From 9947d629c1997e2b798a24ea5ee66fc5e47352b9 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 30 Sep 2025 20:47:59 +0000 Subject: [PATCH 1/4] 5.1.0 --- CHANGELOG.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- package.json | 2 +- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ea9465..765dea8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -6,29 +7,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [5.1.0] + +### Uncategorized + +- feat: sends href to `safelistPhishingDomain` ([#203](https://github.com/MetaMask/phishing-warning/pull/203)) + ## [5.0.1] + ### Fixed + - fix: add overflow protection on very long urls ([#198](https://github.com/MetaMask/phishing-warning/pull/198)) ## [5.0.0] + ### Added + - Update MetaMask phishing image ([#190](https://github.com/MetaMask/phishing-warning/pull/190)) ### Fixed + - **BREAKING**: `data:` and `vbscript:` are now disallowed protocols alongside `javascript:` ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) - Resolve issues with deployment scripts ([#191](https://github.com/MetaMask/phishing-warning/pull/191)) - Avoid creating playwright artifact with same name across node versions ([#192](https://github.com/MetaMask/phishing-warning/pull/192)) ## [4.1.0] + ### Added -- Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) + +- Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) ## [4.0.0] + ### Changed + - **BREAKING**: Update `phishingSafelistStream` to send `origin` instead of `hostname` as a parameter for `safelistPhishingDomain` method ([#165](https://github.com/MetaMask/phishing-warning/pull/165)) ## [3.0.4] + ### Changed + - Update index.html - update attribution copy ([#161](https://github.com/MetaMask/phishing-warning/pull/161)) - chore(devdeps): @lavamoat/allow-scripts@^2.3.1->^3.0.4 ([#157](https://github.com/MetaMask/phishing-warning/pull/157)) - Enabling MetaMask security code scanner ([#151](https://github.com/MetaMask/phishing-warning/pull/151)) @@ -36,30 +54,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump @metamask/post-message-stream from 7.0.0 to 8.0.0 ([#146](https://github.com/MetaMask/phishing-warning/pull/146)) ## [3.0.3] + ### Changed + - Update `ses` to `v1.1.0` ([#143](https://github.com/MetaMask/phishing-warning/pull/143)) ## [3.0.2] + ### Fixed + - change to hostname for Github issues ([#127](https://github.com/MetaMask/phishing-warning/pull/127)) ## [3.0.1] + ### Changed + - Using href url param only for suspect site ([#124](https://github.com/MetaMask/phishing-warning/pull/124)) ## [3.0.0] + ### Changed + - **BREAKING**: Increase minimum Node.js version to 16 ([#107](https://github.com/MetaMask/phishing-warning/pull/107)) - **BREAKING**: This package now returns streams conforming to the API of readable-stream@3.x. ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Bump @metamask/post-message-stream from ^6.2.0 to ^7.0.0 ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Upgrade obj-multiplex to @metamask/object-multiplex@^2.0.0 ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ### Fixed -- Bump ses from ^0.18.7 to ^0.18.8 ([#120](https://github.com/MetaMask/phishing-warning/pull/120)) +- Bump ses from ^0.18.7 to ^0.18.8 ([#120](https://github.com/MetaMask/phishing-warning/pull/120)) ## [2.1.1] + ### Fixed + - Dependency updates ([#105](https://github.com/MetaMask/phishing-warning/pull/105)) - Move @types/punycode from dependencies to devDependencies - Update @metamask/design-tokens from ^1.6.0 to ^1.12.0 @@ -68,37 +96,51 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update ses from ^0.18.1 to ^0.18.7 ## [2.1.0] + ### Changed + - "Back to safety" button now triggers a `backToSafetyPhishingWarning` message to be sent on the `phishingSafelistStream` ([#84](https://github.com/MetaMask/phishing-warning/pull/84)) ## [2.0.1] + ### Fixed + - Restore iframe warning and "open in new tab" link ([#73](https://github.com/MetaMask/phishing-warning/pull/73)) ## [2.0.0] + ### Changed + - **BREAKING:** Dynamically lookup the source of a block ([#57](https://github.com/MetaMask/phishing-warning/pull/57)) - The query parameter `newIssueUrl` is no longer accepted. Instead this page will look up the source of a block dynamically. - We no longer show on the page which project is responsible for the block. This will be restored in a future version. - Redesign the phishing warning page ([#52](https://github.com/MetaMask/phishing-warning/pull/52)) ## [1.2.2] + ### Changed + - Update `ses` version from v0.12.4 to v10.18.1 ([#53](https://github.com/MetaMask/phishing-warning/pull/53)) - Update @metamask/design-tokens from 1.9.0 to 1.11.1 ([#46](https://github.com/MetaMask/phishing-warning/pull/46)) - This includes minor color updates. ## [1.2.1] + ### Fixed + - Fix build script to exclude file imports from `@metamask/post-message-stream` which expect to only run in the context of a Web worker ([#27](https://github.com/MetaMask/phishing-warning/pull/27)) ## [1.2.0] [DEPRECATED] + ### Added + - Add a check for the protocol of the url being blocked. Remove `continue at your own risk` option if protocol is disallowed ([#16](https://github.com/MetaMask/phishing-warning/pull/16)) - Add optional arg `newIssueUrl` to `getUrl` function so that the correct link to direct disputes can be specified by a hash query param. ([#23](https://github.com/MetaMask/phishing-warning/pull/23)) ## [1.1.0] + ### Added + - Add service worker for offline caching ([#9](https://github.com/MetaMask/phishing-warning/pull/9)) - Add favicons ([#8](https://github.com/MetaMask/phishing-warning/pull/8)) - Add actions to publish to gh-pages ([#3](https://github.com/MetaMask/phishing-warning/pull/3)) @@ -111,11 +153,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - A script was added to the HTML file to detect when the frame is being embedded. If it detects that it is embedded, a separate design is used that prompts the user to open the warning page in a new tab to proceed. This ensures the blocked page cannot be added to the safelist via a clickjacking attack. ## [1.0.0] + ### Changed + - Initial implementation of the phishing warning page - This should behave identically to the phishing warning page built into the MetaMask extension. -[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v5.0.1...HEAD +[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v5.1.0...HEAD +[5.1.0]: https://github.com/MetaMask/phishing-warning/compare/v5.0.1...v5.1.0 [5.0.1]: https://github.com/MetaMask/phishing-warning/compare/v5.0.0...v5.0.1 [5.0.0]: https://github.com/MetaMask/phishing-warning/compare/v4.1.0...v5.0.0 [4.1.0]: https://github.com/MetaMask/phishing-warning/compare/v4.0.0...v4.1.0 diff --git a/package.json b/package.json index 697f9d7..39e787b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/phishing-warning", - "version": "5.0.1", + "version": "5.1.0", "description": "A page to warn users about a suspected phishing site.", "repository": { "type": "git", From 35821b3ea477dbd6fbdd383bdc2769352a15884d Mon Sep 17 00:00:00 2001 From: imblue-dabadee Date: Tue, 30 Sep 2025 15:52:09 -0500 Subject: [PATCH 2/4] chore: update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 765dea8..2d9bb89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [5.1.0] -### Uncategorized +### Changed - feat: sends href to `safelistPhishingDomain` ([#203](https://github.com/MetaMask/phishing-warning/pull/203)) From aadc57017df1aceb6ec0f55b596178f30d219825 Mon Sep 17 00:00:00 2001 From: imblue-dabadee Date: Tue, 30 Sep 2025 15:58:00 -0500 Subject: [PATCH 3/4] chore: better changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d9bb89..e5aaa80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed -- feat: sends href to `safelistPhishingDomain` ([#203](https://github.com/MetaMask/phishing-warning/pull/203)) +- Send the entire URL via the `safelistPhishingDomain` stream ([#203](https://github.com/MetaMask/phishing-warning/pull/203)) ## [5.0.1] From b601231b201736459cb3e44cb85f4a98522e2587 Mon Sep 17 00:00:00 2001 From: imblue-dabadee Date: Tue, 30 Sep 2025 16:03:43 -0500 Subject: [PATCH 4/4] chore: fix for `yarn auto-changelog validate --rc` --- CHANGELOG.md | 41 ----------------------------------------- 1 file changed, 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5aaa80..d3148f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,4 @@ # Changelog - All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -8,45 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ## [5.1.0] - ### Changed - - Send the entire URL via the `safelistPhishingDomain` stream ([#203](https://github.com/MetaMask/phishing-warning/pull/203)) ## [5.0.1] - ### Fixed - - fix: add overflow protection on very long urls ([#198](https://github.com/MetaMask/phishing-warning/pull/198)) ## [5.0.0] - ### Added - - Update MetaMask phishing image ([#190](https://github.com/MetaMask/phishing-warning/pull/190)) ### Fixed - - **BREAKING**: `data:` and `vbscript:` are now disallowed protocols alongside `javascript:` ([#175](https://github.com/MetaMask/phishing-warning/pull/175)) - Resolve issues with deployment scripts ([#191](https://github.com/MetaMask/phishing-warning/pull/191)) - Avoid creating playwright artifact with same name across node versions ([#192](https://github.com/MetaMask/phishing-warning/pull/192)) ## [4.1.0] - ### Added - - Redesign UI of the phishing warning page ([#176](https://github.com/MetaMask/phishing-warning/pull/176)) ## [4.0.0] - ### Changed - - **BREAKING**: Update `phishingSafelistStream` to send `origin` instead of `hostname` as a parameter for `safelistPhishingDomain` method ([#165](https://github.com/MetaMask/phishing-warning/pull/165)) ## [3.0.4] - ### Changed - - Update index.html - update attribution copy ([#161](https://github.com/MetaMask/phishing-warning/pull/161)) - chore(devdeps): @lavamoat/allow-scripts@^2.3.1->^3.0.4 ([#157](https://github.com/MetaMask/phishing-warning/pull/157)) - Enabling MetaMask security code scanner ([#151](https://github.com/MetaMask/phishing-warning/pull/151)) @@ -54,40 +40,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump @metamask/post-message-stream from 7.0.0 to 8.0.0 ([#146](https://github.com/MetaMask/phishing-warning/pull/146)) ## [3.0.3] - ### Changed - - Update `ses` to `v1.1.0` ([#143](https://github.com/MetaMask/phishing-warning/pull/143)) ## [3.0.2] - ### Fixed - - change to hostname for Github issues ([#127](https://github.com/MetaMask/phishing-warning/pull/127)) ## [3.0.1] - ### Changed - - Using href url param only for suspect site ([#124](https://github.com/MetaMask/phishing-warning/pull/124)) ## [3.0.0] - ### Changed - - **BREAKING**: Increase minimum Node.js version to 16 ([#107](https://github.com/MetaMask/phishing-warning/pull/107)) - **BREAKING**: This package now returns streams conforming to the API of readable-stream@3.x. ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Bump @metamask/post-message-stream from ^6.2.0 to ^7.0.0 ([#104](https://github.com/MetaMask/phishing-warning/pull/104)) - Upgrade obj-multiplex to @metamask/object-multiplex@^2.0.0 ([#122](https://github.com/MetaMask/phishing-warning/pull/122)) ### Fixed - - Bump ses from ^0.18.7 to ^0.18.8 ([#120](https://github.com/MetaMask/phishing-warning/pull/120)) ## [2.1.1] - ### Fixed - - Dependency updates ([#105](https://github.com/MetaMask/phishing-warning/pull/105)) - Move @types/punycode from dependencies to devDependencies - Update @metamask/design-tokens from ^1.6.0 to ^1.12.0 @@ -96,51 +71,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update ses from ^0.18.1 to ^0.18.7 ## [2.1.0] - ### Changed - - "Back to safety" button now triggers a `backToSafetyPhishingWarning` message to be sent on the `phishingSafelistStream` ([#84](https://github.com/MetaMask/phishing-warning/pull/84)) ## [2.0.1] - ### Fixed - - Restore iframe warning and "open in new tab" link ([#73](https://github.com/MetaMask/phishing-warning/pull/73)) ## [2.0.0] - ### Changed - - **BREAKING:** Dynamically lookup the source of a block ([#57](https://github.com/MetaMask/phishing-warning/pull/57)) - The query parameter `newIssueUrl` is no longer accepted. Instead this page will look up the source of a block dynamically. - We no longer show on the page which project is responsible for the block. This will be restored in a future version. - Redesign the phishing warning page ([#52](https://github.com/MetaMask/phishing-warning/pull/52)) ## [1.2.2] - ### Changed - - Update `ses` version from v0.12.4 to v10.18.1 ([#53](https://github.com/MetaMask/phishing-warning/pull/53)) - Update @metamask/design-tokens from 1.9.0 to 1.11.1 ([#46](https://github.com/MetaMask/phishing-warning/pull/46)) - This includes minor color updates. ## [1.2.1] - ### Fixed - - Fix build script to exclude file imports from `@metamask/post-message-stream` which expect to only run in the context of a Web worker ([#27](https://github.com/MetaMask/phishing-warning/pull/27)) ## [1.2.0] [DEPRECATED] - ### Added - - Add a check for the protocol of the url being blocked. Remove `continue at your own risk` option if protocol is disallowed ([#16](https://github.com/MetaMask/phishing-warning/pull/16)) - Add optional arg `newIssueUrl` to `getUrl` function so that the correct link to direct disputes can be specified by a hash query param. ([#23](https://github.com/MetaMask/phishing-warning/pull/23)) ## [1.1.0] - ### Added - - Add service worker for offline caching ([#9](https://github.com/MetaMask/phishing-warning/pull/9)) - Add favicons ([#8](https://github.com/MetaMask/phishing-warning/pull/8)) - Add actions to publish to gh-pages ([#3](https://github.com/MetaMask/phishing-warning/pull/3)) @@ -153,9 +114,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - A script was added to the HTML file to detect when the frame is being embedded. If it detects that it is embedded, a separate design is used that prompts the user to open the warning page in a new tab to proceed. This ensures the blocked page cannot be added to the safelist via a clickjacking attack. ## [1.0.0] - ### Changed - - Initial implementation of the phishing warning page - This should behave identically to the phishing warning page built into the MetaMask extension.