From 8b8273337b2d564553af2dd3b76576ea35c57526 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 May 2021 12:08:44 +0000 Subject: [PATCH 1/2] Bump handlebars from 4.2.0 to 4.7.7 in /editing Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.2.0 to 4.7.7. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.2.0...v4.7.7) Signed-off-by: dependabot[bot] --- editing/package-lock.json | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/editing/package-lock.json b/editing/package-lock.json index 4a228ef..b535fe2 100644 --- a/editing/package-lock.json +++ b/editing/package-lock.json @@ -4857,17 +4857,24 @@ "dev": true }, "handlebars": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.2.0.tgz", - "integrity": "sha512-Kb4xn5Qh1cxAKvQnzNWZ512DhABzyFNmsaJf3OAkWNa4NkaqWcNI8Tao8Tasi0/F4JD9oyG0YxuFyvyR57d+Gw==", + "version": "4.7.7", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz", + "integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==", "dev": true, "requires": { + "minimist": "^1.2.5", "neo-async": "^2.6.0", - "optimist": "^0.6.1", "source-map": "^0.6.1", - "uglify-js": "^3.1.4" + "uglify-js": "^3.1.4", + "wordwrap": "^1.0.0" }, "dependencies": { + "minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true + }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", From 2f75ac75e69ed16b49c70be1bce1350b5a2e5e78 Mon Sep 17 00:00:00 2001 From: VinothKumar-Ganesan <121218063+VinothKumar-Ganesan@users.noreply.github.com> Date: Mon, 6 Feb 2023 15:36:54 +0530 Subject: [PATCH 2/2] Gitleaks action file added --- .github/workflows/gitleaks.yaml | 38 +++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/gitleaks.yaml diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml new file mode 100644 index 0000000..d9a8e36 --- /dev/null +++ b/.github/workflows/gitleaks.yaml @@ -0,0 +1,38 @@ +name: Secret Value found! +on: + push: + public: +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Install the gitleaks + run: wget https://github.com/zricethezav/gitleaks/releases/download/v8.15.2/gitleaks_8.15.2_linux_x64.tar.gz + shell: pwsh + - name: Extract the tar file + run: tar xzvf gitleaks_8.15.2_linux_x64.tar.gz + - name: Generate the report + id: gitleaks + run: $GITHUB_WORKSPACE/gitleaks detect -s $GITHUB_WORKSPACE -f json -r $GITHUB_WORKSPACE/leaksreport.json + shell: bash + continue-on-error: true + - name: Setup NuGet.exe + if: steps.gitleaks.outcome != 'success' + uses: nuget/setup-nuget@v1 + with: + nuget-version: latest + - name: Install the dotnet + if: steps.gitleaks.outcome != 'success' + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '3.1.x' + - name: Install the report tool packages + if: steps.gitleaks.outcome != 'success' + run: | + nuget install "Syncfusion.Email" -source "https://nexus.syncfusion.com/repository/nuget-hosted/" + dir $GITHUB_WORKSPACE/Syncfusion.Email.1.0.0/lib/netcoreapp3.1 + dotnet $GITHUB_WORKSPACE/Syncfusion.Email.1.0.0/lib/netcoreapp3.1/Email.dll "citeam@syncfusion.com" "$GITHUB_REF_NAME" ${{ secrets.NETWORKCREDENTIALS }} ${{ secrets.NETWORKKEY }} "$GITHUB_WORKSPACE" + exit 1 \ No newline at end of file