From 059372d043d2318ad139098624a4fced57b5d83b Mon Sep 17 00:00:00 2001 From: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Date: Wed, 28 Feb 2024 11:24:10 -0500 Subject: [PATCH 1/3] Enabling security code scanner (#125) --- .github/workflows/security-code-scanner.yml | 43 +++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/security-code-scanner.yml diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 0000000..2a86612 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,43 @@ +name: 'MetaMask Security Code Scanner' + +on: + push: + branches: ['main'] + pull_request: + branches: ['main'] + +jobs: + run-security-scan: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: MetaMask Security Code Scanner + uses: MetaMask/Security-Code-Scanner@main + with: + repo: ${{ github.repository }} + paths_ignored: | + .storybook/ + '**/__snapshots__/' + '**/*.snap' + '**/*.stories.js' + '**/*.stories.tsx' + '**/*.test.browser.ts*' + '**/*.test.js*' + '**/*.test.ts*' + '**/fixtures/' + '**/jest.config.js' + '**/jest.environment.js' + '**/mocks/' + '**/test*/' + docs/ + e2e/ + merged-packages/ + node_modules + storybook/ + test*/ + rules_excluded: example + mixpanel_project_token: ${{ secrets.SECURITY_CODE_SCANNER_MIXPANEL_TOKEN }} + slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }} From 2c42fdb7b53e15af134fb23add32f3b72994b87a Mon Sep 17 00:00:00 2001 From: MetaMask Bot <37885440+metamaskbot@users.noreply.github.com> Date: Fri, 8 Mar 2024 05:03:47 -0500 Subject: [PATCH 2/3] Update security code scanner file (#126) --- .github/workflows/security-code-scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml index 2a86612..ced0449 100644 --- a/.github/workflows/security-code-scanner.yml +++ b/.github/workflows/security-code-scanner.yml @@ -39,5 +39,5 @@ jobs: storybook/ test*/ rules_excluded: example - mixpanel_project_token: ${{ secrets.SECURITY_CODE_SCANNER_MIXPANEL_TOKEN }} + project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }} From d2fc410c86c4eb543925c75047d260765d046faa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 00:26:07 +0000 Subject: [PATCH 3/3] Bump tar from 6.2.0 to 6.2.1 (#131) --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index ab91df3..fa8cf56 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4989,8 +4989,8 @@ __metadata: linkType: hard "tar@npm:^6.1.11, tar@npm:^6.1.2": - version: 6.2.0 - resolution: "tar@npm:6.2.0" + version: 6.2.1 + resolution: "tar@npm:6.2.1" dependencies: chownr: ^2.0.0 fs-minipass: ^2.0.0 @@ -4998,7 +4998,7 @@ __metadata: minizlib: ^2.1.1 mkdirp: ^1.0.3 yallist: ^4.0.0 - checksum: db4d9fe74a2082c3a5016630092c54c8375ff3b280186938cfd104f2e089c4fd9bad58688ef6be9cf186a889671bf355c7cda38f09bbf60604b281715ca57f5c + checksum: f1322768c9741a25356c11373bce918483f40fa9a25c69c59410c8a1247632487edef5fe76c5f12ac51a6356d2f1829e96d2bc34098668a2fc34d76050ac2b6c languageName: node linkType: hard