Skip to content

chore: Move test/dev tools to devDependencies#6685

Merged
Gudahtt merged 1 commit intomainfrom
move-dev-test-tools-to-dev-dependencies
Jun 23, 2023
Merged

chore: Move test/dev tools to devDependencies#6685
Gudahtt merged 1 commit intomainfrom
move-dev-test-tools-to-dev-dependencies

Conversation

@Gudahtt
Copy link
Copy Markdown
Member

@Gudahtt Gudahtt commented Jun 22, 2023

Development & PR Process

  1. Follow MetaMask Mobile Coding Standards
  2. Add release-xx label to identify the PR slated for a upcoming release (will be used in release discussion)
  3. Add needs-dev-review label when work is completed
  4. Add needs-qa label when dev review is completed
  5. Add QA Passed label when QA has signed off

Description

Packages used solely for development tools and testing have been moved from dependencies to devDependencies.

Issue

None

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@Gudahtt
Move test/dev tools to devDependencies
5dcbd74 
Packages used solely for development tools and testing have been moved
from `dependencies` to `devDependencies`.
@Gudahtt Gudahtt marked this pull request as ready for review June 22, 2023 22:34
@Gudahtt Gudahtt requested a review from a team as a code owner June 22, 2023 22:34
@Cal-L Cal-L added the Spot Check on the Release Build If a ticket doesn't require feature QA, but does require some form of manual spot checking label Jun 22, 2023
Cal-L
Cal-L approved these changes Jun 22, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@Cal-L Cal-L left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 22, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: semver@4.3.6, semver@5.3.0, semver@5.4.1, semver@5.7.1, semver@6.3.0, semver@7.0.0, semver@7.3.5, semver@7.3.7, semver@7.3.8, semver@7.5.0, semver@7.5.1

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@Gudahtt
Copy link
Copy Markdown
Member Author

Gudahtt commented Jun 22, 2023 

@SocketSecurity ignore semver@4.3.6
@SocketSecurity ignore semver@5.3.0
@SocketSecurity ignore semver@5.4.1
@SocketSecurity ignore semver@5.7.1
@SocketSecurity ignore semver@6.3.0
@SocketSecurity ignore semver@7.0.0
@SocketSecurity ignore semver@7.3.5
@SocketSecurity ignore semver@7.3.7
@SocketSecurity ignore semver@7.3.8
@SocketSecurity ignore semver@7.5.0
@SocketSecurity ignore semver@7.5.1

False positive, that package isn't being added by this PR

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 22, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@Gudahtt Gudahtt merged commit e090191 into main Jun 23, 2023
@Gudahtt Gudahtt deleted the move-dev-test-tools-to-dev-dependencies branch June 23, 2023 00:18
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 23, 2023
@metamaskbot metamaskbot added the release-7.3.0 Issue or pull request that will be included in release 7.3.0 label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Cal-L Cal-L Cal-L approved these changes

Assignees

No one assigned

Labels

release-7.3.0 Issue or pull request that will be included in release 7.3.0 Spot Check on the Release Build If a ticket doesn't require feature QA, but does require some form of manual spot checking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gudahtt @Cal-L @metamaskbot