From bf8e73b932f953723b340d177a8a8231f60ed294 Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 27 Feb 2026 09:35:26 +0100 Subject: [PATCH 1/5] feat: add Security Code Scanner workflow --- .github/workflows/security-code-scanner.yml | 32 +++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/security-code-scanner.yml diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 0000000..1ca0352 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,32 @@ +name: Linea Security Code Scanner + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_call: + secrets: + SECURITY_SCAN_METRICS_TOKEN: + required: false + APPSEC_BOT_SLACK_WEBHOOK: + required: false + workflow_dispatch: + +jobs: + security-scan: + uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2 + permissions: + actions: read + contents: read + security-events: write + with: + repo: ${{ github.repository }} + scanner-ref: 'v2' + paths-ignored: | + + secrets: + project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} + slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }} From 2cc8080cec2c8e07b44ad666b4eef140dc6287e7 Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 27 Feb 2026 09:38:17 +0100 Subject: [PATCH 2/5] feat: add Dependabot configuration for GitHub Actions updates --- .github/dependabot.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..240c237 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,31 @@ +version: 2 + +updates: + # 1) GitHub Actions + - package-ecosystem: github-actions + directory: / # GitHub scans .github/workflows from here + schedule: + interval: weekly + day: monday + time: "03:00" + open-pull-requests-limit: 5 + assignees: ["Julink-eth". "VGau"] + labels: ["dependencies", "github-actions"] + commit-message: + prefix: "deps(actions)" + include: "scope" + groups: + core-actions-minor-patch: + update-types: ["minor", "patch"] + patterns: + - "actions/*" + - "github/*" + third-party-actions-minor-patch: + update-types: ["minor", "patch"] + patterns: + - "*" + exclude-patterns: + - "actions/*" + - "github/*" + cooldown: + default-days: 7 From 029dfb8a10b8435ebdd9196c9630b76b88646b4f Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 27 Feb 2026 09:38:39 +0100 Subject: [PATCH 3/5] fix: correct syntax error in assignees list in Dependabot configuration --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 240c237..3e19833 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: day: monday time: "03:00" open-pull-requests-limit: 5 - assignees: ["Julink-eth". "VGau"] + assignees: ["Julink-eth", "VGau"] labels: ["dependencies", "github-actions"] commit-message: prefix: "deps(actions)" From 49e3360d3f30c447a58051e57626c7e8317a4562 Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 27 Feb 2026 09:39:39 +0100 Subject: [PATCH 4/5] fix: update action versions in nft-resolver tests workflow and rename security code scanner --- .github/workflows/nft-resolver-tests.yml | 5 +++-- .github/workflows/security-code-scanner.yml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nft-resolver-tests.yml b/.github/workflows/nft-resolver-tests.yml index 4bfdb81..b313d19 100644 --- a/.github/workflows/nft-resolver-tests.yml +++ b/.github/workflows/nft-resolver-tests.yml @@ -10,11 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@v6 - name: Cache node modules id: cache-npm - uses: actions/cache@v4 + uses: actions/cache@v5 env: cache-name: cache-node-modules with: diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml index 1ca0352..c806541 100644 --- a/.github/workflows/security-code-scanner.yml +++ b/.github/workflows/security-code-scanner.yml @@ -1,4 +1,4 @@ -name: Linea Security Code Scanner +name: Security Code Scanner on: push: From ac2f77c78730b7aeb61ce0fb757217159fe715df Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 27 Feb 2026 09:50:29 +0100 Subject: [PATCH 5/5] fix: update assignees list in Dependabot configuration --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3e19833..41ff658 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: day: monday time: "03:00" open-pull-requests-limit: 5 - assignees: ["Julink-eth", "VGau"] + assignees: ["VGau"] labels: ["dependencies", "github-actions"] commit-message: prefix: "deps(actions)"