update ripple-binary-codec to 2.5.1 #3126
Conversation
WalkthroughUpdated ripple-binary-codec dependency from ^2.5.0 to ^2.5.1 in packages/xrpl to address serialization/deserialization issues for the Issue serialized type in MPTIssue scenarios. Documentation updated to reflect this fix. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (2)
packages/xrpl/HISTORY.md(1 hunks)packages/xrpl/package.json(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: integration (24.x)
- GitHub Check: integration (22.x)
- GitHub Check: integration (20.x)
- GitHub Check: build-and-lint (24.x)
- GitHub Check: browser (24.x)
- GitHub Check: unit (22.x)
- GitHub Check: unit (20.x)
- GitHub Check: unit (24.x)
- GitHub Check: semgrep-cloud-platform/scan
- GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (1)
packages/xrpl/HISTORY.md (1)
12-12: LGTM: HISTORY.md properly documents the dependency update.The entry is correctly placed in the "Fixed" section with clear description of the issue being addressed. The formatting is consistent with surrounding entries.
| "eventemitter3": "^5.0.1", | ||
| "ripple-address-codec": "^5.0.0", | ||
| "ripple-binary-codec": "^2.5.0", | ||
| "ripple-binary-codec": "^2.5.1", |
There was a problem hiding this comment.
🧩 Analysis chain
LGTM: Patch version bump to ripple-binary-codec is appropriate.
The caret constraint allows for patch and minor updates within the 2.5.x line, which is the correct approach for a non-breaking bug fix. No other dependencies were modified.
Please verify that ripple-binary-codec v2.5.1 is available on npm and has no known security advisories. You can check this with:
🌐 Web query:
ripple-binary-codec 2.5.1 npm security
💡 Result:
Short answer: There are no public security advisories for the ripple-binary-codec package itself — Snyk and npm list no known direct vulnerabilities — but I did not find an npm release tagged 2.5.1 (npm shows 2.5.0). Also note a separate supply‑chain compromise affected the xrpl (xrpl.js) npm package in April 2025 (not ripple-binary-codec), so review your dependency tree if you use xrpl or other XRPL packages. Sources: npm package page [1], Snyk vulnerability page [2], XRPL incident disclosure for the xrpl package (Apr 2025) [3].
Sources:
[1] npm: ripple-binary-codec package page.
[2] Snyk: ripple-binary-codec vulnerability summary.
[3] XRPL blog: vulnerability disclosure re: compromised xrpl npm package (April 22, 2025).
Version 2.5.1 does not exist on npm — revert to ^2.5.0 or verify intended version.
The web search confirms that ripple-binary-codec only has version 2.5.0 available on npm; version 2.5.1 does not exist in the registry. This will cause the package installation to fail or silently fall back. Verify the intended version and update the dependency accordingly. No security advisories exist for ripple-binary-codec itself.
🤖 Prompt for AI Agents
In packages/xrpl/package.json around line 32, the dependency
"ripple-binary-codec": "^2.5.1" references a non-existent npm version; change
the version to a valid published release (e.g., "^2.5.0") or confirm and set the
intended correct version. Update the package.json dependency entry, run npm
install (or yarn) to verify resolution, and update lockfile if present to
persist the correct version.
There was a problem hiding this comment.
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if ripple-binary-codec version 2.5.1 exists in the npm registry
npm view [email protected] version 2>/dev/null || echo "Version not found"
# Also check all available versions to see the latest
echo "---"
echo "Available versions:"
npm view ripple-binary-codec versions --json 2>/dev/null | jq -r '.[-5:][]' || echo "Could not fetch versions"
# Check publish date if version exists
echo "---"
echo "Version 2.5.1 details:"
npm view [email protected] time version 2>/dev/null || echo "Details not available"
Length of output: 4531
@Patel-Raj11, you're absolutely correct! I apologize for the error in my initial assessment.
Version 2.5.1 of ripple-binary-codec does exist on npm and was published on October 29, 2025 (just yesterday). The web search results I received were outdated or incorrect.
The dependency update from ^2.5.0 to ^2.5.1 is valid and appropriate. Thank you for the correction! ✅
🧠 Learnings used
Learnt from: shawnxie999
PR: XRPLF/xrpl.js#2661
File: packages/xrpl/test/integration/transactions/mptokenAuthorize.test.ts:29-118
Timestamp: 2024-12-06T19:25:15.376Z
Learning: In the XRPLF/xrpl.js TypeScript client library, when writing tests (e.g., in `packages/xrpl/test/integration/transactions/`), we generally do not need to test rippled server behaviors, because those behaviors are covered by rippled's own integration and unit tests.
High Level Overview of Change
update ripple-binary-codec to 2.5.1
Context of Change
Type of Change
Did you update HISTORY.md?
Test Plan
Tests should pass