Skip to content

fix: some scorecard findings#5

Closed
bernacodesido wants to merge 65 commits intoGearbox-protocol:mainfrom
rootstock:scorecard-fixes
Closed

fix: some scorecard findings#5
bernacodesido wants to merge 65 commits intoGearbox-protocol:mainfrom
rootstock:scorecard-fixes

Conversation

@bernacodesido
Copy link
Copy Markdown

@bernacodesido bernacodesido commented May 23, 2025

Fixes some scorecard findings

PraneshASP and others added 30 commits March 10, 2025 13:59
@PraneshASP @bernacodesido
feat: slack notification support
508084c
@bernacodesido
feat: use slack bot instad of webhook
99a8463
@bernacodesido
feat: add rootstock mainnet and testnet
e2f0d50
@bernacodesido
feat: add descriptor/name to safe addresses
5a76ac3
@bernacodesido
feat: print multisig descriptor
fcc968a
@bernacodesido
feat: decouple container
b3da583
@bernacodesido
feat: clean yarn.lock
044030f
@bernacodesido
feat: prepare the repo to be moved
0010b38
@bernacodesido
feat: configure dependabot
c51136b
@bernacodesido
feat: configure codeQL
3f75243
@bernacodesido
feat: configure dependency review
c8e80c3
@bernacodesido
feat: configure scorecard
1ea3fe7
@bernacodesido
fix: codeql action
7989a2a
@bernacodesido
fix: dependency review action
5c1c538
@bernacodesido
fix: lint pr title action
e6a2c3a
@bernacodesido
fix: pr check action
d8287a5
@bernacodesido
fix: release action
0777357
@bernacodesido
fix: update checkout action in scorecard
4f00704
@bernacodesido
fix: TS2322
2f9d290
@bernacodesido
fix: TS2322
6d19fb8
@bernacodesido
fix: TS2739, TS7053, TS2420
c984572
@bernacodesido
fix: Ignore errors
3fde770
@bernacodesido
firx: run prettier
46218e9
@dependabot @bernacodesido
build(deps-dev): bump esbuild from 0.24.2 to 0.25.0
04b8e5d 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.24.2 to 0.25.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.24.2...v0.25.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@bernacodesido
feat: deploy into AWS ECR
66a3463
@bernacodesido
feat: detect if running on ECS
c21c7aa
@bernacodesido
feat: retrieve secrets from AWS Secret Manager
449434e
@bernacodesido
feat: dynamodb
af84279
@bernacodesido
fix: modify trigger
d071716
@bernacodesido
fix: address review comments
4e7ee4b
bernacodesido and others added 29 commits May 13, 2025 14:50
@bernacodesido
feat: use and notify safe tx hashes
e479fe0
@bernacodesido
feat: update Dockerfile to run safe-tx-hashes
87eeb8d
@bernacodesido
feat: include method and parameters
d23a96d
@bernacodesido
fix: fix script name
d4a5717
@bernacodesido
feat: add jest framework
c7e9807
@bernacodesido
feat: add tests for src/safe-hashes/safeTxHashes.ts
3b3b778 
fix: parse Data
@bernacodesido
feat: add tests for src/aws/buildConfig.ts
429dd0b 
feat: add mock libraries
fix: add throw error
@bernacodesido
feat: add tests for src/safeWatcher.ts
d9fca68 
feat: add mock library
fix: make properties public for testing
@bernacodesido
feat: add tests for src/safe/AltAPI.ts
4dba3e3 
fix: reject on error
@bernacodesido
feat: add tests for src/safe/BaseApi.ts
5e9beed 
fix: reject promise
@bernacodesido
feat: add tests for src/safe/ClassicAPI.ts
1fece25 
feat: make function public for testing
@bernacodesido
feat: add tests for src/safe/SafeAPIWrapper.ts
e7cc8e3
@bernacodesido
feat: add tests for src/config/schema.ts
890b266
@bernacodesido
feat: add tests for src/config/loadConfig.ts
27e7566
@bernacodesido
feat: add tests for src/utils/*
a5e8993
@bernacodesido
fix: improve tests, centralize config
98d67ad
@bernacodesido
feat: run tests on prs
5bc70db
@bernacodesido
fix: apply suggestions from Copilot code review
e68a748 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@dependabot @bernacodesido
build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1
7baab12 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@0864cf1...f49aabe)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @bernacodesido
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.7.1
1cbdec3 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.3.4 to 4.7.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@5a2ce3f...da24556)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @bernacodesido
build(deps): bump aws-actions/configure-aws-credentials
3aed363 
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.1.0 to 4.2.1.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@ececac1...b475783)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @bernacodesido
build(deps): bump actions/upload-artifact
39115dd 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 97a0fba1372883ab732affbe8f94b823f91727db to c24449f33cd45d4826c6702db7e49f7cdb9b551d.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@97a0fba...c24449f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: c24449f33cd45d4826c6702db7e49f7cdb9b551d
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @bernacodesido
build(deps): bump docker/build-push-action from 6.16.0 to 6.17.0
0746a06 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.16.0 to 6.17.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@14487ce...1dc7386)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 6.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @bernacodesido
build(deps): bump node from 23-alpine to 24-alpine
706d739 
Bumps node from 23-alpine to 24-alpine.

---
updated-dependencies:
- dependency-name: node
  dependency-version: 24-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@bernacodesido
fix: upgrade upload-artifact action to v4
087c94c
@bernacodesido
fix: #2
3416d88
@bernacodesido
fix: #3
a527045
@bernacodesido
fix: #5
3bd2155
@bernacodesido
fix: #6
121d82c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bernacodesido @PraneshASP