From 1e8e1cffb22361c9378737cc45827dc1cd55ab28 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Mon, 6 Jan 2025 16:11:58 +0100 Subject: [PATCH 1/4] chore(ci): move to use keyId --- release-scripts/sha256sums.txt.asc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-scripts/sha256sums.txt.asc.sh b/release-scripts/sha256sums.txt.asc.sh index f76679d3cf..76ec26d87d 100755 --- a/release-scripts/sha256sums.txt.asc.sh +++ b/release-scripts/sha256sums.txt.asc.sh @@ -12,7 +12,7 @@ echo "${SNYK_CODE_SIGNING_PGP_PRIVATE}" \ echo "Signing shasums file" gpg \ --clear-sign \ - --local-user=3676C4B8289C296E \ + --default-key="${SNYK_CODE_SIGNING_PGP_KEY_ID}" \ --passphrase="${SNYK_CODE_SIGNING_GPG_PASSPHRASE}" \ --pinentry-mode=loopback \ --armor \ @@ -20,7 +20,7 @@ gpg \ gpg \ --clear-sign \ - --local-user=3676C4B8289C296E \ + --default-key="${SNYK_CODE_SIGNING_PGP_KEY_ID}" \ --passphrase="${SNYK_CODE_SIGNING_GPG_PASSPHRASE}" \ --pinentry-mode=loopback \ --armor \ From 6d4a14ab8c8b3486552d06588441dd8864921c10 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Tue, 7 Jan 2025 09:23:45 +0100 Subject: [PATCH 2/4] chore: update public key --- .../snyk-code-signing-public.pgp | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/help/_about-this-project/snyk-code-signing-public.pgp b/help/_about-this-project/snyk-code-signing-public.pgp index 14c7a4d7c9..c0ff48036f 100644 --- a/help/_about-this-project/snyk-code-signing-public.pgp +++ b/help/_about-this-project/snyk-code-signing-public.pgp @@ -1,13 +1,13 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mDMEY7bmTBYJKwYBBAHaRw8BAQdAYBCJOraO3kiE/7Q2/7k6WNZG9I3KSmbm6aNp -05rNYji0I1NueWsgTGltaXRlZCA8Y29kZS1zaWduaW5nQHNueWsuaW8+iJkEExYK -AEEWIQSiJmX7lsqw4Jc2BMg2dsS4KJwpbgUCY7bmTAIbAwUJA8JnAAULCQgHAgIi -AgYVCgkICwIEFgIDAQIeBwIXgAAKCRA2dsS4KJwpbnQGAQCspMHbIQxwH0juRMye -j3zCcQK2hDCWPIs4ecx8T4Be2wEAtcD8AnZSbmXbrnPAarKeCGwfIWCKcUsmkqzz -rB04/gm4OARjtuZMEgorBgEEAZdVAQUBAQdAOALchLEyLdhJ0U/RF+c+HFczClpE -yqMOyzPlF9OOaAwDAQgHiH4EGBYKACYWIQSiJmX7lsqw4Jc2BMg2dsS4KJwpbgUC -Y7bmTAIbDAUJA8JnAAAKCRA2dsS4KJwpbv9eAQDD25qh5WF7TkOZUUhe+4hLDkS3 -RdLL7tBDogAoIORt8QEA2XZvHmEfFyJgrJus+gv3GRKXHwiScYhlpmXV4T4+gws= -=MsMZ +mDMEZ3v1FxYJKwYBBAHaRw8BAQdAcw2KTOkyyzuOq/YLFzK/zDSyzvrp6C5HzzQ1 +iSn+TmO0I1NueWsgTGltaXRlZCA8Y29kZS1zaWduaW5nQHNueWsuaW8+iJkEExYK +AEEWIQRGdxejCytGWEFZdWKWkdpk0AJRlAUCZ3v1FwIbAwUJA8JnAAULCQgHAgIi +AgYVCgkICwIEFgIDAQIeBwIXgAAKCRCWkdpk0AJRlCKVAP4gZl11b9VyS60xW+3z +GvhTaxPTnaLdbfEUzBXLi7cjNwD9GC7Qejd2efP5DhgP1QVTy9AXmG60DPmjFc7S +dBOCeQC4OARne/UXEgorBgEEAZdVAQUBAQdAJKbPHnTcAXwS6ShVTSI4JdcRDZJX +S1dQltqSCJoxuFEDAQgHiH4EGBYKACYWIQRGdxejCytGWEFZdWKWkdpk0AJRlAUC +Z3v1FwIbDAUJA8JnAAAKCRCWkdpk0AJRlHxLAP9q3TGARb0Hw/aCV/YjBrYny9Pm +XLZcKUJoddkWh9le2gD/TI+XZ820KeHR+yERl4ii1Ug5x9IePjdTtMX7q/qCdQI= +=iyXp -----END PGP PUBLIC KEY BLOCK----- From aa9da2c0ce369012b94b5e2955eea33a73de1764 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Mon, 6 Jan 2025 10:19:24 +0100 Subject: [PATCH 3/4] chore(ci): adopt trusted branch option --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index e6414f8e7b..9864392277 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -394,6 +394,7 @@ workflows: name: secrets-scan context: snyk-bot-slack channel: cli-alerts + trusted-branch: main - prepare-build: requires: From 24ed1802929812a385629d5dc33dd25779379e3c Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Fri, 3 Jan 2025 11:54:53 +0100 Subject: [PATCH 4/4] chore: extend expiry date of ignore --- .snyk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.snyk b/.snyk index c5ecd9ceb5..8cd5261a00 100644 --- a/.snyk +++ b/.snyk @@ -10,7 +10,7 @@ ignore: SNYK-JS-CROSSSPAWN-8303230: - '*': reason: No direct upgrade path available - expires: 2025-01-01T00:12:20.523Z + expires: 2025-04-01T00:12:20.523Z created: 2024-11-08T10:22:20.531Z SNYK-JS-SOURCEMAPSUPPORT-6112477: - '*':