m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-25 20:02:58 +01:00
Code
24c3175ec7
metamask-extension/.circleci/scripts/yarn-audit.sh
kumavis 54ac00027b unblock ci: update vuln deps + fix npm registry for snaps firefox (#14437) 
* dep-audit-fix for async@2.6.3

* deps - update async for vuln fix and remove patch

* deps/ci-yarn-audit - remove outdated ignored vulns

* deps/lock - deduplicate async@2

* deps/lock - deduplicate async@2 + remove indirectly used dep

* Use regular NPM registry for snaps on Firefox (#14439)

* Use regular NPM registry for snaps on FF

* Fix linting

* Update app/scripts/metamask-controller.js

Co-authored-by: Shane <jonas.shane@gmail.com>

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Shane <jonas.shane@gmail.com>

Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
Co-authored-by: Shane <jonas.shane@gmail.com>
2022-04-14 08:03:13 -07:00

25 lines
979 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
set -u
set -x
set -o pipefail
# use `improved-yarn-audit` since that allows for exclude
# exclude 1002401 until we remove use of 3Box, 1002581 until we can find a better solution
yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude GHSA-93q8-gq69-wqmw,GHSA-257v-vj4p-3w2h,GHSA-fwr7-v2mv-hh25
audit_status="$?"
# Use a bitmask to ignore INFO and LOW severity audit results
# See here: https://yarnpkg.com/lang/en/docs/cli/audit/
audit_status="$(( audit_status & 11100 ))"
if [[ "$audit_status" != 0 ]]
then
count="$(yarn audit --level moderate --groups dependencies --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')"
printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count"
exit 1
else
printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n"
fi
View Git Blame Copy Permalink