app-monorepo
app-monorepo copied to clipboard
OneKeyHQ
feat: add the white list to browser risk
![codesandbox[bot] avatar](https://avatars.githubusercontent.com/in/206332?v=4 "Published by a pub.dev verified publisher"){kind=small}
PR Summary
-
Updated Dependencies We have updated and added new dependencies to make sure our project is up-to-date with the latest packages. This includes updates to "@onekeyfe" packages, the "@tamagui" package, and the addition of new "@onekeyfe/hd-" packages.
-
New Functionality for Risk Whitelist Management In order to better manage potential risks associated with browser URLs, we have added new methods and parameters across several files. This includes the creation of a new method for adding URLs to a risk whitelist, a method to check if a URL exists in the whitelist, and a way to enable or disable the whitelist check in the URL security procedure.
-
Introduction of new "SimpleDbEntityBrowserRiskWhiteList" Entity A new entity, "SimpleDbEntityBrowserRiskWhiteList", has been introduced to track and manage the whitelisted URLs. This new entity has been incorporated into the base simple database file.
-
Updated "ServiceE2E.ts" File We have improved the "clearDiscoveryPageData" method in the "ServiceE2E.ts" file to use the respective method of the "serviceDiscovery" instance.
-
New Variable and Interface for Better UX We introduced the "showContinueOperateCheckbox" variable, which governs the visibility of a checkbox in the connection modal. This helps users specify their choices. We have also added a new interface "IBrowserRiskWhiteList" for better handling of browser risk whitelist data.
![what-the-diff[bot] avatar](https://avatars.githubusercontent.com/in/242248?v=4 "Published by a pub.dev verified publisher"){kind=small}
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@mysten/[email protected], npm/@mysten/[email protected], npm/@mysten/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@onekeyfe/[email protected], npm/@open-rpc/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@polkadot/[email protected], npm/@scure/[email protected], npm/@scure/[email protected], npm/@scure/[email protected], npm/@solana/[email protected], npm/@solana/[email protected], npm/@solana/[email protected], npm/@substrate/[email protected], npm/@substrate/[email protected], npm/@suchipi/[email protected], npm/@types/[email protected], npm/@wallet-standard/[email protected], npm/@wallet-standard/[email protected], npm/@wallet-standard/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/[email protected]
Next steps
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/[email protected] @SocketSecurity ignore npm/[email protected] @SocketSecurity ignore npm/[email protected]