From 2f9904ac3285bf09062a2de95a27d60ea7c83d00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Sep 2022 11:12:41 +0000 Subject: [PATCH 1/2] Bump jszip from 3.2.2 to 3.10.1 in /editing Bumps [jszip](https://github.com/Stuk/jszip) from 3.2.2 to 3.10.1. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md) - [Commits](https://github.com/Stuk/jszip/compare/v3.2.2...v3.10.1) --- updated-dependencies: - dependency-name: jszip dependency-type: indirect ... Signed-off-by: dependabot[bot] --- editing/package-lock.json | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/editing/package-lock.json b/editing/package-lock.json index 4a228ef..759d646 100644 --- a/editing/package-lock.json +++ b/editing/package-lock.json @@ -6217,15 +6217,15 @@ } }, "jszip": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.2.2.tgz", - "integrity": "sha512-NmKajvAFQpbg3taXQXr/ccS2wcucR1AZ+NtyWp2Nq7HHVsXhcJFR8p0Baf32C2yVvBylFWVeKf+WI2AnvlPhpA==", + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==", "dev": true, "requires": { "lie": "~3.3.0", "pako": "~1.0.2", "readable-stream": "~2.3.6", - "set-immediate-shim": "~1.0.1" + "setimmediate": "^1.0.5" } }, "karma": { @@ -8874,12 +8874,6 @@ "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", "dev": true }, - "set-immediate-shim": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz", - "integrity": "sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E=", - "dev": true - }, "set-value": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", From b62d548accde0ddd0d737af3634bd9e940ed886d Mon Sep 17 00:00:00 2001 From: VinothKumar-Ganesan <121218063+VinothKumar-Ganesan@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:39:01 +0530 Subject: [PATCH 2/2] Gitleaks action file added --- .github/workflows/gitleaks.yaml | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/gitleaks.yaml diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml new file mode 100644 index 0000000..d9a8e36 --- /dev/null +++ b/.github/workflows/gitleaks.yaml @@ -0,0 +1,38 @@ +name: Secret Value found! +on: + push: + public: +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Install the gitleaks + run: wget https://github.com/zricethezav/gitleaks/releases/download/v8.15.2/gitleaks_8.15.2_linux_x64.tar.gz + shell: pwsh + - name: Extract the tar file + run: tar xzvf gitleaks_8.15.2_linux_x64.tar.gz + - name: Generate the report + id: gitleaks + run: $GITHUB_WORKSPACE/gitleaks detect -s $GITHUB_WORKSPACE -f json -r $GITHUB_WORKSPACE/leaksreport.json + shell: bash + continue-on-error: true + - name: Setup NuGet.exe + if: steps.gitleaks.outcome != 'success' + uses: nuget/setup-nuget@v1 + with: + nuget-version: latest + - name: Install the dotnet + if: steps.gitleaks.outcome != 'success' + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '3.1.x' + - name: Install the report tool packages + if: steps.gitleaks.outcome != 'success' + run: | + nuget install "Syncfusion.Email" -source "https://nexus.syncfusion.com/repository/nuget-hosted/" + dir $GITHUB_WORKSPACE/Syncfusion.Email.1.0.0/lib/netcoreapp3.1 + dotnet $GITHUB_WORKSPACE/Syncfusion.Email.1.0.0/lib/netcoreapp3.1/Email.dll "citeam@syncfusion.com" "$GITHUB_REF_NAME" ${{ secrets.NETWORKCREDENTIALS }} ${{ secrets.NETWORKKEY }} "$GITHUB_WORKSPACE" + exit 1 \ No newline at end of file