Skip to content

Lannathompson65 arch patch 2#2848

Closed
lannathompson65-arch wants to merge 3 commits into
MetaMask:mainfrom
lannathompson65-arch:lannathompson65-arch-patch-2
Closed

Lannathompson65 arch patch 2#2848
lannathompson65-arch wants to merge 3 commits into
MetaMask:mainfrom
lannathompson65-arch:lannathompson65-arch-patch-2

Conversation

@lannathompson65-arch

@lannathompson65-arch lannathompson65-arch commented Apr 14, 2026

Copy link
Copy Markdown

Description

Issue(s) fixed

Fixes #

Preview

Checklist

  • If this PR updates or adds documentation content that changes or adds technical meaning, it has received an approval from an engineer or DevRel from the relevant team.
  • If this PR updates or adds documentation content, it has received an approval from a technical writer.

External contributor checklist

  • I've read the contribution guidelines.
  • I've created a new issue (or assigned myself to an existing issue) describing what this PR addresses.

Note

Medium Risk
Adds a new required CI job and modifies repo governance files; misconfiguration could break PR checks, and the new non-comment line in CODEOWNERS may invalidate ownership rules.

Overview
Adds a new GitHub Actions workflow (.github/workflows/deno.yml) that runs deno lint and deno test -A on pushes and PRs to main.

Introduces a SECURITY.md security policy template.

Updates .github/CODEOWNERS by appending a plain-text line after the default rule (not a comment), which may affect how CODEOWNERS is parsed/applied.

Reviewed by Cursor Bugbot for commit e97e0db. Bugbot is set up for automated code reviews on this repo. Configure here.

lannathompson65-arch and others added 3 commits April 14, 2026 14:37
Added a security policy document outlining supported versions and vulnerability reporting.
This workflow installs Deno and runs linting and tests on push and pull request events.
This snippet is the default ownership rule in the .github/CODEOWNERS file for the repository. Since it's the only rule provided in the file content, it establishes that all files in the metamask-docs repository are owned by these five teams by default.
@lannathompson65-arch lannathompson65-arch requested review from a team as code owners April 14, 2026 20:39
@vercel

vercel Bot commented Apr 14, 2026

Copy link
Copy Markdown

@lannathompson65-arch is attempting to deploy a commit to the Consensys Team on Vercel.

A member of the Team first needs to authorize it.

@lannathompson65-arch lannathompson65-arch left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 3 potential issues.

Fix All in Cursor

Reviewed by Cursor Bugbot for commit e97e0db. Configure here.

Comment thread .github/CODEOWNERS
Comment thread .github/workflows/deno.yml
Comment thread SECURITY.md

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security policy uses unmodified template with wrong versions

Medium Severity

The SECURITY.md file is an unmodified GitHub template with placeholder version numbers (5.1.x, 5.0.x, 4.0.x) that don't match the project's actual version (1.0.0 in package.json). The "Reporting a Vulnerability" section also contains only placeholder instructions with no actual guidance, which could mislead security researchers.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit e97e0db. Configure here.

@lannathompson65-arch lannathompson65-arch left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants