[pull] develop from smartcontractkit:develop#255
Merged
pull[bot] merged 3 commits intobit-cook:developfrom Mar 25, 2026
Merged
Conversation
* Bump version and update CHANGELOG for v2.40.0 (cherry picked from commit cceb6c3) * Add minor changeset for next release cycle --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* feat: emit node platform build info event * fix: update node-platform dependency versions across modules * feat: emit docker image tag in node platform build info * fix: update node-platform dependency versions across all modules * test: update health response fixtures for node platform build info * test: update health testscripts for node platform build info * refactor: read node platform docker tag from runtime env * refactor: tighten node platform build info service wiring * fix: resolve node platform CSA key at service start * refactor: consume auto-injected docker tag from shared github workflows * chore: align github workflow refs with upstream shared actions
* feat: extract DigestReplayGuard from Vault RequestAuthorizer Extract the request-digest deduplication logic from requestAuthorizer's internal map into a standalone DigestReplayGuard component. The requestAuthorizer now delegates to DigestReplayGuard internally — no behavior change for the existing on-chain allowlist flow. DigestReplayGuard will also be used by the upcoming JWT auth flow (both at the gateway handler and capability gateway handler layers) to reject replayed requests using the JWT's request_digest claim. Having it as a standalone component allows both auth flows to share the same dedup mechanism. Includes 9 unit tests covering: first-call success, duplicate rejection, expiry cleanup, mixed-expiry scenarios, concurrent access safety, and empty-digest edge case. All existing RequestAuthorizer tests pass as-is. Made-with: Cursor * fix: preserve eager expired-entry cleanup in AuthorizeRequest Before the DigestReplayGuard extraction, clearExpiredAuthorizedRequests ran via defer on every AuthorizeRequest call, pruning stale entries even when the request was rejected by the allowlist or expiry check. After the refactor, cleanup only ran inside CheckAndRecord on the success path, allowing unbounded accumulation of expired digests under sustained rejected traffic. Add a public ClearExpired() method to DigestReplayGuard and call it via defer in AuthorizeRequest to restore the original eager-cleanup behavior. Add a dedicated unit test for independent expiry pruning. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )