From 0eb96556f520fe9d1e9476451cc5cfa20b3515b4 Mon Sep 17 00:00:00 2001 From: bussyjd Date: Tue, 12 May 2026 17:03:34 +0800 Subject: [PATCH] =?UTF-8?q?chore(frontend):=20bump=20obol-stack-front-end?= =?UTF-8?q?=20v0.1.23=20=E2=86=92=20v0.1.24=20(digest-pinned)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the frontend image to the new stable v0.1.24 release and switches the pin format from tag-only to tag+digest. Image: obolnetwork/obol-stack-front-end:v0.1.24@sha256:d5abd6aebddcabf7b7fccd2f5e922cb6067c90dca808b306bd46db71b0010206 What v0.1.24 contains (cumulative since v0.1.23): - 12 Dependabot dep bumps via frontend #310: - Runtime: next 16.2.6, react 19.2.6, @rainbow-me/rainbowkit 2.2.11, @copilotkit/{react-core,react-ui} 1.57.1 - Dev: @typescript-eslint/{parser 8.59.2,eslint-plugin 8.59.1}, @next/eslint-plugin-next 16.2.6, eslint-config-next 16.2.6, @types/node 25.6.2 - Infra: Dockerfile node:22-alpine → node:26-alpine, actions/setup-node 6.3.0 → 6.4.0 - feat(dashboard): storefront link + AgentRegistrationCard (frontend #292) Supply-chain review on the frontend dep diff: GREEN - Zero net-new transitive packages (4 chevrotain sub-deps consolidated) - All workflow uses: SHA-pinned (setup-node SHA verified against v6.4.0 tag) - All target versions ≥4 days old on npm - No new install scripts - Peer-dep compatibility verified - node:26-alpine multi-arch index verified on Docker Hub - PR #292 new API route consumes operator-controlled tunnelURL from in-cluster ConfigMap (no SSRF/user-input surface); no dangerouslySetInnerHTML; consistent with existing /api/agents/* auth patterns --- .../embed/infrastructure/values/obol-frontend.yaml.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/embed/infrastructure/values/obol-frontend.yaml.gotmpl b/internal/embed/infrastructure/values/obol-frontend.yaml.gotmpl index 58b2c55c..6d7178e1 100644 --- a/internal/embed/infrastructure/values/obol-frontend.yaml.gotmpl +++ b/internal/embed/infrastructure/values/obol-frontend.yaml.gotmpl @@ -46,8 +46,8 @@ image: pullPolicy: IfNotPresent # Digest-pinned: tag is informational, sha256 is authoritative. Eliminates # the mutable-tag attack surface called out by the v0.10.0-rc2 supply-chain - # review. Multi-arch index digest for v0.1.23 (linux/amd64 + linux/arm64). - tag: "v0.1.23@sha256:950b887e1cbaca9f928ff7b449b5602ed9777b629b4ee1b9c4c91fac2d74c2f2" + # review. Multi-arch index digest for v0.1.24 (linux/amd64 + linux/arm64). + tag: "v0.1.24@sha256:d5abd6aebddcabf7b7fccd2f5e922cb6067c90dca808b306bd46db71b0010206" service: type: ClusterIP