From 77225f47fb455d4e95a7332d66b083ed976f3cae Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 9 Feb 2026 13:06:08 +0000 Subject: [PATCH 1/4] 2.0.5 --- package.json | 2 +- packages/codeql-action/CHANGELOG.md | 12 ++++++++---- packages/codeql-action/package.json | 2 +- packages/semgrep-action/CHANGELOG.md | 12 +++++++++++- packages/semgrep-action/package.json | 2 +- 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 8577013..7c0d826 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/action-security-code-scanner", - "version": "2.0.4", + "version": "2.0.5", "private": true, "description": "Security Code Scanner", "repository": { diff --git a/packages/codeql-action/CHANGELOG.md b/packages/codeql-action/CHANGELOG.md index 99c4746..f6349ae 100644 --- a/packages/codeql-action/CHANGELOG.md +++ b/packages/codeql-action/CHANGELOG.md @@ -7,14 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [2.0.3] +## [2.0.5] -### Fixed +### Uncategorized -- Fix incorrect language selection based on repo config ([#63](https://github.com/MetaMask/action-security-code-scanner/pull/63)) +- fix: add .security-scanner directory to paths-ignore in CodeQL config + +## [2.0.3] ### Fixed +- Fix incorrect language selection based on repo config ([#63](https://github.com/MetaMask/action-security-code-scanner/pull/63)) - Fixed Codeql configuration build ## [2.0.1] @@ -32,7 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added multi language support - Updated CodeQL action to v4 -[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...HEAD +[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD +[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...v2.0.5 [2.0.3]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.3 [2.0.1]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.0...v2.0.1 [2.0.0]: https://github.com/MetaMask/action-security-code-scanner/releases/tag/v2.0.0 diff --git a/packages/codeql-action/package.json b/packages/codeql-action/package.json index 0f9c3d9..e08f75f 100644 --- a/packages/codeql-action/package.json +++ b/packages/codeql-action/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/codeql-action", - "version": "2.0.3", + "version": "2.0.5", "private": true, "description": "Custom CodeQL analysis action", "keywords": [], diff --git a/packages/semgrep-action/CHANGELOG.md b/packages/semgrep-action/CHANGELOG.md index b9f33d1..ab8ea33 100644 --- a/packages/semgrep-action/CHANGELOG.md +++ b/packages/semgrep-action/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [2.0.5] + +### Uncategorized + +- refactor: simplify Semgrep action by removing unnecessary file copy step +- fix: update .semgrepignore to include .security-scanner directory +- fix linting issues +- feat: add rule to catch npx usage in JS/TS/YAML + ## [2.0.2] ## [2.0.1] @@ -22,7 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Migrated action from its separate repository to the monorepo -[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...HEAD +[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD +[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...v2.0.5 [2.0.2]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.2 [2.0.1]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.0...v2.0.1 [2.0.0]: https://github.com/MetaMask/action-security-code-scanner/releases/tag/v2.0.0 diff --git a/packages/semgrep-action/package.json b/packages/semgrep-action/package.json index 8bbb153..a551544 100644 --- a/packages/semgrep-action/package.json +++ b/packages/semgrep-action/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/semgrep-action", - "version": "2.0.2", + "version": "2.0.5", "private": true, "description": "Semgrep-based security scanning action", "keywords": [ From efc7717963d5d2dc64787b39e895e93d3db43dfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82?= Date: Mon, 9 Feb 2026 13:35:28 +0000 Subject: [PATCH 2/4] chore: update changelogs --- packages/codeql-action/CHANGELOG.md | 2 +- packages/semgrep-action/CHANGELOG.md | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/codeql-action/CHANGELOG.md b/packages/codeql-action/CHANGELOG.md index f6349ae..34fcd26 100644 --- a/packages/codeql-action/CHANGELOG.md +++ b/packages/codeql-action/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [2.0.5] -### Uncategorized +### Fixed - fix: add .security-scanner directory to paths-ignore in CodeQL config diff --git a/packages/semgrep-action/CHANGELOG.md b/packages/semgrep-action/CHANGELOG.md index ab8ea33..b67f5c7 100644 --- a/packages/semgrep-action/CHANGELOG.md +++ b/packages/semgrep-action/CHANGELOG.md @@ -9,11 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [2.0.5] -### Uncategorized +### Fixed - refactor: simplify Semgrep action by removing unnecessary file copy step - fix: update .semgrepignore to include .security-scanner directory -- fix linting issues + +### Added + - feat: add rule to catch npx usage in JS/TS/YAML ## [2.0.2] From daac638de4b3b08d387c9ae97b3e257b94945510 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82?= Date: Mon, 9 Feb 2026 13:39:41 +0000 Subject: [PATCH 3/4] chore: update changelogs --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 958a717..11ee023 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [2.0.5] + +### Fixed + +- fix: add .security-scanner directory to ignored paths + +### Added + +- feat: add rule to catch npx usage in JS/TS/YAML + ## [2.0.4] ### Changed From 59c293169f5af09dc0bf6e6159b346b3a6b32817 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82?= Date: Mon, 9 Feb 2026 13:45:53 +0000 Subject: [PATCH 4/4] chore: update changelogs --- CHANGELOG.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11ee023..bab5bb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,14 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [2.0.5] -### Fixed - -- fix: add .security-scanner directory to ignored paths - ### Added - feat: add rule to catch npx usage in JS/TS/YAML +### Fixed + +- fix: add .security-scanner directory to ignored paths + ## [2.0.4] ### Changed @@ -68,7 +68,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release of this action ([#29](https://github.com/MetaMask/action-security-code-scanner/pull/29)) -[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.4...HEAD +[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD +[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.4...v2.0.5 [2.0.4]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...v2.0.4 [2.0.3]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...v2.0.3 [2.0.2]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.2