Skip to content

Remove clashing published files from lavadome #22854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 8, 2024
Merged

Remove clashing published files from lavadome #22854

merged 4 commits into from
Feb 8, 2024

Conversation

@weizman
Copy link
Contributor

@weizman weizman commented Feb 7, 2024

@weizman weizman requested a review from a team as a code owner February 7, 2024 13:31
@metamaskbot metamaskbot added the INVALID-PR-TEMPLATE PR's body doesn't match template label Feb 7, 2024
@socket-security
Copy link

socket-security bot commented Feb 7, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@lavamoat/lavadome-react@0.0.11 Transitive: environment +10 3.57 MB kumavis, lgbot, naugtur, ...2 more
npm/@lavamoat/preinstall-always-fail@2.0.0 None 0 3.25 kB naugtur

🚮 Removed packages: npm/@lavamoat/lavadome-react@0.0.10

View full report↗︎

@socket-security
Copy link

socket-security bot commented Feb 7, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@lavamoat/preinstall-always-fail@2.0.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

davidmurdoch
davidmurdoch previously approved these changes Feb 8, 2024
View reviewed changes
@codecov
Copy link

codecov bot commented Feb 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1d4a666) 68.48% compared to head (452aeda) 68.42%.
Report is 5 commits behind head on develop.

❗ Current head 452aeda differs from pull request most recent head 68c1d23. Consider uploading reports for the commit 68c1d23 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #22854      +/-   ##
===========================================
- Coverage    68.48%   68.42%   -0.07%     
===========================================
  Files         1088     1089       +1     
  Lines        42897    42908      +11     
  Branches     11425    11414      -11     
===========================================
- Hits         29378    29357      -21     
- Misses       13519    13551      +32

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@metamaskbot
Copy link
Collaborator

metamaskbot commented Feb 8, 2024

Builds ready [452aeda]
Page Load Metrics (783 ± 30 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint7911598116
domContentLoaded10371563
load6759347836330
domInteractive10371563
Bundle size diffs
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@legobeat
Copy link
Contributor

legobeat commented Feb 8, 2024 

@SocketSecurity ignore npm/@lavamoat/preinstall-always-fail@2.0.0

legobeat
legobeat previously approved these changes Feb 8, 2024
View reviewed changes
@legobeat legobeat added team-lavamoat dependencies Pull requests that update a dependency file labels Feb 8, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Feb 8, 2024

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot
Copy link
Collaborator

metamaskbot commented Feb 8, 2024

Builds ready [0c4ecb0]
Page Load Metrics (825 ± 25 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint85143109157
domContentLoaded105320105
load7659568255125
domInteractive105320105
Bundle size diffs
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@weizman weizman dismissed stale reviews from legobeat and davidmurdoch via 68c1d23 February 8, 2024 19:53
@metamaskbot
Copy link
Collaborator

metamaskbot commented Feb 8, 2024

Builds ready [68c1d23]
Page Load Metrics (795 ± 23 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint80156100178
domContentLoaded95516105
load7168847954723
domInteractive95516105
Bundle size diffs
  • background: 0 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@weizman weizman merged commit 39a8283 into develop Feb 8, 2024
@weizman weizman deleted the weizman/lavadome-fix-0.0.11 branch February 8, 2024 20:16
@github-actions github-actions bot locked and limited conversation to collaborators Feb 8, 2024
@metamaskbot metamaskbot added the release-11.12.0 Issue or pull request that will be included in release 11.12.0 label Feb 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@davidmurdoch davidmurdoch davidmurdoch approved these changes

+1 more reviewer

@legobeat legobeat legobeat approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file INVALID-PR-TEMPLATE PR's body doesn't match template release-11.12.0 Issue or pull request that will be included in release 11.12.0 team-lavamoat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@weizman @metamaskbot @legobeat @davidmurdoch