1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00

Integrate new LavaMoat scuttling protection feature (#16994)

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
This commit is contained in:
weizman 2022-12-21 20:54:30 +02:00 committed by GitHub
parent 25e9184d9a
commit 5d320ceec6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 605 additions and 64 deletions

View File

@ -0,0 +1,13 @@
diff --git a/src/runtime.js b/src/runtime.js
index 97c9ddb9b76a2fe31cf9b202cb491f15232232ff..26f65a2b2a3578638402fa887156fdad18eee368 100644
--- a/src/runtime.js
+++ b/src/runtime.js
@@ -8266,7 +8266,7 @@ function tameFunctionConstructors() {
FERAL_FUNCTION.prototype.constructor('return 1');
}catch( ignore) {
// Throws, no need to patch.
- return harden({});
+ return {};
}
const newIntrinsics= {};

View File

@ -0,0 +1,43 @@
diff --git a/index.js b/index.js
index e5be989387006f32a3ea450482a02b387970bcab..2dfa272e6e33dc01ec3b643553884bb29254011a 100644
--- a/index.js
+++ b/index.js
@@ -1,7 +1,5 @@
'use strict';
-var domain = require('domain');
-
var eos = require('end-of-stream');
var p = require('process-nextick-args');
var once = require('once');
@@ -30,13 +28,7 @@ function tryCatch(fn, args) {
function asyncDone(fn, cb) {
cb = once(cb);
- var d = domain.create();
- d.once('error', onError);
- var domainBoundFn = d.bind(fn);
-
function done() {
- d.removeListener('error', onError);
- d.exit();
return tryCatch(cb, arguments);
}
@@ -52,7 +44,7 @@ function asyncDone(fn, cb) {
}
function asyncRunner() {
- var result = domainBoundFn(done);
+ var result = fn(done);
function onNext(state) {
onNext.state = state;
@@ -64,7 +56,6 @@ function asyncDone(fn, cb) {
if (result && typeof result.on === 'function') {
// Assume node stream
- d.add(result);
eos(exhaust(result), eosConfig, done);
return;
}

View File

@ -0,0 +1,13 @@
diff --git a/lib/lockdown.umd.js b/lib/lockdown.umd.js
index 2f32ec5014adc6006ad5148a759fbf48d46bb40c..6df14835df7ca594a775c7da639de7b657e229d7 100644
--- a/lib/lockdown.umd.js
+++ b/lib/lockdown.umd.js
@@ -8154,7 +8154,7 @@ function tameFunctionConstructors() {
FERAL_FUNCTION.prototype.constructor('return 1');
}catch( ignore) {
// Throws, no need to patch.
- return harden({});
+ return {};
}
const newIntrinsics= {};

View File

@ -8,7 +8,7 @@ try {
* universalPropertyNames constant specified in 'ses/src/whitelist'. This
* function makes all function and object properties on the start compartment
* global non-configurable and non-writable, unless they are already
* non-configurable.
* non-configurable, or they were scuttled by LavaMoat runtime (LavaMoat#360).
*
* It is critical that this function runs at the right time during
* initialization, which should always be immediately after `lockdown` has been
@ -22,6 +22,9 @@ try {
* We write this function in IIFE format to avoid polluting global scope.
*/
(function protectIntrinsics() {
const lmre = // regex expression for LavaMoat scuttling error message
/LavaMoat - property "[A-Za-z0-9]*" of globalThis is inaccessible under scuttling mode/u;
const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);
// These named intrinsics are not automatically hardened by `lockdown`
@ -62,7 +65,18 @@ try {
}
if (shouldHardenManually.has(propertyName)) {
harden(globalThis[propertyName]);
try {
harden(globalThis[propertyName]);
} catch (err) {
if (!lmre.test(err.message)) {
throw err;
}
console.warn(
`Property ${propertyName} will not be hardened`,
`because it is scuttled by LavaMoat protection.`,
`Visit https://github.com/LavaMoat/LavaMoat/pull/360 to learn more.`,
);
}
}
}
});

48
development/build/index.js Executable file → Normal file
View File

@ -9,6 +9,7 @@ const livereload = require('gulp-livereload');
const yargs = require('yargs/yargs');
const { hideBin } = require('yargs/helpers');
const { sync: globby } = require('globby');
const lavapack = require('@lavamoat/lavapack');
const { getVersion } = require('../lib/get-version');
const { BuildType } = require('../lib/build-type');
const { TASKS, ENVIRONMENT } = require('./constants');
@ -72,6 +73,53 @@ async function defineAndRunBuildTasks() {
version,
} = await parseArgv();
// build lavamoat runtime file
await lavapack.buildRuntime({
scuttleGlobalThis: true,
scuttleGlobalThisExceptions: [
// globals used by different mm deps outside of lm compartment
'toString',
'getComputedStyle',
'addEventListener',
'removeEventListener',
'ShadowRoot',
'HTMLElement',
'Element',
'pageXOffset',
'pageYOffset',
'visualViewport',
'Reflect',
'Set',
'Object',
'navigator',
'harden',
'console',
// globals chrome driver needs to function (test env)
/cdc_[a-zA-Z0-9]+_[a-zA-Z]+/iu,
'performance',
'parseFloat',
'innerWidth',
'innerHeight',
'Symbol',
'Math',
'DOMRect',
'Number',
'Array',
'crypto',
'Function',
'Uint8Array',
'String',
'Promise',
// globals sentry needs to function
'__SENTRY__',
'appState',
'extra',
'stateHooks',
'sentryHooks',
'sentry',
],
});
const browserPlatforms = ['firefox', 'chrome'];
const browserVersionMap = getBrowserVersionMap(browserPlatforms, version);

View File

@ -38,6 +38,7 @@ const {
isTestBuild,
getEnvironment,
logError,
wrapAgainstScuttling,
} = require('./utils');
const {
@ -50,6 +51,42 @@ const {
createRemoveFencedCodeTransform,
} = require('./transforms/remove-fenced-code');
// map dist files to bag of needed native APIs against LM scuttling
const scuttlingBagConfig = {
'sentry-install.js': {
// globals sentry need to function
window: '',
navigator: '',
location: '',
Uint16Array: '',
fetch: '',
String: '',
Math: '',
Object: '',
Symbol: '',
Function: '',
Array: '',
Boolean: '',
Number: '',
Request: '',
Date: '',
document: '',
JSON: '',
encodeURIComponent: '',
crypto: '',
// {clear/set}Timeout are "this sensitive"
clearTimeout: 'window',
setTimeout: 'window',
// sentry special props
__SENTRY__: '',
sentryHooks: '',
sentry: '',
appState: '',
extra: '',
stateHooks: '',
},
};
/**
* Get the appropriate Infura project ID.
*
@ -613,6 +650,7 @@ function createFactoredBuild({
if (policyOnly) {
return;
}
const commonSet = sizeGroupMap.get('common');
// create entry points for each file
for (const [groupLabel, groupSet] of sizeGroupMap.entries()) {
@ -865,6 +903,9 @@ function setupBundlerDefaults(
setupMinification(buildConfiguration);
}
// Setup wrapping of code against scuttling (before sourcemaps generation)
setupScuttlingWrapping(buildConfiguration);
// Setup source maps
setupSourcemaps(buildConfiguration, { buildTarget });
}
@ -920,6 +961,24 @@ function setupMinification(buildConfiguration) {
});
}
function setupScuttlingWrapping(buildConfiguration) {
const { events } = buildConfiguration;
events.on('configurePipeline', ({ pipeline }) => {
pipeline.get('scuttle').push(
through.obj(
callbackify(async (file, _enc) => {
const bag = scuttlingBagConfig[file.relative];
if (bag) {
const wrapped = wrapAgainstScuttling(file.contents.toString(), bag);
file.contents = Buffer.from(wrapped, 'utf8');
}
return file;
}),
),
);
});
}
function setupSourcemaps(buildConfiguration, { buildTarget }) {
const { events } = buildConfiguration;
events.on('configurePipeline', ({ pipeline }) => {
@ -965,6 +1024,8 @@ async function createBundle(buildConfiguration, { reloadOnChange }) {
[],
'vinyl',
[],
'scuttle',
[],
'sourcemaps:init',
[],
'minify',

View File

@ -118,6 +118,66 @@ function logError(error) {
console.error(error.stack || error);
}
function wrapAgainstScuttling(content, bag = {}) {
return `
{
function setupProxy(global) {
// bag of properties to allow vetted shim to access,
// mapped to their correct this value if needed
const bag = ${JSON.stringify(bag)};
// setup vetted shim bag of properties
for (const prop in bag) {
const that = bag[prop];
let api = global[prop];
if (that) api = api.bind(global[that]);
bag[prop] = api;
}
// setup proxy for the vetted shim to go through
const proxy = new Proxy(bag, {
get: function get(target, prop) {
return bag[prop] || Reflect.get(target, prop);
},
set: function set(target, prop, value) {
if (bag.hasOwnProperty(prop) || prop.startsWith('on')) {
return bag[prop] = global[prop] = value;
}
},
});
// make sure bind() and apply() are applied with
// proxy target rather than proxy receiver
(function(target, receiver) {
'use strict'; // to work with ses lockdown
function wrap(obj, prop, target, receiver) {
const real = obj[prop];
obj[prop] = function(that) {
if (that === receiver) that = target;
const args = [].slice.call(arguments, 1);
return real.call(this, that, ...args);
};
}
wrap(Function.prototype, 'bind', target, receiver);
wrap(Function.prototype, 'apply', target, receiver);
} (global, proxy));
return proxy;
}
const proxy = setupProxy(globalThis);
with (proxy) {
with ({window: proxy, self: proxy, globalThis: proxy}) {
${content}
}
}
};
`;
}
/**
* Get the path of a file or folder inside the node_modules folder
*
@ -146,5 +206,6 @@ module.exports = {
isDevBuild,
isTestBuild,
logError,
wrapAgainstScuttling,
getPathInsideNodeModules,
};

View File

@ -957,10 +957,76 @@
"gulp>gulp-cli>isobject": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog": {
"builtin": {
"events.EventEmitter": true,
"util": true
},
"globals": {
"process.nextTick": true,
"process.stderr": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>are-we-there-yet": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge": true,
"@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
"nyc>yargs>set-blocking": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>are-we-there-yet": {
"builtin": {
"events.EventEmitter": true,
"util.inherits": true
},
"packages": {
"koa>delegates": true,
"readable-stream": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge": {
"builtin": {
"util.format": true
},
"globals": {
"clearInterval": true,
"process": true,
"setImmediate": true,
"setInterval": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>aproba": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": true,
"@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
"@storybook/react>@storybook/node-logger>npmlog>gauge>has-unicode": true,
"@storybook/react>@storybook/node-logger>npmlog>gauge>wide-align": true,
"nyc>signal-exit": true,
"react>object-assign": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width": {
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width>is-fullwidth-code-point": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": true,
"gulp>gulp-cli>yargs>string-width>code-point-at": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width>is-fullwidth-code-point": {
"packages": {
"gulp>gulp-cli>yargs>string-width>is-fullwidth-code-point>number-is-nan": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": {
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi>ansi-regex": true
}
},
"@lavamoat/lavapack": {
"builtin": {
"assert": true,
"buffer.Buffer.from": true,
"fs.promises.readFile": true,
"fs.promises.writeFile": true,
"fs.readFileSync": true,
"path.join": true,
"path.relative": true
@ -1048,6 +1114,31 @@
"string.prototype.matchall>side-channel": true
}
},
"@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": {
"builtin": {
"os.homedir": true
},
"globals": {
"process.env": true,
"process.getuid": true,
"process.platform": true
}
},
"@storybook/react>@storybook/node-logger>npmlog>gauge>has-unicode": {
"builtin": {
"os.type": true
},
"globals": {
"process.env.LANG": true,
"process.env.LC_ALL": true,
"process.env.LC_CTYPE": true
}
},
"@storybook/react>@storybook/node-logger>npmlog>gauge>wide-align": {
"packages": {
"yargs>string-width": true
}
},
"@storybook/react>acorn-walk": {
"globals": {
"define": true
@ -1799,6 +1890,7 @@
},
"packages": {
"chokidar>braces": true,
"chokidar>fsevents": true,
"chokidar>glob-parent": true,
"chokidar>is-binary-path": true,
"chokidar>normalize-path": true,
@ -1825,6 +1917,13 @@
"chokidar>braces>fill-range>to-regex-range>is-number": true
}
},
"chokidar>fsevents": {
"globals": {
"console.assert": true,
"process.platform": true
},
"native": true
},
"chokidar>glob-parent": {
"builtin": {
"os.platform": true,
@ -4176,6 +4275,7 @@
"gulp-watch>chokidar>anymatch": true,
"gulp-watch>chokidar>async-each": true,
"gulp-watch>chokidar>braces": true,
"gulp-watch>chokidar>fsevents": true,
"gulp-watch>chokidar>is-binary-path": true,
"gulp-watch>chokidar>readdirp": true,
"gulp-watch>chokidar>upath": true,
@ -4548,6 +4648,142 @@
"enzyme>rst-selector-parser>nearley>randexp>ret": true
}
},
"gulp-watch>chokidar>fsevents": {
"builtin": {
"events.EventEmitter": true,
"fs.stat": true,
"path.join": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.assert": true,
"process.nextTick": true,
"process.platform": true,
"setImmediate": true
},
"packages": {
"gulp-watch>chokidar>fsevents>node-pre-gyp": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp": {
"builtin": {
"events.EventEmitter": true,
"fs.existsSync": true,
"fs.readFileSync": true,
"fs.renameSync": true,
"path.dirname": true,
"path.existsSync": true,
"path.join": true,
"path.resolve": true,
"url.parse": true,
"url.resolve": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.log": true,
"process.arch": true,
"process.cwd": true,
"process.env": true,
"process.platform": true,
"process.version.substr": true,
"process.versions": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>detect-libc": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>semver": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>detect-libc": {
"builtin": {
"child_process.spawnSync": true,
"fs.readdirSync": true,
"os.platform": true
},
"globals": {
"process.env": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt": {
"builtin": {
"path": true,
"stream.Stream": true,
"url": true
},
"globals": {
"console": true,
"process.argv": true,
"process.env.DEBUG_NOPT": true,
"process.env.NOPT_DEBUG": true,
"process.platform": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>nopt>abbrev": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv": {
"builtin": {
"child_process.exec": true,
"path": true
},
"globals": {
"process.env.COMPUTERNAME": true,
"process.env.ComSpec": true,
"process.env.EDITOR": true,
"process.env.HOSTNAME": true,
"process.env.PATH": true,
"process.env.PROMPT": true,
"process.env.PS1": true,
"process.env.Path": true,
"process.env.SHELL": true,
"process.env.USER": true,
"process.env.USERDOMAIN": true,
"process.env.USERNAME": true,
"process.env.VISUAL": true,
"process.env.path": true,
"process.nextTick": true,
"process.platform": true
},
"packages": {
"@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": {
"globals": {
"process.env.SystemRoot": true,
"process.env.TEMP": true,
"process.env.TMP": true,
"process.env.TMPDIR": true,
"process.env.windir": true,
"process.platform": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf": {
"builtin": {
"assert": true,
"fs": true,
"path.join": true
},
"globals": {
"process.platform": true,
"setTimeout": true
},
"packages": {
"nyc>glob": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>semver": {
"globals": {
"console": true,
"process": true
}
},
"gulp-watch>chokidar>is-binary-path": {
"builtin": {
"path.extname": true
@ -5124,6 +5360,7 @@
"gulp-watch>path-is-absolute": true,
"gulp>glob-watcher>anymatch": true,
"gulp>glob-watcher>chokidar>braces": true,
"gulp>glob-watcher>chokidar>fsevents": true,
"gulp>glob-watcher>chokidar>glob-parent": true,
"gulp>glob-watcher>chokidar>is-binary-path": true,
"gulp>glob-watcher>chokidar>readdirp": true,
@ -5182,6 +5419,24 @@
"stylelint>@stylelint/postcss-markdown>remark>remark-parse>repeat-string": true
}
},
"gulp>glob-watcher>chokidar>fsevents": {
"builtin": {
"events.EventEmitter": true,
"fs.stat": true,
"path.join": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.assert": true,
"process.nextTick": true,
"process.platform": true,
"setImmediate": true
},
"packages": {
"gulp-watch>chokidar>fsevents>node-pre-gyp": true
}
},
"gulp>glob-watcher>chokidar>glob-parent": {
"builtin": {
"os.platform": true,
@ -5938,6 +6193,7 @@
"events": true,
"fs.existsSync": true,
"fs.readFileSync": true,
"fs.writeFileSync": true,
"path.extname": true,
"path.join": true
},
@ -6255,6 +6511,12 @@
"process": true
}
},
"nyc>yargs>set-blocking": {
"globals": {
"process.stderr": true,
"process.stdout": true
}
},
"prettier": {
"builtin": {
"assert": true,

View File

@ -185,7 +185,14 @@
"luxon@^3.0.1": "patch:luxon@npm%3A3.1.0#./.yarn/patches/luxon-npm-3.1.0-16e2508500.patch",
"improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch",
"lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch",
"symbol-observable": "^2.0.3"
"symbol-observable": "^2.0.3",
"async-done@~1.3.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"async-done@^1.2.0": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"async-done@^1.2.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"lavamoat-core@^10.0.1": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"lavamoat-core@^12.4.0": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"lavamoat-core@^12.3.0": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"@lavamoat/lavapack@^3.3.0": "patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch"
},
"dependencies": {
"@babel/runtime": "^7.5.5",
@ -343,7 +350,7 @@
"@babel/register": "^7.5.5",
"@ethersproject/bignumber": "^5.7.0",
"@lavamoat/allow-scripts": "^2.0.3",
"@lavamoat/lavapack": "^3.1.0",
"@lavamoat/lavapack": "^3.3.0",
"@metamask/auto-changelog": "^2.1.0",
"@metamask/eslint-config": "^9.0.0",
"@metamask/eslint-config-jest": "^9.0.0",
@ -453,8 +460,8 @@
"jest-it-up": "^2.0.2",
"jsdom": "^11.2.0",
"koa": "^2.7.0",
"lavamoat": "^6.2.0",
"lavamoat-browserify": "^15.2.0",
"lavamoat": "^6.3.0",
"lavamoat-browserify": "^15.5.0",
"lavamoat-viz": "^6.0.9",
"lockfile-lint": "^4.9.6",
"loose-envify": "^1.4.0",

View File

@ -28,7 +28,10 @@ function getGlobalProperties() {
// TODO: Also include the named platform globals
// This grabs every enumerable property on globalThis.
// ...Object.keys(globalThis),
].filter((propertyName) => !ignoreList.has(propertyName)),
].filter(
(propertyName) =>
typeof propertyName === 'string' && !ignoreList.has(propertyName),
),
);
}
@ -49,12 +52,26 @@ function testIntrinsic(propertyName) {
// As long as Object.isFrozen is the true Object.isFrozen, the object
// it is called with cannot lie about being frozen.
const value = globalThis[propertyName];
if (value !== globalThis) {
assert.equal(
Object.isFrozen(value),
true,
`value of universal property globalThis["${propertyName}"] should be frozen`,
try {
const value = globalThis[propertyName];
if (value !== globalThis) {
assert.equal(
Object.isFrozen(value),
true,
`value of universal property globalThis["${propertyName}"] should be frozen`,
);
}
} catch (err) {
const lmre = // regex expression for LavaMoat scuttling error message
/LavaMoat - property "[A-Za-z0-9]*" of globalThis is inaccessible under scuttling mode/u;
if (!lmre.test(err.message)) {
throw err;
}
console.warn(
`Property ${propertyName} is not hardened`,
`because it is scuttled by LavaMoat protection.`,
`Visit https://github.com/LavaMoat/LavaMoat/pull/360 to learn more.`,
);
}

104
yarn.lock
View File

@ -3054,35 +3054,35 @@ __metadata:
languageName: node
linkType: hard
"@lavamoat/lavapack@npm:3.1.0":
version: 3.1.0
resolution: "@lavamoat/lavapack@npm:3.1.0"
"@lavamoat/lavapack@npm:3.3.0":
version: 3.3.0
resolution: "@lavamoat/lavapack@npm:3.3.0"
dependencies:
JSONStream: ^1.3.5
combine-source-map: ^0.8.0
convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.2.0
lavamoat-core: ^12.4.0
readable-stream: ^3.6.0
through2: ^4.0.2
umd: ^3.0.3
checksum: 01d87fe76194591e3542171c6f7eccd0efadcbe27213af5d251480a5ca3cc95a77724de103995ee7c96a4b7e7a269c8dfe446a0a3028f8cf4952d7168817fa4a
checksum: 77f6588d38d53f0feba1856de409829969dc3592b9b4d1e722fd395a1eabae6a8983648e2929ef9243fd6ead6919683cb87e65433325601bafabcf8b46dc83be
languageName: node
linkType: hard
"@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::locator=metamask-crx%40workspace%3A.":
version: 3.1.0
resolution: "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::version=3.1.0&hash=8c39c8&locator=metamask-crx%40workspace%3A."
"@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch::locator=metamask-crx%40workspace%3A.":
version: 3.3.0
resolution: "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch::version=3.3.0&hash=d6b8b1&locator=metamask-crx%40workspace%3A."
dependencies:
JSONStream: ^1.3.5
combine-source-map: ^0.8.0
convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.2.0
lavamoat-core: ^12.4.0
readable-stream: ^3.6.0
through2: ^4.0.2
umd: ^3.0.3
checksum: cef044f3dfba68455ed1b17b80d58fa3fcbd42e5d576c0ed0fad126f27e15592ae69c213b4537626a053c8a2f5a0f6bcf80bbb3e7e7ab6722ea6743d4e54820c
checksum: 4e928e9de74757d7889f8f4712c793206e5a0d9551b7f564d9da95fa45e85df23bcd8dcc1e44feb3ec07d0ffda6a2956971aaca24a0afce46f4a4b0730e57549
languageName: node
linkType: hard
@ -8888,7 +8888,7 @@ __metadata:
languageName: node
linkType: hard
"async-done@npm:^1.2.0, async-done@npm:^1.2.2, async-done@npm:~1.3.2":
"async-done@npm:1.3.2":
version: 1.3.2
resolution: "async-done@npm:1.3.2"
dependencies:
@ -8900,6 +8900,18 @@ __metadata:
languageName: node
linkType: hard
"async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::locator=metamask-crx%40workspace%3A.":
version: 1.3.2
resolution: "async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::version=1.3.2&hash=f92ff4&locator=metamask-crx%40workspace%3A."
dependencies:
end-of-stream: ^1.1.0
once: ^1.3.2
process-nextick-args: ^2.0.0
stream-exhaust: ^1.0.1
checksum: cf43b3e1e8530a09144d6614f5b7f3429921cf338a1d36c07854cc381241cc22e001fcbf6a845a65bf76726653951ae12bba3ec221278508345629e47d880329
languageName: node
linkType: hard
"async-each@npm:^1.0.1":
version: 1.0.1
resolution: "async-each@npm:1.0.1"
@ -21468,63 +21480,52 @@ __metadata:
languageName: node
linkType: hard
"lavamoat-browserify@npm:^15.2.0":
version: 15.2.0
resolution: "lavamoat-browserify@npm:15.2.0"
"lavamoat-browserify@npm:^15.5.0":
version: 15.5.0
resolution: "lavamoat-browserify@npm:15.5.0"
dependencies:
"@babel/code-frame": ^7.16.7
"@lavamoat/aa": ^3.1.0
"@lavamoat/lavapack": ^3.1.0
"@lavamoat/lavapack": ^3.3.0
browser-resolve: ^2.0.0
concat-stream: ^2.0.0
convert-source-map: ^1.8.0
duplexify: ^4.1.1
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.2.0
lavamoat-core: ^12.4.0
pify: ^4.0.1
readable-stream: ^3.6.0
source-map: ^0.7.3
through2: ^3.0.0
checksum: 510e09ac05ac2b3492815b6ce9060255cd6d8cc372073c437dfc634818b729fd0cf87a00f70c96deeb15496d090c611248101d13c117a4454247464d9f0f1a91
checksum: b9d4ccbe6dd09aa63145f89f99f0b3ac269930a5e419cc836659f8c6a7e26b78d2dd3722e44055e6436d2334b044c348895f512d134ee8b5dc4ee87adc890b6f
languageName: node
linkType: hard
"lavamoat-core@npm:^10.0.1":
version: 10.0.1
resolution: "lavamoat-core@npm:10.0.1"
"lavamoat-core@npm:12.4.0":
version: 12.4.0
resolution: "lavamoat-core@npm:12.4.0"
dependencies:
fromentries: ^1.2.0
json-stable-stringify: ^1.0.1
lavamoat-tofu: ^5.1.3
lavamoat-tofu: ^6.0.2
merge-deep: ^3.0.2
resolve: ^1.15.1
checksum: 6d64663da2661ac550095e762ed71be2e99a58fa33bc7c9ae35a1cf7476d3cea8e08986dbb04c7decf9169e71b39c9377eaf8c8005a687e0a5675443aa124a40
checksum: 432a8968035370feb51e50f35306e7f85015e3b56440dbd41b6d3eec7f4bc82c3d1f16c6a627549df2665499c49bcb6e55fa697bccc6839bac1de12804019c1d
languageName: node
linkType: hard
"lavamoat-core@npm:^12.2.0":
version: 12.2.0
resolution: "lavamoat-core@npm:12.2.0"
"lavamoat-core@patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch::locator=metamask-crx%40workspace%3A.":
version: 12.4.0
resolution: "lavamoat-core@patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch::version=12.4.0&hash=4d4cee&locator=metamask-crx%40workspace%3A."
dependencies:
fromentries: ^1.2.0
json-stable-stringify: ^1.0.1
lavamoat-tofu: ^6.0.1
lavamoat-tofu: ^6.0.2
merge-deep: ^3.0.2
checksum: 8aff8ba92fad737b1194aefa25f3e8a51055963c0d68a4c4eef6cf2f36155690c8ddc30d881e23c466d3084a420c5ddab3d82eedc5630eecfc714849ca2c0c75
checksum: 2636c565bb26e06bec9f3bebb3664bd6878520fd880b51140f956480ff1a389c2ee3cfc19d7c2c4340f29d3d275bb407b6de10c76806a147381efcc3bbf403b7
languageName: node
linkType: hard
"lavamoat-tofu@npm:^5.1.3":
version: 5.1.3
resolution: "lavamoat-tofu@npm:5.1.3"
dependencies:
"@babel/parser": ^7.10.1
"@babel/traverse": ^7.10.1
checksum: d8a04fb8db04a5a731ad02974f9e6d8771fb8679525745e3edf9e35b369aa4bc0c3df14fb49e9380594f24e5603fd8e06645675212611b4982977de1b9aab60b
languageName: node
linkType: hard
"lavamoat-tofu@npm:^6.0.1":
"lavamoat-tofu@npm:^6.0.2":
version: 6.0.2
resolution: "lavamoat-tofu@npm:6.0.2"
dependencies:
@ -21550,9 +21551,9 @@ __metadata:
languageName: node
linkType: hard
"lavamoat@npm:^6.2.0":
version: 6.2.0
resolution: "lavamoat@npm:6.2.0"
"lavamoat@npm:^6.3.0":
version: 6.4.0
resolution: "lavamoat@npm:6.4.0"
dependencies:
"@babel/code-frame": ^7.10.4
"@babel/highlight": ^7.10.4
@ -21560,15 +21561,16 @@ __metadata:
bindings: ^1.5.0
htmlescape: ^1.1.1
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.2.0
lavamoat-tofu: ^6.0.1
lavamoat-core: ^12.3.0
lavamoat-tofu: ^6.0.2
node-gyp-build: ^4.2.3
object.fromentries: ^2.0.2
resolve: ^1.17.0
yargs: ^16.0.0
bin:
lavamoat: src/index.js
checksum: 4824d5459647dfe8352ce913295fa6d01343e6715bf3da8dc27956bf5876ed466572d9d50b66401a8a7896168f969f3667b33721bb4e276441ee3bedf2192bca
lavamoat: src/cli.js
lavamoat-run-command: src/run-command.js
checksum: 5a058b0b62fa4d6baa477775dc03433c0064e7ab0f14f4a540aa033154c3484cd9b59ec66e2968e387087c24531b09cbd6a70a3a11f4b52e3b4519cd3672c54c
languageName: node
linkType: hard
@ -22851,7 +22853,7 @@ __metadata:
"@keystonehq/bc-ur-registry-eth": ^0.12.1
"@keystonehq/metamask-airgapped-keyring": ^0.6.1
"@lavamoat/allow-scripts": ^2.0.3
"@lavamoat/lavapack": ^3.1.0
"@lavamoat/lavapack": ^3.3.0
"@lavamoat/snow": ^1.3.0
"@material-ui/core": ^4.11.0
"@metamask/address-book-controller": ^1.0.0
@ -23048,8 +23050,8 @@ __metadata:
jsonschema: ^1.2.4
koa: ^2.7.0
labeled-stream-splicer: ^2.0.2
lavamoat: ^6.2.0
lavamoat-browserify: ^15.2.0
lavamoat: ^6.3.0
lavamoat-browserify: ^15.5.0
lavamoat-viz: ^6.0.9
localforage: ^1.9.0
lockfile-lint: ^4.9.6
@ -28585,7 +28587,7 @@ __metadata:
languageName: node
linkType: hard
"resolve@npm:^1.1.4, resolve@npm:^1.1.5, resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.10.1, resolve@npm:^1.11.1, resolve@npm:^1.12.0, resolve@npm:^1.14.2, resolve@npm:^1.15.1, resolve@npm:^1.17.0, resolve@npm:^1.18.1, resolve@npm:^1.19.0, resolve@npm:^1.20.0, resolve@npm:^1.21.0, resolve@npm:^1.22.0, resolve@npm:^1.3.2, resolve@npm:^1.4.0":
"resolve@npm:^1.1.4, resolve@npm:^1.1.5, resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.10.1, resolve@npm:^1.11.1, resolve@npm:^1.12.0, resolve@npm:^1.14.2, resolve@npm:^1.17.0, resolve@npm:^1.18.1, resolve@npm:^1.19.0, resolve@npm:^1.20.0, resolve@npm:^1.21.0, resolve@npm:^1.22.0, resolve@npm:^1.3.2, resolve@npm:^1.4.0":
version: 1.22.1
resolution: "resolve@npm:1.22.1"
dependencies:
@ -28618,7 +28620,7 @@ __metadata:
languageName: node
linkType: hard
"resolve@patch:resolve@^1.1.4#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.5#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.6#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.7#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.11.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.12.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.14.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.15.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.17.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.18.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.19.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.20.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.21.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.22.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.3.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.4.0#~builtin<compat/resolve>":
"resolve@patch:resolve@^1.1.4#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.5#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.6#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.7#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.11.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.12.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.14.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.17.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.18.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.19.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.20.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.21.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.22.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.3.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.4.0#~builtin<compat/resolve>":
version: 1.22.1
resolution: "resolve@patch:resolve@npm%3A1.22.1#~builtin<compat/resolve>::version=1.22.1&hash=07638b"
dependencies: