Merge pull request #77 from MetaMask/release/2.0.5

witmicko · web-flow · commit d72373d5dd8e · 2026-02-09T15:25:17.000Z
2.0.5
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.0.5]
+
+### Added
+
+- feat: add rule to catch npx usage in JS/TS/YAML
+
+### Fixed
+
+- fix: add .security-scanner directory to ignored paths
+
 ## [2.0.4]
 
 ### Changed
@@ -58,7 +68,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Initial release of this action ([#29](https://github.com/MetaMask/action-security-code-scanner/pull/29))
 
-[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.4...HEAD
+[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD
+[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.4...v2.0.5
 [2.0.4]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...v2.0.4
 [2.0.3]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...v2.0.3
 [2.0.2]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.2
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@metamask/action-security-code-scanner",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "private": true,
   "description": "Security Code Scanner",
   "repository": {
diff --git a/packages/codeql-action/CHANGELOG.md b/packages/codeql-action/CHANGELOG.md
@@ -7,14 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [2.0.3]
+## [2.0.5]
 
 ### Fixed
 
-- Fix incorrect language selection based on repo config ([#63](https://github.com/MetaMask/action-security-code-scanner/pull/63))
+- fix: add .security-scanner directory to paths-ignore in CodeQL config
+
+## [2.0.3]
 
 ### Fixed
 
+- Fix incorrect language selection based on repo config ([#63](https://github.com/MetaMask/action-security-code-scanner/pull/63))
 - Fixed Codeql configuration build
 
 ## [2.0.1]
@@ -32,7 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added multi language support
 - Updated CodeQL action to v4
 
-[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...HEAD
+[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD
+[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.3...v2.0.5
 [2.0.3]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.3
 [2.0.1]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.0...v2.0.1
 [2.0.0]: https://github.com/MetaMask/action-security-code-scanner/releases/tag/v2.0.0
diff --git a/packages/codeql-action/package.json b/packages/codeql-action/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@metamask/codeql-action",
-  "version": "2.0.3",
+  "version": "2.0.5",
   "private": true,
   "description": "Custom CodeQL analysis action",
   "keywords": [],
diff --git a/packages/semgrep-action/CHANGELOG.md b/packages/semgrep-action/CHANGELOG.md
@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.0.5]
+
+### Fixed
+
+- refactor: simplify Semgrep action by removing unnecessary file copy step
+- fix: update .semgrepignore to include .security-scanner directory
+
+### Added
+
+- feat: add rule to catch npx usage in JS/TS/YAML
+
 ## [2.0.2]
 
 ## [2.0.1]
@@ -22,7 +33,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Migrated action from its separate repository to the monorepo
 
-[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...HEAD
+[Unreleased]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.5...HEAD
+[2.0.5]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.2...v2.0.5
 [2.0.2]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.1...v2.0.2
 [2.0.1]: https://github.com/MetaMask/action-security-code-scanner/compare/v2.0.0...v2.0.1
 [2.0.0]: https://github.com/MetaMask/action-security-code-scanner/releases/tag/v2.0.0
diff --git a/packages/semgrep-action/package.json b/packages/semgrep-action/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@metamask/semgrep-action",
-  "version": "2.0.2",
+  "version": "2.0.5",
   "private": true,
   "description": "Semgrep-based security scanning action",
   "keywords": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@metamask/action-security-code-scanner",`
`3`		`- "version": "2.0.4",`
	`3`	`+ "version": "2.0.5",`
`4`	`4`	`"private": true,`
`5`	`5`	`"description": "Security Code Scanner",`
`6`	`6`	`"repository": {`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@metamask/codeql-action",`
`3`		`- "version": "2.0.3",`
	`3`	`+ "version": "2.0.5",`
`4`	`4`	`"private": true,`
`5`	`5`	`"description": "Custom CodeQL analysis action",`
`6`	`6`	`"keywords": [],`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@metamask/semgrep-action",`
`3`		`- "version": "2.0.2",`
	`3`	`+ "version": "2.0.5",`
`4`	`4`	`"private": true,`
`5`	`5`	`"description": "Semgrep-based security scanning action",`
`6`	`6`	`"keywords": [`