1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 01:39:44 +01:00
Commit Graph

74 Commits

Author SHA1 Message Date
Brad Decker
08f775796c
Policy formatting issue (#18810) 2023-04-25 15:54:13 -05:00
legobeat
2c1ed4e8f0
deps: replace gulp-dart-sass with gulp-sass. (#16302)
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2023-04-25 09:37:30 -05:00
legobeat
a827c444fb
devDeps: security updates roundup (#18739)
* devDeps: resolutions: git-url-parse@^12=>13.1.0
  - CVE-2022-2900 / GHSA-j9fq-vwqv-2fm2

Depended on from now abandoned @storybook/storybook-deployer
  - https://github.com/storybook-eol/storybook-deployer/pull/131
  - https://github.com/IonicaBizau/git-url-parse/releases/tag/13.0.0
  - https://github.com/IonicaBizau/git-up/releases/tag/7.0.0

* devDeps: source-map-explorer@2.4.2->2.5.3
* devDeps: bump terser dependencies
   - CVE-2022-25858 / GHSA-4wf5-vphf-c2xc
* devDeps: shelljs@0.8.4->0.8.5
   - CVE-2022-0144 / GHSA-4rq4-32rv-6wp6
* devDeps: serve-handler@6.1.3->6.1.5, minimatch@3.0.4->3.1.2
  - CVE-2022-3517 / GHSA-f8q6-p94x-37v3
* devDeps: bump x-default-browser-id in resolutions
  - CVE-2021-33623 / CVE-2021-33623
  - https://npm-diff.app/x-default-browser@0.4.0...x-default-browser@0.5.2
* devDeps: pin glob-parent@^6.0.2 in resolutions
  - CVE-2020-28469 / GHSA-ww39-953v-wcq6
2023-04-25 17:09:22 +09:00
Mark Stacey
3776f4ad4c
Remove mobile sync feature (#18692)
The mobile sync feature has been removed. It has been disabled for
years. When we enable sync again, it will be using a different
implementation. This has already been removed on the mobile side.
2023-04-20 14:29:30 -02:30
legobeat
5d2c4c143a
devdeps: mocha@7.2.0->9.2.2 (#18195)
* devdeps: mocha@7.2.0->9.2.2

Maintenance upgrade

- Closes subdependency flat advisory
  - CVE-2020-36632 / GHSA-2j2x-2gpw-d8fm
- upgrade eslint-plugin-mocha to match
  - previously used `eslint-plugin-mocha` depended on mocha@^8.2.0

* devdeps: patch-bump ansi-regex

closes GHSA-93q8-gq69-wqmw

* update lavamoat policies
2023-04-14 10:49:22 +09:00
witmicko
fde18dec0c
link component (#17897)
Added externlalLink to ButtonLink

Co-authored-by: George Marshall <george.marshall@consensys.net>
2023-03-10 17:47:01 +00:00
Hassan Malik
7086494b72
[FLASK] BREAKING - snaps-monorepo@0.30.0 (#17718)
* updated snap permission to wallet_snap, updated tests and added migration

* updated snap packages

* yarn.lock fix

* fixed errors

* override policy

* update policy

* undo override

* updated localization message descriptions

* updated lavamoat policy

* more policy updates

* update permission controller version

* update policy

* update fixture builder

* updated code to include permission value to satisfy wallet_snap permission description call

* fix import issue

* update test-snaps version

* added missing actions, added snap permission dedupe function

* prettier fix

* fix fencing

* add more fencing

* prettier fix

* fix fencing (again)

* added new action and selector and updated view snap accordingly

* update test snaps website version

* unfence request variable

* add fencing

* add optional chaining to fix type error

* update migration #

* remove old migration

* prettier fix

* fix migration test

* fix fencing

* added missing fencing

* updated code to workaround fencing

* update test-snaps site version and remove snap confirm test

* update snap packages

* update policies

* fix merge marker issue

* update test

* more fixes

* fix permissions

* update test

* fixed test

* Bump test-snaps and iframe-execution-environment

* remove unused snap permission from fixture builder

* update policies

* undo comment removal, update selector implementation

* removed unnecessary function, updated migration, updated caveat action

* remove optional chaining

* fix type issue

* more type fixes

* fix migration test

* remove isFlask check, make migration logic more robust

* update coverage

* Update LavaMoat policies

* Update test/e2e/snaps/enums.js

* add extra bail condition

* Revert "add extra bail condition"

This reverts commit b45c53dcfc6e6e35a5e283d4955d6d6ea9ca5965.

* Revert "Revert "add extra bail condition""

This reverts commit cd2ded677935c9cdab0c02b6af55474c83727f60.

* fix test

* add SnapController entry to state object

* updated permission name and caveat type with hardcoded values

* add extra test for non-flask scenario

* update lavamoat policies

* fix locale messages

* change coverage target

* re-enable rpc snap test

* revert locale message change

* fix el message

* reverted changes

---------

Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
2023-03-08 13:29:23 -05:00
Thomas Huang
4735978b8d
Removal of enzyme pkge dep (#17261)
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2023-02-14 12:14:00 -06:00
Brad Decker
c1f9c778c9
Add error module for safely handling errors (#17511)
Co-authored-by: Danica Shen <zhaodanica@gmail.com>
2023-02-02 13:30:57 -06:00
amerkadicE
dd09245ff6
Fix/use etherjs specific imports (#15461)
* replace ethers with submodules

Co-authored-by: Alex <adonesky@gmail.com>
2023-01-24 08:10:36 -06:00
Brad Decker
a9ef2a049a
add numeric module (#17324) 2023-01-20 15:16:56 -06:00
Nidhi Kumari
c5368c152b
Added storybook check to CI (#17092)
* added storybook test runner

* added test runner in ci

* updated test for ci and fixed lint error

* updated lavamoat policy

* updated test command

* updated playwright

* changed command to storybook;ci

* updated command

* updated instance for test-storybook

* updated playwright

* added playwright step

* replaced concurrently with start-server-and-test

* updated the static storybook directory

* replaced first with last

* updated lock file

* replaced first with last

* updated test-storybook with maxworkers

* updated .depchechrc

* updated yml

* removed id from banner base

* replaced broken stories with .stories-to-do.js extesnsion

* updated token allowance story

* removed duplicacies from yarn

* fixed lavamoat

* removed filename comment

* updated links for docs

* fixed file extension for stories

* updated path for stories.json

* updated stories.json path

* yarn updated

* updated stories

* updated yarn

* updated wait on
2023-01-21 00:57:46 +05:30
weizman
6d551f10fe
Update LavaMoat (core/lavapack) (#17061) 2023-01-18 14:35:37 +02:00
Alex Donesky
dc253068f9
update build system policy override config (#17163) 2023-01-12 14:01:29 -06:00
weizman
3cf5ef642f
Revert "Integrate new LavaMoat scuttling protection feature (#16994)" (#17043) 2022-12-22 17:26:53 +02:00
weizman
5d320ceec6
Integrate new LavaMoat scuttling protection feature (#16994)
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2022-12-21 12:54:30 -06:00
Dan J Miller
b3dbf62860
Add lavamoat policy override for react-responsive-carousel (#16955) 2022-12-14 14:35:28 -06:00
Alex Donesky
5d285f7be5
fix cached detected token results (#16866) 2022-12-14 12:26:08 +05:30
Frederik Bolding
659063b335
[FLASK] Allow Snaps UI to use Markdown for text formatting (#16911)
* Allow Snaps UI to use Markdown for text formatting

* Fix yarn audit and dedupe errors

* Update LavaMoat policies

* Fix lint

* Add paragraph wrapper component

* Fix lint
2022-12-13 15:37:20 +01:00
Brad Decker
6d1170f06c
upgrade yarn to version 3 (#16232)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: ricky <ricky.miller@gmail.com>
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
Co-authored-by: legobt <6wbvkn0j@anonaddy.me>
Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
2022-12-08 10:38:04 -06:00
Maarten Zuidhoorn
c341abaea6
Use Webpack 5 for Storybook (#16678)
* Fix storybook

* Update policies

* Bump all Storybook dependencies to the latest version

* Add Storybook dependencies to depcheck ignore list

* Update policy-override.json

* Fix SectionShape circular dependency

* Change policy override for eslint-scope

* Fix some Webpack build issues

* Add missing dependency

Co-authored-by: Frederik Bolding <frederik.bolding@gmail.com>
2022-11-29 19:23:36 +01:00
Elliot Winkler
51cffa15dd
Migrate to new controller packages (#16547)
* Migrate to new controller packages

`@metamask/controllers` is deprecated, and most of the controllers that
lived here are now located in their own package ([1]). This commit
replaces `@metamask/controllers` in `package.json` with references to
these packages and updates `import` lines to match.

[1]: https://github.com/MetaMask/controllers/pull/831

* Support GitHub registry for draft PRs (#16549)

* Add additional allowed host to lockfile linter

* Update LavaMoat policies

* Add policy exception for nanoid

* Add additional nanoid overrides

* Update LavaMoat policies again

* Bump controller packages

* Update lavamoat

* Bump controller packages

* Update packages to v1.0.0

* Expand gitignore comment

* Unpin controller dependencies, using ^ range instead

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2022-11-24 16:29:07 -03:30
David Walsh
266d7d93d5
Fix #15050 - MV3: Keep the user logged in when service worker restarts (#15558) 2022-11-23 18:49:24 -06:00
Brad Decker
c9527e745f
upgrade gulp-autoprefixer (#16439) 2022-11-15 08:40:56 -06:00
Erik Marks
a8c1756816
Remove 3box feature and delete ThreeBoxController (#14571)
* Remove 3box feature and delete ThreeBoxController

Lint locale messages

lavamoat policy updates

* Restore 3Box user trait with value `false`

The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.

A deprecation comment has been left in various places for this trait.

* Remove unused state

* Remove additional 3box-related things

* Run `yarn-deduplicate`

* Restore migration that was lost while rebasing

* Remove obsolete override

* Remove additional unused resolutions/dependencies

* Update LavaMoat policies

* Remove obsolete security advisory ignore entries

* Remove 3Box fixture builder method

* Update unit tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2022-10-31 13:50:50 -02:30
Jyoti Puri
6995174cbc
MV3 Segment Fix (#16020) 2022-10-11 20:34:32 +05:30
Mark Stacey
f6f8edfd15
Update eth-json-rpc-middleware to v9.0.1 (#16096)
This update includes fixes for our `block-ref` and `retry-on-empty`
middleware.

The `block-ref` middleware resolves the block reference `latest` to a
specific block number, the latest one we are aware of. This is meant to
protect against situations where the network gives inconsistent answers
for what the latest block number is due to some nodes being out-of-sync
with each other (this was a frequent problem years ago with Infura).

It was broken in that the `latest` resolution was failing, and we were
submitting an additional redundant request to Infura for each request.

The `retry-on-empty` middleware is meant to retry certain methods
when they return an empty response. This was also meant to deal with
network synchronization issues that were more common years ago. This
middleware works by making a "child" request over and over until either
a retry limit is reached, or a non-empty response is received.

It was broken in that the final response recieved was thrown away, so
it's as though the middleware was not used. Except that it did result
in additional redundant network requests.

As a result of this update we should see that the extension is more
resilient to certain network synchronization issues. But this is
difficult to test, and these issues may not happen in production
anymore today.

We should see a reduction in requests to Infura as well. This should
be easier to test.
2022-10-10 13:16:58 -02:30
Alex Donesky
3b63ecff07
Update eth-lattice-keyring to v0.12.3 (#15997) 2022-10-03 19:02:38 -05:00
Elliot Winkler
d7a812f42f
Add remaining tests for createInfuraClient (#15717)
Add tests for the `block-tracker-inspector` middleware — which makes
sure that the block tracker never has a reference to the latest block
which is less than a block number that shows up in an RPC method's
response — and the Infura middleware — which takes care of sending the
request to Infura, and will retry the request up to 5 times if Infura
sends back a certain type of error.

Note that the `retry-on-empty` middleware is not tested because it
currently has a [bug][1] which is making it ineffective.

[1]: https://github.com/MetaMask/eth-json-rpc-middleware/issues/139
2022-09-29 10:39:35 -06:00
Alex Donesky
d3bd5b0d6b
Bump keystone package versions to latest (#15878) 2022-09-22 10:04:24 -05:00
Mark Stacey
929a1a0d52
Update eth-json-rpc-infura (#15845)
* Update `eth-json-rpc-infura`

The package `eth-json-rpc-infura@5` has been updated to
`@metamask/eth-json-rpc-infura@7`. This update includes TypeScript
support, and it drops support for older node.js versions. The exports
have also been changed from default to named exports.

See here for a full list of changes: https://github.com/MetaMask/eth-json-rpc-infura/blob/main/CHANGELOG.md#700

* Fix LavaMoat policy issue

The `web3` package used by `@metamask/controllers` unintentionally
overwrites the `XMLHttpRequest` global, which breaks things. This was
fixed by revoking `web3`'s write access to that global using a policy
override.

Previously this policy override was applied to `web3`, but for some
unknown reason, this update caused that override to no longer apply.
2022-09-15 14:41:18 -02:30
amerkadicE
7aa2a8a983
Replace web3js package with ethersjs package (#15386)
Co-authored-by: Alex Donesky <adonesky@gmail.com>
2022-09-12 15:46:48 -05:00
George Marshall
100fbbfaca
Upgrading storybook from 6.3 to 6.5 fixing shell-quote vulnerability (#15684)
* Updating storybook from 6.3 to 6.5

* Some lavamoat policy overrides for eslint
2022-09-06 15:58:22 -07:00
Alex Miller
21e3b4785d
[GridPlus] Version bump (#15711)
* [GridPlus] Bumps packages
Significant updates:
* Reverts build system changes to reduce bundle size (`gridplus-sdk` #461)
* Adds support for nested ABI definitions if firmware allows it (`gridplus-sdk` #462, #450)
Full changes:
* `eth-lattice-keyring`: https://github.com/GridPlus/eth-lattice-keyring/compare/v0.11.0...v0.12.0
* `gridplus-sdk`: https://github.com/GridPlus/gridplus-sdk/compare/v2.2.2...v2.2.7

* [GridPlus] Lavamoat changes
2022-08-25 18:11:17 -02:30
Brad Decker
0d862d4032
upgrade jest (#15642) 2022-08-23 15:13:02 -05:00
Mark Stacey
1f36ba4b75
Fix Sentry deduplication of events that were never sent (#15677)
The Sentry `Dedupe` integration has been filtering out our events, even
when they were never sent due to our `beforeSend` handler. It was
wrongly identifying them as duplicates because it has no knowledge of
`beforeSend` or whether they were actually sent or not.

To resolve this, the filtering we were doing in `beforeSend` has been
moved to a Sentry integration. This integration is installed ahead of
the `Dedupe` integration, so `Dedupe` should never find out about any
events that we filter out, and thus will never consider them as sent
when they were not.
2022-08-23 16:14:14 -02:30
Mark Stacey
22552a0152
Fix LavaMoat policy generation script (#15668)
Recently in #15468 the name of the scripts task used by the LavaMoat
policy generation script was renamed from `scripts:prod` to
`scripts:dist`, but we neglected to change this name in the LavaMoat
policy generation script itself.

The script task has now been updated so that the script works again,
and the LavaMoat policy generation script has been re-run.
2022-08-22 21:22:47 -02:30
Maarten Zuidhoorn
a52c6a4908
[FLASK] snaps-skunkworks@0.19.0 (#15619)
* Bump snaps-skunkworks to 0.19.0

* Improve snap_getBip32Entropy UI

* Remove console.log

* Update LavaMoat policy

* Dedupe Yarn lock

* Update LavaMoat policy again

* Fix tests

* Update policies and e2e tests

* Update policy again

* Update iframe-execution-environment

* Dedupe yarn.lock

* Update snapshots

* Fix PR comments

* Add TODO

* Trigger CI
2022-08-18 17:07:34 +02:00
Elliot Winkler
a7d98b695f
Add TypeScript migration dashboard (#13820)
As we convert parts of the codebase to TypeScript, we will want a way to
track progress. This commit adds a dashboard which displays all of the
files that we wish to convert to TypeScript and which files we've
already converted.

The list of all possible files to convert is predetermined by walking
the dependency graph of each entrypoint the build system uses to compile
the extension (the files that the entrypoint imports, the files that the
imports import, etc). The list should not need to be regenerated, but
you can do it by running:

    yarn ts-migration:enumerate

The dashboard is implemented as a separate React app. The CircleCI
configuration has been updated so that when a new commit is pushed, the
React app is built and stored in the CircleCI artifacts. When a PR is
merged, the built files will be pushed to a separate repo whose sole
purpose is to serve the dashboard via GitHub Pages (this is the same
way that the Storybook works). All of the app code and script to build
the app are self-contained under
`development/ts-migration-dashboard`. To build this app yourself, you
can run:

    yarn ts-migration:dashboard:build

or if you want to build automatically as you change files, run:

    yarn ts-migration:dashboard:watch

Then open the following file in your browser (there is no server
component):

    development/ts-migration-dashboard/build/index.html

Finally, although you shouldn't have to do this, to manually deploy the
dashboard once built, you can run:

    git remote add ts-migration-dashboard git@github.com:MetaMask/metamask-extension-ts-migration-dashboard.git
    yarn ts-migration:dashboard:deploy
2022-08-09 14:16:08 -06:00
Mark Stacey
44f8e9e10e
Replace rc with ini (#15464)
We use the `rc` package to read the `.metamaskrc` configuration file,
which is in "ini" format. This package has been replaced by the `ini`
package.

The `rc` package was not actively maintained, and it has had recent
security vulnerabilities. But most importantly, the config object
returned by `rc` includes a bunch of extra information that made build
script validation [1] difficult to implement. Specifically, it made it
challenging to ensure no extra environment variables were present.

The `ini` package on the other hand is simple, well maintained, and
is simpler to use. This package doesn't add any extra properties to the
object it returns, making validation easy.

[1]: https://github.com/MetaMask/metamask-extension/issues/15003
2022-08-05 15:11:18 -02:30
Brad Decker
7b42c54728
Update Babel and dependencies (#15392) 2022-08-05 10:04:44 -05:00
Sam Gbafa
5802805597
Add Sign-In with Ethereum (#14438)
Co-authored-by: Gregório Granado Magalhães <greg.magalhaes@gmail.com>
Co-authored-by: George Marshall <georgewrmarshall@gmail.com>
Co-authored-by: georgewrmarshall <george.marshall@consensys.net>
Co-authored-by: Ariella Vu <20778143+digiwand@users.noreply.github.com>
Co-authored-by: brad-decker <bhdecker84@gmail.com>
2022-08-03 09:56:11 -05:00
Brad Decker
31fa55123a
fix storybook (#15387) 2022-07-29 14:15:48 -05:00
Brad Decker
1db0ee87ec
Update Eslint and deps (#15293) 2022-07-26 13:10:51 -05:00
seaona
10c480b118 Run lavamoat auto 2022-06-30 19:16:46 +02:00
Mark Stacey
b68aee1bef
Migrate the build script to yargs (#14836)
The build script now uses `yargs` rather than `minimist`. The CLI is
now better documented, and we have additional validation for each
option.

A patch for `yargs` was required because it would blow up on the line
`Error.captureStackTrace`. For some reason when running under LavaMoat,
that property did not exist.

Closes #12766
2022-06-21 17:37:05 -02:30
Daniel
7d1259476b
Update smart-transactions-controller to v2.1.0 (#14955) 2022-06-16 17:51:55 +02:00
Mark Stacey
e6d5af5f9a Merge remote-tracking branch 'origin/develop' into master-sync
* origin/develop: (131 commits)
  Update `protobufjs` and remove obsolete advisory exclusion (#14841)
  Include snap version in pill (#14803)
  Update PULL_REQUEST_TEMPLATE.md (#14790)
  fix: keystone transaction qrcode has no white spacing (#14798)
  Snap notifications integration (#14605)
  Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
  snaps-skunkworks@0.15.0 (#14772)
  Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
  Ensure transaction type is correctly updated on edit (#14721)
  Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
  Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
  Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
  Migrate the "estimateGas" API call to "getFees" for STX (#14767)
  Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
  Adding flag for MV3 (#14762)
  Add types to send state (#14740)
  Remove site origin on snap install (#14752)
  Update design tokens library from 1.5 to 1.6 WIP (#14732)
  Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
  remove draft transaction (#14701)
  ...
2022-06-03 11:53:40 -02:30
Mark Stacey
3693de7947 Reproducible .zip files (#14623)
* Create `.zip` files deterministically

Our build system now creates `.zip` archives deterministically.
Previously the `.zip` file would differ between builds even when the
files being archived were identical. This was because the order the
files were passed in was non-deterministic, and the `mtime` for each
file was different between builds.

The files are now sorted before being zipped, and the `mtime` for each
file has been set to the unix epoch.

* Update lavamoat build policy
2022-05-16 14:48:09 -02:30
Frederik Bolding
c2cd6f8097
Bump addons-linter (#14717)
* Bump addons-linter

* Deduplicate yarn.lock

* Rerun yarn install and LavaMoat policy gen
2022-05-16 18:04:25 +02:00