Merge pull request #74 from Dekunledev/master

Added checkmarx security scan to the package build pipeline

Author: corneliusyaovi

.github/workflows/package-publish.yml

@@ -4,6 +4,10 @@ on:
   release:
     types: [created]
 
+permissions:
+  id-token: write
+  contents: read
+  
 jobs:
   check-readme-and-changelog:
     runs-on: ubuntu-latest
@@ -46,7 +50,7 @@ jobs:
         run: flutter pub get
 
       - name: Publish to Pub.dev
-        run: pub publish --dry-run
+        run: flutter pub publish --dry-run
 
       - name: push build status to Slack
         uses: 8398a7/action-slack@v3

.github/workflows/security-scan.yml

@@ -0,0 +1,25 @@
+name: Security scan on all changes (Commits/PRs)
+on:
+  push:
+    branches: ["main", "master", "pilot", "dev"]
+  pull_request:
+    types:
+      - opened
+jobs:
+  code-check:
+    runs-on: ubuntu-latest
+    env:
+      OS: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Checkmarx One CLI Action
+        uses: checkmarx/ast-github-action@main
+        with:
+          project_name: Flutter-v3
+          cx_tenant: Flutterwave
+          base_uri: https://eu.ast.checkmarx.net/
+          cx_client_id: ${{ secrets.CX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }}
+          additional_params: --scan-types sast,iac-security,api-security,sca,container-security

CHANGELOG.md

@@ -1,6 +1,12 @@
-## [1.1.0] | 2025-04-10
+## [1.1.1] | April 24, 2025
 
-### Version Changes
+Changes include:
+
+- Added checkmarx security scan to the package build pipeline.
+
+## [1.1.0] | April 11, 2025
+
+Changes include:
 
 - Modified `Flutterwave.charge()` method to accept a BuildContext parameter.
 - Added context.mounted checks to prevent setState calls after widget disposal.
@@ -11,19 +17,26 @@
 - Updated the SDK requirements to `>=2.17.0`.
 - Upgraded dependencies to the latest versions.
 - Removed unused dependencies: webview_flutter, modal_bottom_sheet and uuid.
+- Update deployment workflow.
 
 ## [1.0.7] - February, 2023
 
+Changes include:
+
 - Fixed iOS bug where webview couldn't close when close buttons are clicked
 - Removed required `name` and `phone number` fields in `Customer` object
 
 ## [1.0.6] - October, 2022
 
+Changes include:
+
 - Fixed bug where transaction gets stuck after redirecting on webview
 - Fixed iOS build bug by removing inAppBrowser library
 
 ## [1.0.5] - October, 2022
 
+Changes include:
+
 - Fixed null when transaction is cancelled.
 - Removed modal pop up before launching web view.
 - Removed intermediate make payment screen before webview.
@@ -32,22 +45,32 @@
 
 ## [1.0.4] - July 4, 2022
 
+Changes include:
+
 - Renamed property `isDebug` to `isTestMode`
 - Made property `redirectUrl` required
 - Updated README file
 
 ## [1.0.3] - October 4, 2021.
 
+Changes include:
+
 - Fixed issue with webview
 
 ## [1.0.2] - September 23, 2021.
 
+Changes include:
+
 - Fixed bug where cancel payment buttons are not clickable on iOS devices.
 
 ## [1.0.1] - September 14, 2021.
 
+Changes include:
+
 - Fixed bug where response is not returned to initiating screen when user cancels transaction.
 
 ## [1.0.0] - September 9, 2021.
 
+Changes include:
+
 - Initial release

README.md

@@ -26,12 +26,12 @@ Available features include:
 1. Flutterwave for business [API Keys](https://developer.flutterwave.com/docs/integration-guides/authentication)
 2. Supported Flutter version >= 1.17.0
 3. Dart SDK >= 2.17.0
-4. For Android: Ensure the NDK version >= 27.0.12077973 on your project's android/app/build.gradle.kts file with android { ndkVersion = "27.0.12077973" }
+4. For Android development, ensure the NDK version >= `27.0.12077973` on your project's `android/app/build.gradle.kts` file with android `{ ndkVersion = "27.0.12077973" }`.
 
 ## Installation
 
 1. Add the dependency to your project. In your `pubspec.yaml` file add: `flutterwave_standard: 1.1.0`
-2. Run `flutter pub get`
+2. Run `flutter pub get`.
 
 ## Usage
 
@@ -90,39 +90,36 @@ Calling the `.charge()` method returns a `Future` of `ChargeResponse` which we a
 Call the verify transaction [endpoint](https://developer.flutterwave.com/docs/transaction-verification) with the `transactionID` returned in `response.transactionId` or the `txRef` you provided to verify transaction before offering value to customer
 
 #### Note
-
 - `ChargeResponse` can be null, depending on if the user cancels the transaction by pressing back.
 - You need to confirm the transaction status is successful. Ensure that the txRef, amount, and status are correct and successful. Be sure to [verify the transaction details](https://developer.flutterwave.com/docs/transaction-verification) before providing value.
 - Some payment methods are not instant, such a `Pay with Bank Transfers, Pay with Bank`, and so you would need to rely on [webhooks](https://developer.flutterwave.com/docs/webhooks) or call the transaction verification service using the [`transactionId`](https://developer.flutterwave.com/reference/verify-transaction), or transaction reference you created(`txRef`)
 - For such long payments like the above, closing the payment page returns a `cancelled` status, so your final source of truth has to be calling the transaction verification service.
 
-## Support
 
+## Support
 For additional assistance using this library, contact the developer experience (DX) team via [email](mailto:[email protected]) or on [slack](https://bit.ly/34Vkzcg).
 
 You can also follow us [@FlutterwaveEng](https://twitter.com/FlutterwaveEng) and let us know what you think 😊.
 
+
 ## Contribution guidelines
+Read more about our community contribution guidelines [here](CONTRIBUTING.md).
 
-Read more about our community contribution guidelines [here](https://www.notion.so/flutterwavego/Community-contribution-guide-ca1d8a876ba04d45ab4b663c758ae42a).
 
 ## License
-
 By contributing to the Flutter library, you agree that your contributions will be licensed under its [MIT license](/LICENSE).
 
 Copyright (c) Flutterwave Inc.
 
 ## Built Using
-
 - [flutter](https://flutter.dev/)
 - [http](https://pub.dev/packages/http)
 - [flutter_inappwebview](https://pub.dev/packages/flutter_inappwebview)
 - [fluttertoast](https://pub.dev/packages/fluttertoast)
 
 <a id="references"></a>
 
-## Flutterwave API References
-
+## Other Resources
 - [Flutterwave API Doc](https://developer.flutterwave.com)
 - [Flutterwave Inline Payment Doc](https://developer.flutterwave.com/docs/inline)
 - [Flutterwave Dashboard](https://dashboard.flutterwave.com/login)

example/pubspec.lock

@@ -254,7 +254,7 @@ packages:
       path: ".."
       relative: true
     source: path
-    version: "1.0.7"
+    version: "1.1.1"
   glob:
     dependency: transitive
     description:

lib/view/flutterwave_in_app_browser.dart

@@ -33,7 +33,6 @@ class FlutterwaveInAppBrowser extends InAppBrowser {
   _checkHasCompletedProcessing(final Uri uri) {
     final status = uri.queryParameters["status"];
     final txRef = uri.queryParameters["tx_ref"];
-    final id = uri.queryParameters["transaction_id"];
     if (status != null && txRef != null) {
       _finish(uri);
     }

pubspec.yaml

@@ -1,6 +1,6 @@
 name: flutterwave_standard
 description: Flutterwave's official library that wraps the standard implementation.
-version: 1.0.7
+version: 1.1.0
 homepage: https://github.com/Flutterwave/flutter_standard
 environment:
   sdk: ">=2.17.0 <4.0.0"