pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-06-19 23:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: pezkuwichain/pwap:fix/audit-gate-prod-only
Branches Tags
pezkuwichain/pwap:main pezkuwichain/pwap:fix/audit-gate-prod-only pezkuwichain/pwap:feat/pez-20-badge pezkuwichain/pwap:feat/unified-p2p-identity pezkuwichain/pwap:chore/remove-mobile-subdir pezkuwichain/pwap:fix/pex-rebrand-and-submodule-update
..
compare: pezkuwichain/pwap:feat/pez-20-badge
Branches Tags
pezkuwichain/pwap:main pezkuwichain/pwap:fix/audit-gate-prod-only pezkuwichain/pwap:feat/pez-20-badge pezkuwichain/pwap:feat/unified-p2p-identity pezkuwichain/pwap:chore/remove-mobile-subdir pezkuwichain/pwap:fix/pex-rebrand-and-submodule-update

2 Commits
fix/audit-gate-prod-only .. feat/pez-20-badge

Author SHA1 Message Date
pezkuwichain 920ddbf065 feat(web): PEZ-20 badge on PEZ and USDT balance cards 
Add a small reusable Pez20Badge pill next to the PEZ and USDT tokens in
the wallet balance view, linking to the Token Standards docs. These are
fungible assets on Asset Hub, i.e. the PEZ-20 standard — this gives users
the familiar ERC-20-style mental model at a glance.

Additive only: no labels removed, native HEZ is intentionally not badged
(it is the native/gas token, not a PEZ-20 asset).
 2026-06-12 21:34:49 -07:00
pezkuwichain a9786b2e70 fix(ci): unblock deploy pipeline (audit gate + orphan submodule) 
The Quality Gate & Deploy pipeline was failing at security-audit
(npm audit --audit-level=high), which blocks telegram-gate and the
whole deploy chain — that is why production was serving a stale bundle.

- npm audit fix (no --force, lockfile only): clears the critical vitest
  advisory (GHSA-5xrq-8626-4rwp) and the high elliptic one; only low-
  severity items remain, so 'npm audit --audit-level=high' now exits 0.
- Remove the orphaned 'exchange' gitlink: it is an empty submodule
  pointer with no .gitmodules mapping, which made git print
  'fatal: no submodule mapping found' during checkout.

Verified: lint, test (32 passed), and vite build all pass; audit gate
is green. No package.json changes.
 2026-06-11 18:41:54 -07:00
1 changed files with 2 additions and 5 deletions
Expand all files Collapse all files
.github/workflows/quality-gate.yml
+2 -5
View File
@@ -628,14 +628,11 @@ jobs:
with:
node-version: '20'
- name: Web — npm audit (high + critical, production deps only)
- name: Web — npm audit (high + critical)
working-directory: ./web
run: |
npm install
# Audit only production dependencies. Build tooling (vite, esbuild,
# vite-plugin-node-polyfills → elliptic, etc.) ships to no user, and
# advisories on those dev deps kept blocking production deploys.
npm audit --audit-level=high --omit=dev
npm audit --audit-level=high
- name: TruffleHog — PR diff (verified secrets only)
if: github.event_name == 'pull_request'