Skip to content
This repository was archived by the owner on Oct 7, 2024. It is now read-only.

13.0.1 #266

Merged
legobeat merged 2 commits into from
Sep 12, 2023
Merged

13.0.1 #266

legobeat merged 2 commits into from
Sep 12, 2023

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 10, 2023
edited by legobeat
Loading

@socket-security
Copy link

socket-security bot commented Sep 10, 2023
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@ethereumjs/wallet 2.0.0 network +3 905 kB holgerd77

🚮 Removed packages: @metamask/eth-keyring-controller@13.0.0

This was referenced Sep 10, 2023
Closed
Merged
@legobeat legobeat temporarily deployed to github-pages September 10, 2023 04:04 — with GitHub Actions Inactive
@legobeat legobeat marked this pull request as ready for review September 10, 2023 04:05
@legobeat legobeat requested a review from a team as a code owner September 10, 2023 04:05
@legobeat legobeat mentioned this pull request Sep 11, 2023
Merged
3 tasks
@legobeat legobeat temporarily deployed to github-pages September 12, 2023 08:56 — with GitHub Actions Inactive
@socket-security
Copy link

socket-security bot commented Sep 12, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: js-md5@0.7.3, @ethereumjs/util@9.0.0

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@legobeat legobeat temporarily deployed to github-pages September 12, 2023 09:07 — with GitHub Actions Inactive
@legobeat
Copy link
Contributor

legobeat commented Sep 12, 2023
edited
Loading

@SocketSecurity ignore @ethereumjs/util@9.0.0
@SocketSecurity ignore js-md5@0.7.3

network access ok and unmaintained ok, respectively.

these were carried over from #263

mikesposito
mikesposito approved these changes Sep 12, 2023
View reviewed changes
Copy link
Member

@mikesposito mikesposito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@legobeat legobeat merged commit 61bbfc4 into main Sep 12, 2023
@legobeat legobeat deleted the release/13.0.1 branch September 12, 2023 11:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@gantunesr gantunesr Awaiting requested review from gantunesr

@danroc danroc Awaiting requested review from danroc

@rickycodes rickycodes Awaiting requested review from rickycodes

1 more reviewer

@mikesposito mikesposito mikesposito approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@legobeat @mikesposito