Tomás Migone <[email protected]>
@Maikol
chore: create vesting contracts auth functions for horizon deployment (
d5aacb2 
…#1219)
@tmigone
Merge branch 'main' into horizon
31a1275
@tmigone
ci: lint and format
1eb4250 
Signed-off-by: Tomás Migone <[email protected]>
Maikol
Maikol approved these changes Sep 15, 2025
View reviewed changes
Copy link
Member

@Maikol Maikol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@tmigone tmigone merged commit d7dd62d into main Sep 15, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmigone tmigone tmigone left review comments

@Maikol Maikol Maikol approved these changes

Assignees
No one assigned
Labels
horizon protocol change solidity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pcarranzav @tmigone @Maikol @matiasedgeandnode @juanmardefago @RembrandtK