From a5f28214402ec1a2feba2f4f45f5e764323a75d7 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 23 Oct 2024 16:36:05 +0000 Subject: [PATCH 1/5] 5.0.0 --- CHANGELOG.md | 44 +++++++++++++++++++++++++++++++++++++++++++- package.json | 2 +- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eace420..2c69c77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -6,16 +7,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [5.0.0] + +### Uncategorized + +- fix: Incomplete URL scheme check ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) +- Update GItHub Pages Deployment Token ([#179](https://github.com/MetaMask/phishing-warning/pull/179)) + ## [4.1.0] + ### Added + - Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) ## [4.0.0] + ### Changed + - **BREAKING**: Update `phishingSafelistStream` to send `origin` instead of `hostname` as a parameter for `safelistPhishingDomain` method ([#165](https://github.com/MetaMask/phishing-warning/pull/165)) ## [3.0.4] + ### Changed + - Update index.html - update attribution copy ([#161](https://github.com/MetaMask/phishing-warning/pull/161)) - chore(devdeps): @lavamoat/allow-scripts@^2.3.1->^3.0.4 ([#157](https://github.com/MetaMask/phishing-warning/pull/157)) - Enabling MetaMask security code scanner ([#151](https://github.com/MetaMask/phishing-warning/pull/151)) @@ -23,29 +37,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump @metamask/post-message-stream from 7.0.0 to 8.0.0 ([#146](https://github.com/MetaMask/phishing-warning/pull/146)) ## [3.0.3] + ### Changed + - Update `ses` to `v1.1.0` ([#143](https://github.com/MetaMask/phishing-warning/pull/143)) ## [3.0.2] + ### Fixed + - change to hostname for Github issues ([#127](https://github.com/MetaMask/phishing-warning/pull/127)) ## [3.0.1] + ### Changed + - Using href url param only for suspect site ([#124](https://github.com/MetaMask/phishing-warning/pull/124)) ## [3.0.0] + ### Changed + - **BREAKING**: Increase minimum Node.js version to 16 ([#107](https://github.com/MetaMask/phishing-warning/pull/107)) - **BREAKING**: This package now returns streams conforming to the API of readable-stream@3.x. ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Bump @metamask/post-message-stream from ^6.2.0 to ^7.0.0 ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Upgrade obj-multiplex to @metamask/object-multiplex@^2.0.0 ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ### Fixed + - Bump ses from ^0.18.7 to ^0.18.8 ([#120](https://github.com/MetaMask/phishing-warning/pull/120)) ## [2.1.1] + ### Fixed + - Dependency updates ([#105](https://github.com/MetaMask/phishing-warning/pull/105)) - Move @types/punycode from dependencies to devDependencies - Update @metamask/design-tokens from ^1.6.0 to ^1.12.0 @@ -54,37 +79,51 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update ses from ^0.18.1 to ^0.18.7 ## [2.1.0] + ### Changed + - "Back to safety" button now triggers a `backToSafetyPhishingWarning` message to be sent on the `phishingSafelistStream` ([#84](https://github.com/MetaMask/phishing-warning/pull/84)) ## [2.0.1] + ### Fixed + - Restore iframe warning and "open in new tab" link ([#73](https://github.com/MetaMask/phishing-warning/pull/73)) ## [2.0.0] + ### Changed + - **BREAKING:** Dynamically lookup the source of a block ([#57](https://github.com/MetaMask/phishing-warning/pull/57)) - The query parameter `newIssueUrl` is no longer accepted. Instead this page will look up the source of a block dynamically. - We no longer show on the page which project is responsible for the block. This will be restored in a future version. - Redesign the phishing warning page ([#52](https://github.com/MetaMask/phishing-warning/pull/52)) ## [1.2.2] + ### Changed + - Update `ses` version from v0.12.4 to v10.18.1 ([#53](https://github.com/MetaMask/phishing-warning/pull/53)) - Update @metamask/design-tokens from 1.9.0 to 1.11.1 ([#46](https://github.com/MetaMask/phishing-warning/pull/46)) - This includes minor color updates. ## [1.2.1] + ### Fixed + - Fix build script to exclude file imports from `@metamask/post-message-stream` which expect to only run in the context of a Web worker ([#27](https://github.com/MetaMask/phishing-warning/pull/27)) ## [1.2.0] [DEPRECATED] + ### Added + - Add a check for the protocol of the url being blocked. Remove `continue at your own risk` option if protocol is disallowed ([#16](https://github.com/MetaMask/phishing-warning/pull/16)) - Add optional arg `newIssueUrl` to `getUrl` function so that the correct link to direct disputes can be specified by a hash query param. ([#23](https://github.com/MetaMask/phishing-warning/pull/23)) ## [1.1.0] + ### Added + - Add service worker for offline caching ([#9](https://github.com/MetaMask/phishing-warning/pull/9)) - Add favicons ([#8](https://github.com/MetaMask/phishing-warning/pull/8)) - Add actions to publish to gh-pages ([#3](https://github.com/MetaMask/phishing-warning/pull/3)) @@ -97,11 +136,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - A script was added to the HTML file to detect when the frame is being embedded. If it detects that it is embedded, a separate design is used that prompts the user to open the warning page in a new tab to proceed. This ensures the blocked page cannot be added to the safelist via a clickjacking attack. ## [1.0.0] + ### Changed + - Initial implementation of the phishing warning page - This should behave identically to the phishing warning page built into the MetaMask extension. -[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v4.1.0...HEAD +[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v5.0.0...HEAD +[5.0.0]: https://github.com/MetaMask/phishing-warning/compare/v4.1.0...v5.0.0 [4.1.0]: https://github.com/MetaMask/phishing-warning/compare/v4.0.0...v4.1.0 [4.0.0]: https://github.com/MetaMask/phishing-warning/compare/v3.0.4...v4.0.0 [3.0.4]: https://github.com/MetaMask/phishing-warning/compare/v3.0.3...v3.0.4 diff --git a/package.json b/package.json index fba40e7..ec6e81a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/phishing-warning", - "version": "4.1.0", + "version": "5.0.0", "description": "A page to warn users about a suspected phishing site.", "repository": { "type": "git", From 9c374ff1056d772bf6208a8fd058d29f2d303af1 Mon Sep 17 00:00:00 2001 From: legobt <6wbvkn0j@anonaddy.me> Date: Wed, 23 Oct 2024 16:37:15 +0000 Subject: [PATCH 2/5] chore: update changelog --- CHANGELOG.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c69c77..67ec3c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,10 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [5.0.0] -### Uncategorized +### Fixed -- fix: Incomplete URL scheme check ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) -- Update GItHub Pages Deployment Token ([#179](https://github.com/MetaMask/phishing-warning/pull/179)) +- **BREAKING**: `data:` and `vbscript:` are now disallowed protocols alongside `javascript:` ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) ## [4.1.0] From 75c90fb86938a7896372e82a28f9e9b00cae1997 Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 21 May 2025 18:07:04 -0400 Subject: [PATCH 3/5] push --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67ec3c3..9f0de64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) +- Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) ## [4.0.0] From eb2d4de7ed61d24829026efa2939aadb959d05ae Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 21 May 2025 18:20:22 -0400 Subject: [PATCH 4/5] fix: changelog --- CHANGELOG.md | 41 +++-------------------------------------- 1 file changed, 3 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f0de64..60336c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,4 @@ # Changelog - All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -8,27 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ## [5.0.0] - ### Fixed - - **BREAKING**: `data:` and `vbscript:` are now disallowed protocols alongside `javascript:` ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) ## [4.1.0] - ### Added - - Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) ## [4.0.0] - ### Changed - - **BREAKING**: Update `phishingSafelistStream` to send `origin` instead of `hostname` as a parameter for `safelistPhishingDomain` method ([#165](https://github.com/MetaMask/phishing-warning/pull/165)) ## [3.0.4] - ### Changed - - Update index.html - update attribution copy ([#161](https://github.com/MetaMask/phishing-warning/pull/161)) - chore(devdeps): @lavamoat/allow-scripts@^2.3.1->^3.0.4 ([#157](https://github.com/MetaMask/phishing-warning/pull/157)) - Enabling MetaMask security code scanner ([#151](https://github.com/MetaMask/phishing-warning/pull/151)) @@ -36,40 +27,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump @metamask/post-message-stream from 7.0.0 to 8.0.0 ([#146](https://github.com/MetaMask/phishing-warning/pull/146)) ## [3.0.3] - ### Changed - - Update `ses` to `v1.1.0` ([#143](https://github.com/MetaMask/phishing-warning/pull/143)) ## [3.0.2] - ### Fixed - - change to hostname for Github issues ([#127](https://github.com/MetaMask/phishing-warning/pull/127)) ## [3.0.1] - ### Changed - - Using href url param only for suspect site ([#124](https://github.com/MetaMask/phishing-warning/pull/124)) ## [3.0.0] - ### Changed - - **BREAKING**: Increase minimum Node.js version to 16 ([#107](https://github.com/MetaMask/phishing-warning/pull/107)) - **BREAKING**: This package now returns streams conforming to the API of readable-stream@3.x. ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - - Bump @metamask/post-message-stream from ^6.2.0 to ^7.0.0 ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - - Upgrade obj-multiplex to @metamask/object-multiplex@^2.0.0 ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) +- Bump @metamask/post-message-stream from ^6.2.0 to ^7.0.0 ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) +- Upgrade obj-multiplex to @metamask/object-multiplex@^2.0.0 ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ### Fixed - - Bump ses from ^0.18.7 to ^0.18.8 ([#120](https://github.com/MetaMask/phishing-warning/pull/120)) -## [2.1.1] +## [2.1.1] ### Fixed - - Dependency updates ([#105](https://github.com/MetaMask/phishing-warning/pull/105)) - Move @types/punycode from dependencies to devDependencies - Update @metamask/design-tokens from ^1.6.0 to ^1.12.0 @@ -78,51 +59,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update ses from ^0.18.1 to ^0.18.7 ## [2.1.0] - ### Changed - - "Back to safety" button now triggers a `backToSafetyPhishingWarning` message to be sent on the `phishingSafelistStream` ([#84](https://github.com/MetaMask/phishing-warning/pull/84)) ## [2.0.1] - ### Fixed - - Restore iframe warning and "open in new tab" link ([#73](https://github.com/MetaMask/phishing-warning/pull/73)) ## [2.0.0] - ### Changed - - **BREAKING:** Dynamically lookup the source of a block ([#57](https://github.com/MetaMask/phishing-warning/pull/57)) - The query parameter `newIssueUrl` is no longer accepted. Instead this page will look up the source of a block dynamically. - We no longer show on the page which project is responsible for the block. This will be restored in a future version. - Redesign the phishing warning page ([#52](https://github.com/MetaMask/phishing-warning/pull/52)) ## [1.2.2] - ### Changed - - Update `ses` version from v0.12.4 to v10.18.1 ([#53](https://github.com/MetaMask/phishing-warning/pull/53)) - Update @metamask/design-tokens from 1.9.0 to 1.11.1 ([#46](https://github.com/MetaMask/phishing-warning/pull/46)) - This includes minor color updates. ## [1.2.1] - ### Fixed - - Fix build script to exclude file imports from `@metamask/post-message-stream` which expect to only run in the context of a Web worker ([#27](https://github.com/MetaMask/phishing-warning/pull/27)) ## [1.2.0] [DEPRECATED] - ### Added - - Add a check for the protocol of the url being blocked. Remove `continue at your own risk` option if protocol is disallowed ([#16](https://github.com/MetaMask/phishing-warning/pull/16)) - Add optional arg `newIssueUrl` to `getUrl` function so that the correct link to direct disputes can be specified by a hash query param. ([#23](https://github.com/MetaMask/phishing-warning/pull/23)) ## [1.1.0] - ### Added - - Add service worker for offline caching ([#9](https://github.com/MetaMask/phishing-warning/pull/9)) - Add favicons ([#8](https://github.com/MetaMask/phishing-warning/pull/8)) - Add actions to publish to gh-pages ([#3](https://github.com/MetaMask/phishing-warning/pull/3)) @@ -135,9 +102,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - A script was added to the HTML file to detect when the frame is being embedded. If it detects that it is embedded, a separate design is used that prompts the user to open the warning page in a new tab to proceed. This ensures the blocked page cannot be added to the safelist via a clickjacking attack. ## [1.0.0] - ### Changed - - Initial implementation of the phishing warning page - This should behave identically to the phishing warning page built into the MetaMask extension. From 135170954a5e2235a9cfbd113ad3e6e847dbf8a4 Mon Sep 17 00:00:00 2001 From: augmentedmode Date: Wed, 21 May 2025 18:27:52 -0400 Subject: [PATCH 5/5] fix: changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60336c8..3209c68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ## [5.0.0] +### Added +- Update MetaMask phishing image ([#190](https://github.com/MetaMask/phishing-warning/pull/190)) + ### Fixed - **BREAKING**: `data:` and `vbscript:` are now disallowed protocols alongside `javascript:` ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) +- Resolve issues with deployment scripts ([#191](https://github.com/MetaMask/phishing-warning/pull/191)) +- Avoid creating playwright artifact with same name across node versions ([#192](https://github.com/MetaMask/phishing-warning/pull/192)) ## [4.1.0] ### Added