Skip to content

Github workflows for release#10

Merged
chin-flags merged 19 commits intomasterfrom
npm-workflows
Apr 14, 2025
Merged

Github workflows for release#10
chin-flags merged 19 commits intomasterfrom
npm-workflows

Conversation

@chin-flags
Copy link
Copy Markdown
Contributor

@chin-flags chin-flags commented Apr 10, 2025

No description provided.

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 10, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub ↗.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedturbo-darwin-64@​2.4.4 ⏵ 2.5.0100 +11003798 +1100
Updatedturbo-darwin-arm64@​2.4.4 ⏵ 2.5.0100 +11003798 +1100
Updatedturbo-linux-64@​2.4.4 ⏵ 2.5.01001003798 +1100
Updatedturbo-linux-arm64@​2.4.4 ⏵ 2.5.01001003798100
Updatedturbo-windows-64@​2.4.4 ⏵ 2.5.01001003798 +1100
Updatedturbo-windows-arm64@​2.4.4 ⏵ 2.5.0100 +11003798 +1100
Updated@​types/​node@​18.19.76 ⏵ 18.19.86100 +110079 +196100
Updatedturbo@​2.4.4 ⏵ 2.5.010010085 +198 +1100
Added@​metamask/​auto-changelog@​5.0.18910010093100
Updatedts-jest@​29.2.6 ⏵ 29.3.297 +110094 +195 +4100
Addedprettier@​3.5.3100100100100100

View full report ↗

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Apr 10, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

jeffsmale90
jeffsmale90 reviewed Apr 14, 2025
View reviewed changes
Comment thread .github/workflows/publish-release.yml
jeffsmale90
jeffsmale90 reviewed Apr 14, 2025
View reviewed changes
Comment thread .github/workflows/publish-release.yml
jeffsmale90
jeffsmale90 reviewed Apr 14, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jeffsmale90 jeffsmale90 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple comments on the changes.

Additionally:

  • README.md still references npm but this changes the package manager to yarn
  • You will need CHANGELOG automation, which I've added to this branch via #12

@chin-flags
Copy link
Copy Markdown
Contributor Author

chin-flags commented Apr 14, 2025

A couple comments on the changes.

Additionally:

Updated the readme files

@chin-flags chin-flags requested a review from jeffsmale90 April 14, 2025 02:10
@chin-flags chin-flags changed the title [WIP] Github workflows Github workflows for release Apr 14, 2025
@chin-flags
Merge pull request #12 from jeffsmale90/npm-workflows
6933b1e 
Add changelog and related automation.
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 14, 2025

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub ↗.

Action Severity Alert (click for details)
Block Low
[email protected] has a New author.

New Author: explodingcabbage

Previous Author: kpdecker

Source: packages/create-gator-app/package.json

ℹ Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report ↗

AyushBherwani1998
AyushBherwani1998 approved these changes Apr 14, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@AyushBherwani1998 AyushBherwani1998 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chin-flags chin-flags merged commit 82c7283 into master Apr 14, 2025
11 of 12 checks passed
@AyushBherwani1998 AyushBherwani1998 deleted the npm-workflows branch June 5, 2025 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AyushBherwani1998 AyushBherwani1998 AyushBherwani1998 approved these changes

@jeffsmale90 jeffsmale90 Awaiting requested review from jeffsmale90

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@chin-flags @github-advanced-security @jeffsmale90 @AyushBherwani1998