Sync upstream v11.0.3 (merge conflicts)#69
Conversation
…e is disabled (blockscout#14324) Co-authored-by: Qwerty5Uiop <alex000010@bk.ru>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the project to version 11.0.3 and introduces a priority system for pending block and transaction operations to optimize internal transaction fetching. It includes logic to force contract creator searches when internal transactions are disabled and enhances database migrations with foreign key existence checks and improved table locking. Significant feedback was provided regarding critical issues: unresolved merge conflict markers were found in the test files, a potential SQL injection vulnerability exists in the database migrator due to string interpolation, and the switch to unsupervised tasks in the contract creator fetcher should be reverted to maintain system reliability.
| end | ||
| end | ||
|
|
||
| <<<<<<< HEAD |
There was a problem hiding this comment.
This file contains unresolved merge conflict markers (<<<<<<< HEAD). These must be resolved before the pull request can be merged.
| Repo.query(""" | ||
| SELECT EXISTS ( | ||
| SELECT 1 | ||
| FROM pg_constraint | ||
| WHERE conname = '#{foreign_key_name}' | ||
| ); | ||
| """) |
There was a problem hiding this comment.
The SQL query uses string interpolation for the foreign_key_name variable. This is a security risk as it could allow SQL injection if the input is not properly sanitized. Even if the current callers use hardcoded strings, it is a best practice to use parameterized queries to prevent future vulnerabilities.
Repo.query(
"""
SELECT EXISTS (
SELECT 1
FROM pg_constraint
WHERE conname = $1
);
""",
[foreign_key_name]
)
| :ets.insert(@table_name, {address_cache_name(address_hash), :in_progress}) | ||
|
|
||
| Task.Supervisor.start_child(Indexer.TaskSupervisor, fn -> | ||
| Task.start(fn -> |
There was a problem hiding this comment.
The code was changed from using Task.Supervisor.start_child/2 to Task.start/1. This means the background task is no longer supervised by Indexer.TaskSupervisor. Unsupervised tasks are harder to monitor and won't be automatically restarted or cleaned up properly if the supervision tree is affected. It is recommended to keep using the supervisor for better reliability.
Task.Supervisor.start_child(Indexer.TaskSupervisor, fn ->
JOY (JOY)
force-pushed
the
sync-upstream-v11.0.3
branch
from
3cb83ad to
05c7439
Compare
JOY (JOY)
force-pushed
the
sync-upstream-v11.0.3
branch
from
05c7439 to
7d78f8e
Compare
3 participants
Upstream Sync - v11.0.3
Auto-merge with upstream
v11.0.3failed. Version/workflow conflicts were auto-resolved,but the following files have code conflicts that need manual resolution:
To resolve:
v11.0.3to trigger Docker buildUpstream release notes