Jun 13, 9-10 AM (14)
Jun 13, 10-11 AM (12)
Jun 13, 11-12 PM (2)
Jun 13, 12-1 PM (23)
Jun 13, 1-2 PM (21)
Jun 13, 2-3 PM (8)
Jun 13, 3-4 PM (1)
Jun 13, 4-5 PM (4)
Jun 13, 5-6 PM (4)
Jun 13, 6-7 PM (3)
Jun 13, 7-8 PM (3)
Jun 13, 8-9 PM (7)
Jun 13, 9-10 PM (16)
Jun 13, 10-11 PM (19)
Jun 13, 11-12 AM (24)
Jun 14, 12-1 AM (18)
Jun 14, 1-2 AM (0)
Jun 14, 2-3 AM (0)
Jun 14, 3-4 AM (0)
Jun 14, 4-5 AM (2)
Jun 14, 5-6 AM (0)
Jun 14, 6-7 AM (2)
Jun 14, 7-8 AM (3)
Jun 14, 8-9 AM (0)
Jun 14, 9-10 AM (1)
Jun 14, 10-11 AM (2)
Jun 14, 11-12 PM (10)
Jun 14, 12-1 PM (8)
Jun 14, 1-2 PM (4)
Jun 14, 2-3 PM (8)
Jun 14, 3-4 PM (2)
Jun 14, 4-5 PM (1)
Jun 14, 5-6 PM (1)
Jun 14, 6-7 PM (0)
Jun 14, 7-8 PM (11)
Jun 14, 8-9 PM (1)
Jun 14, 9-10 PM (13)
Jun 14, 10-11 PM (29)
Jun 14, 11-12 AM (23)
Jun 15, 12-1 AM (8)
Jun 15, 1-2 AM (10)
Jun 15, 2-3 AM (4)
Jun 15, 3-4 AM (4)
Jun 15, 4-5 AM (1)
Jun 15, 5-6 AM (4)
Jun 15, 6-7 AM (6)
Jun 15, 7-8 AM (41)
Jun 15, 8-9 AM (26)
Jun 15, 9-10 AM (11)
Jun 15, 10-11 AM (35)
Jun 15, 11-12 PM (25)
Jun 15, 12-1 PM (40)
Jun 15, 1-2 PM (26)
Jun 15, 2-3 PM (21)
Jun 15, 3-4 PM (24)
Jun 15, 4-5 PM (21)
Jun 15, 5-6 PM (13)
Jun 15, 6-7 PM (13)
Jun 15, 7-8 PM (7)
Jun 15, 8-9 PM (26)
Jun 15, 9-10 PM (20)
Jun 15, 10-11 PM (22)
Jun 15, 11-12 AM (39)
Jun 16, 12-1 AM (11)
Jun 16, 1-2 AM (5)
Jun 16, 2-3 AM (1)
Jun 16, 3-4 AM (9)
Jun 16, 4-5 AM (6)
Jun 16, 5-6 AM (1)
Jun 16, 6-7 AM (16)
Jun 16, 7-8 AM (81)
Jun 16, 8-9 AM (18)
Jun 16, 9-10 AM (28)
Jun 16, 10-11 AM (22)
Jun 16, 11-12 PM (31)
Jun 16, 12-1 PM (37)
Jun 16, 1-2 PM (49)
Jun 16, 2-3 PM (34)
Jun 16, 3-4 PM (28)
Jun 16, 4-5 PM (37)
Jun 16, 5-6 PM (17)
Jun 16, 6-7 PM (26)
Jun 16, 7-8 PM (9)
Jun 16, 8-9 PM (11)
Jun 16, 9-10 PM (4)
Jun 16, 10-11 PM (31)
Jun 16, 11-12 AM (9)
Jun 17, 12-1 AM (8)
Jun 17, 1-2 AM (8)
Jun 17, 2-3 AM (11)
Jun 17, 3-4 AM (4)
Jun 17, 4-5 AM (1)
Jun 17, 5-6 AM (6)
Jun 17, 6-7 AM (99)
Jun 17, 7-8 AM (33)
Jun 17, 8-9 AM (22)
Jun 17, 9-10 AM (56)
Jun 17, 10-11 AM (18)
Jun 17, 11-12 PM (19)
Jun 17, 12-1 PM (57)
Jun 17, 1-2 PM (28)
Jun 17, 2-3 PM (37)
Jun 17, 3-4 PM (26)
Jun 17, 4-5 PM (19)
Jun 17, 5-6 PM (16)
Jun 17, 6-7 PM (10)
Jun 17, 7-8 PM (14)
Jun 17, 8-9 PM (12)
Jun 17, 9-10 PM (37)
Jun 17, 10-11 PM (29)
Jun 17, 11-12 AM (14)
Jun 18, 12-1 AM (12)
Jun 18, 1-2 AM (8)
Jun 18, 2-3 AM (5)
Jun 18, 3-4 AM (11)
Jun 18, 4-5 AM (11)
Jun 18, 5-6 AM (11)
Jun 18, 6-7 AM (9)
Jun 18, 7-8 AM (19)
Jun 18, 8-9 AM (83)
Jun 18, 9-10 AM (45)
Jun 18, 10-11 AM (51)
Jun 18, 11-12 PM (23)
Jun 18, 12-1 PM (67)
Jun 18, 1-2 PM (14)
Jun 18, 2-3 PM (53)
Jun 18, 3-4 PM (44)
Jun 18, 4-5 PM (64)
Jun 18, 5-6 PM (24)
Jun 18, 6-7 PM (21)
Jun 18, 7-8 PM (13)
Jun 18, 8-9 PM (17)
Jun 18, 9-10 PM (23)
Jun 18, 10-11 PM (30)
Jun 18, 11-12 AM (26)
Jun 19, 12-1 AM (13)
Jun 19, 1-2 AM (9)
Jun 19, 2-3 AM (5)
Jun 19, 3-4 AM (2)
Jun 19, 4-5 AM (11)
Jun 19, 5-6 AM (4)
Jun 19, 6-7 AM (92)
Jun 19, 7-8 AM (18)
Jun 19, 8-9 AM (37)
Jun 19, 9-10 AM (39)
Jun 19, 10-11 AM (27)
Jun 19, 11-12 PM (30)
Jun 19, 12-1 PM (53)
Jun 19, 1-2 PM (66)
Jun 19, 2-3 PM (32)
Jun 19, 3-4 PM (61)
Jun 19, 4-5 PM (9)
Jun 19, 5-6 PM (4)
Jun 19, 6-7 PM (17)
Jun 19, 7-8 PM (16)
Jun 19, 8-9 PM (11)
Jun 19, 9-10 PM (45)
Jun 19, 10-11 PM (30)
Jun 19, 11-12 AM (8)
Jun 20, 12-1 AM (4)
Jun 20, 1-2 AM (0)
Jun 20, 2-3 AM (4)
Jun 20, 3-4 AM (1)
Jun 20, 4-5 AM (8)
Jun 20, 5-6 AM (6)
Jun 20, 6-7 AM (6)
Jun 20, 7-8 AM (6)
Jun 20, 8-9 AM (1)
Jun 20, 9-10 AM (1)
3,199 commits this week
Jun 13, 2026
-
Jun 20, 2026
Merge pull request #672 from IntersectMBO/dependabot/github_actions/actions-640176b5ab
Bump actions/checkout from 6 to 7 in the actions group
chore(deps): bump uuid, ip-address, axios & express-openapi-validator
Consolidates the pure dependency version bumps that stack on top of the Node 22 upgrade. Each is a behaviour-preserving bump that closes (or hardens against) Dependabot alerts on consumer-facing and build-context deps; no public API changes. - uuid 8/9/10 -> ^11.1.1 across cardano-services, e2e, projection-typeorm, web-extension, wallet; drop now-redundant @types/uuid (uuid 11 ships its own types). - core: ip-address ^9.0.5 -> ^10.2.0. - axios relocked within ^1.7.4 to 1.18.0. - cardano-services: express-openapi-validator ^4.13.8 -> ^5.6.2 (pulls multer 2.x, removing the vulnerable multer 1.x). v5 renames the OpenAPIV3.Document type to DocumentV3 — updated in openApi.ts and its test. Audits the wave in docs/security/dependency-vulnerability-audit-2026-06-19.md (follow-up section): OSV.dev clean for every resolved version, 0 residual advisories in CISA KEV, production closure clean, no lockfile downgrades, per-tier blast-radius diagrams, and the lone publisher transition (multer linusu -> ulisesgascon) annotated as a known maintenance handoff. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
chore: stop tracking gitignored tsconfig.tsbuildinfo
This TypeScript incremental-build cache has been committed since 1dcb0993c84 (2021-10-04) but was only added to .gitignore later in f0a8724593b (2022-06-14). Git keeps already-tracked files even once ignored, so it lingered in the tree — churning on every build and showing up as spurious diffs. Remove it from version control (the file stays locally; tsc regenerates it). Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&s=80)
Bump actions/checkout from 6 to 7 in the actions group
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>
Deployed ddeabf6 with MkDocs version: 1.6.1
ci(cardano-node): pin moog requester to v0.5.1.5
The Install moog step resolved the *latest* moog release via `gh release view` (no tag). moog v2.0.0 (the moog-v2 MPFS cutover) was published and marked Latest on 2026-06-13, so CI silently upgraded to it. v2.0.0 is incompatible with the deployed v0.5.x MPFS at mpfs.plutimus.com: `moog facts test-runs` now returns an error envelope (it calls GET /status -> 404) instead of the array the Submit step's jq expects, failing with "Cannot index string with string \"key\"". Every scheduled launch has failed since, so no new Antithesis runs were created. Pin the tag to v0.5.1.5 (last v0.5.x, matches the production stack).
ci(cardano-node): pin moog requester to v0.5.1.5
The Install moog step resolved the *latest* moog release via `gh release view` (no tag). moog v2.0.0 (the moog-v2 MPFS cutover) was published and marked Latest on 2026-06-13, so CI silently upgraded to it. v2.0.0 is incompatible with the deployed v0.5.x MPFS at mpfs.plutimus.com: `moog facts test-runs` now returns an error envelope (it calls GET /status -> 404) instead of the array the Submit step's jq expects, failing with "Cannot index string with string \"key\"". Every scheduled launch has failed since, so no new Antithesis runs were created. Pin the tag to v0.5.1.5 (last v0.5.x, matches the production stack).
Update Nuvola Blog (#1814)
Co-authored-by: Denicio Bute <>
chore: bump library versions to latest
Merge pull request #581 from blockfrost/chore/update-flake-lock
chore(nix): update `flake.lock`
add Haskell Benchmark (customSmallerIsBetter) benchmark result for 29c7e3040621f323f3af27fd4e89a223ba429021
Merge pull request #5876 from IntersectMBO/dependabot/github_actions/actions-640176b5ab
Bump actions/checkout from 6 to 7 in the actions group
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&s=80)
chore: update translation progress from Crowdin [skip ci]
deploy: 38b158eaa3915b60b1d8cf4072f51b466f9bd110
refactor(core): replace ip-address with a local IPv4/IPv6 parser
ip-address was used in exactly one place — pool-relay address (de)serialization in ipUtils.ts (Address4/Address6 validation, IPv6 expansion to bytes, and canonical formatting). Vendor a ~50-line functional parser (RFC 4291: `::` zero-compression and trailing IPv4-mapped suffixes) and drop the dependency. Because this feeds consensus-affecting serialization, the local implementation was proven byte-for-byte identical to ip-address across a 26-case corpus (validation, expansion, canonical formatting; valid/edge/invalid) before removal, then locked in with vector-based unit tests. Removes ip-address from core's production closure (no consumer pulls it via core any longer). Full core suite (1018 tests) green. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
docs: capture the core dependency-minimisation method and record
Add docs/core-dependency-minimisation.md (decision table + transitive/size impact) and a reusable dependency-minimisation skill (closure-aware targeting, differential equivalence for consensus code, the two impact metrics, and the gotchas hit along the way). Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
refactor(core): replace @foxglove/crc with a local crc32
@foxglove/crc was used in exactly one place — the Byron-era address checksum. CRC-32 (IEEE 802.3 / zlib variant) is ~15 lines, so vendor a local implementation and drop the dependency from core's closure. Adds a dedicated crc32 unit test pinning the implementation bit-for-bit to the canonical CRC-32 vectors (123456789 -> 0xCBF43926, empty -> 0, the "quick brown fox" -> 0x414FA339, 0..255 -> 0x29058C73), so it provably matches the variant @foxglove/crc provided. Byron address round-trips (Address/PaymentAddress suites) cover the integration path. Part of the core dependency-minimisation effort. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
chore(eslint): disable unicorn/number-literal-case globally
The rule wants uppercase hex digits, which conflicts head-on with the repo's enforced Prettier config (lowercase) — making it unsatisfiable for any hex literal containing a-f. It had accumulated `/* eslint-disable */` directives in 16 files as a workaround. Disable it once in the shared config (as no-bitwise already is) and drop the redundant per-file directives. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Merge pull request #1719 from input-output-hk/chore/bump-node-22
chore: target Node 22 LTS (drop EOL Node 18)
Repoint the dropped Charli3 and Orcfax redirects to the oracles overview
refactor(core): drop redundant web-encoding polyfill for global TextDecoder
web-encoding polyfilled TextDecoder for environments lacking it. TextDecoder
has been a Node.js global since v11 — so it was already available under the
previous >=16.20.2 engine, independent of the Node 22 bump — and is native in
all bundler-targeted modern browsers, making the polyfill (and its ~8MB
@zxing/text-encoding dependency) dead weight. Both decode sites only use
`new TextDecoder('utf8', { fatal: true })` + `.decode()`, fully covered by the
global.
Removes ~9.5MB from core's node_modules closure. Behaviour unchanged; full core
suite (992 tests) green. Part of the core dependency-minimisation effort.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
chore(deps): bump uuid, ip-address, axios & express-openapi-validator
Consolidates the pure dependency version bumps that stack on top of the Node 22 upgrade. Each is a behaviour-preserving bump that closes (or hardens against) Dependabot alerts on consumer-facing and build-context deps; no public API changes. - uuid 8/9/10 -> ^11.1.1 across cardano-services, e2e, projection-typeorm, web-extension, wallet; drop now-redundant @types/uuid (uuid 11 ships its own types). - core: ip-address ^9.0.5 -> ^10.2.0. - axios relocked within ^1.7.4 to 1.18.0. - cardano-services: express-openapi-validator ^4.13.8 -> ^5.6.2 (pulls multer 2.x, removing the vulnerable multer 1.x). v5 renames the OpenAPIV3.Document type to DocumentV3 — updated in openApi.ts and its test. Audits the wave in docs/security/dependency-vulnerability-audit-2026-06-19.md (follow-up section): OSV.dev clean for every resolved version, 0 residual advisories in CISA KEV, production closure clean, no lockfile downgrades, per-tier blast-radius diagrams, and the lone publisher transition (multer linusu -> ulisesgascon) annotated as a known maintenance handoff. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
chore: stop tracking gitignored tsconfig.tsbuildinfo
This TypeScript incremental-build cache has been committed since 1dcb0993c84 (2021-10-04) but was only added to .gitignore later in f0a8724593b (2022-06-14). Git keeps already-tracked files even once ignored, so it lingered in the tree — churning on every build and showing up as spurious diffs. Remove it from version control (the file stays locally; tsc regenerates it). Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
docs: remove stale README sections
Drop three sections that referenced removed functionality: - Deployments / STD Workflow — the std deployment framework (and its std.yml workflow) was removed in 16e986e2603; the link 404s. - Attic / RabbitMQ tx-submit provider — long-removed feature pointer. - Possible issues — obsolete `yarn build --mode=skip-build` Docker note. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>