feat: add agoric-upgrade-20 (proposal 95)

[mujahidkay]

adopt a passed proposal

When a proposal passes on agoric-3 Mainnet, it should be included in the history that this synthetic image tracks.

• before this PR, change any fromTag using latest (such as a3p-integration) to use a fixed version (otherwise they will fail when this PR changes latest and they pick it up)
• before merging this PR, include a link to a PR that adopts its fromTag use-${proposalName} (where proposalName is the part of the agoric-3-proposals proposal directory name after the colon, cf. a3p-integration/proposals)
• after this PR merges, merge that other PR

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
proposals/95:upgrade-20/.gitignore	Unsupported file format
proposals/95:upgrade-20/.yarn/patches/axios-npm-1.7.7-cfbedc233d.patch	Unsupported file format
proposals/95:upgrade-20/.yarn/patches/protobufjs-npm-6.11.4-af11968b80.patch	Unsupported file format
proposals/95:upgrade-20/.yarnrc.yml	0% smaller
proposals/95:upgrade-20/README.md	Unsupported file format
proposals/95:upgrade-20/package.json	0% smaller
proposals/95:upgrade-20/test-lib/provision-helpers.js	0% smaller
proposals/95:upgrade-20/test.sh	Unsupported file format
proposals/95:upgrade-20/test/depositUSD-LEMONS/deposit-usd-lemons-permit.json	0% smaller
proposals/95:upgrade-20/test/depositUSD-LEMONS/deposit-usd-lemons.js	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/add-LEMONS-PSM-permit.json	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/add-LEMONS-PSM-plan.json	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/add-LEMONS-PSM.js	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/b1-4f44cd63f1753681a61105348391aaf6e0b763e9e1e9079ea6200cec1ccfb1dc183ddf84037235a8696d33181bf179b1337658e068c933ce84ceaaedaa611151.json	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/b1-5bf4f602df7453c68e9ba7504af0bd97e5ba34f0a1a5acc5f12aa3454d6de13fd1b60ead41c021597ebd98c1417059ac8235a2ac6336fcf7a8fd4b66d095d8f7.json	0% smaller
proposals/95:upgrade-20/test/generated/addUsdLemons/b1-e46459201fd48d8495a60c83b21aabe1d7759adaafc15c0955a80e123a91b86747352f7130d98fb77d2f542f9db4ee5f0635771d7aea9b3f84290d4ed34fc93e.json	0% smaller
proposals/95:upgrade-20/test/initial.test.js	0% smaller
proposals/95:upgrade-20/test/provisionPool.test.js	0% smaller
proposals/95:upgrade-20/tsconfig.json	0% smaller
proposals/95:upgrade-20/yarn.lock	Unsupported file format

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4ac1867

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		[email protected] has a Critical CVE. CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL) Affected versions: <= 6.6.0 Patched version: 6.6.1 From: proposals/91:upgrade-19/yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a License Policy Violation. License: CC-BY-3.0 (npm metadata) License: CC-BY-3.0 (package/package.json) From: proposals/91:upgrade-19/yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a License Policy Violation. License: CC-BY-4.0 (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old (package/ThirdPartyNoticeText.txt) From: proposals/91:upgrade-19/package.json → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[turadg]

I pray that someday we won't need these patches

[mhofman]

Looks like the generated files were not successfully ignored.

[mujahidkay]

i'm not sure but I recall the CI failing without generated files. So I explicitly added them.

[mhofman]

Oh yeah my bad, agoric-3-proposals doesn't have a way to generate from agoric-sdk ...

The .gitignore probably shouldn't include those then