Lannathompson65 arch patch 2#2848
Conversation
Added a security policy document outlining supported versions and vulnerability reporting.
This workflow installs Deno and runs linting and tests on push and pull request events.
This snippet is the default ownership rule in the .github/CODEOWNERS file for the repository. Since it's the only rule provided in the file content, it establishes that all files in the metamask-docs repository are owned by these five teams by default.
|
@lannathompson65-arch is attempting to deploy a commit to the Consensys Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Reviewed by Cursor Bugbot for commit e97e0db. Configure here.
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. |
There was a problem hiding this comment.
Security policy uses unmodified template with wrong versions
Medium Severity
The SECURITY.md file is an unmodified GitHub template with placeholder version numbers (5.1.x, 5.0.x, 4.0.x) that don't match the project's actual version (1.0.0 in package.json). The "Reporting a Vulnerability" section also contains only placeholder instructions with no actual guidance, which could mislead security researchers.
Reviewed by Cursor Bugbot for commit e97e0db. Configure here.


Description
Issue(s) fixed
Fixes #
Preview
Checklist
External contributor checklist
Note
Medium Risk
Adds a new required CI job and modifies repo governance files; misconfiguration could break PR checks, and the new non-comment line in
CODEOWNERSmay invalidate ownership rules.Overview
Adds a new GitHub Actions workflow (
.github/workflows/deno.yml) that runsdeno lintanddeno test -Aon pushes and PRs tomain.Introduces a
SECURITY.mdsecurity policy template.Updates
.github/CODEOWNERSby appending a plain-text line after the default rule (not a comment), which may affect how CODEOWNERS is parsed/applied.Reviewed by Cursor Bugbot for commit e97e0db. Bugbot is set up for automated code reviews on this repo. Configure here.