Skip to content

Create SECURITY.md #6144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

Create SECURITY.md #6144

wants to merge 9 commits into from

Conversation

@Dargon789
Copy link

@Dargon789 Dargon789 commented Feb 2, 2025
edited by pr-codex bot
Loading

PR-Codex overview

This PR introduces a SECURITY.md file outlining the security policy and updates the embed-setup.tsx file to enhance the validation of API keys by refining the domain checking logic.

Detailed summary

  • Added a SECURITY.md file with:
    • Supported versions table.
    • Instructions for reporting vulnerabilities.
  • Modified embed-setup.tsx:
    • Improved validApiKey function to check domains against a list of allowed hosts.
    • Utilized URL object for domain validation.
    • Enhanced logic to ensure proper API key validation based on services.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Legion's and others added 9 commits December 2, 2024 01:27
@Dargon789
Create SECURITY.md
56c810a 
Signed-off-by: Legion's  <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Create SECURITY.md
780a675 
Signed-off-by: Legion's  <64915515+Dargon789@users.noreply.github.com>
@Dargon789 @github-advanced-security
Fix code scanning alert no. 1: Incomplete URL substring sanitization
6ebe379 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Legion's  <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Merge pull request #7 from Dargon789/alert-autofix-1
a986406 
Fix code scanning alert no. 1: Incomplete URL substring sanitization
@Dargon789
Merge pull request #6 from Dargon789/Dargon789-patch-1
1402168 
Create SECURITY.md
@Dargon789
Merge branch 'thirdweb-dev:main' into main
7cc1d86
@Dargon789
Merge branch 'thirdweb-dev:main' into main
fc27294
@Dargon789
Merge branch 'thirdweb-dev:main' into main
22a0066
@Dargon789
Merge branch 'thirdweb-dev:main' into main
01de234
@changeset-bot
Copy link

changeset-bot bot commented Feb 2, 2025

⚠️ No Changeset found

Latest commit: 01de234

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Feb 2, 2025

@Dargon789 is attempting to deploy a commit to the thirdweb Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the Dashboard Involves changes to the Dashboard. label Feb 2, 2025
@graphite-app
Copy link
Contributor

graphite-app bot commented Feb 2, 2025

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

Dargon789
Dargon789 commented Feb 2, 2025
View reviewed changes
Copy link
Author

@Dargon789 Dargon789 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create SECURITY.md #6144

@joaquim-verges
Copy link
Member

joaquim-verges commented Feb 2, 2025

can you explain the motivation for this PR?

@MananTank Graphite App
Copy link
Member

MananTank commented Feb 4, 2025

FYI - The Embed page has been removed from dashboard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dashboard Involves changes to the Dashboard.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Dargon789 @joaquim-verges @MananTank