When the NetworkController in this repo was replaced with
`@metamask/network-controller`, support for Linea networks was lost
as it did not support it at that time. `@metamask/network-controller`
has since been updated, so this commit bumps that package to restore
support.
Two new security advisories have been resolved. These advisories are
causing CI to fail on `develop`. Neither presents any risk to us,
as they are prototype pollution issues that are prevented by lockdown.
The first advisory isn't easy for us to patch. It's caused by an
outdated version of `protobufjs` used by `@trezor/transport`. It has
been ignored for now, until Trezor updates that package.
For the second advisory (related to `tough-cookie`), it was resolved
by updating that dependency in our lockfile.
In the new version of NetworkController, it will now precreate network
clients for built-in and custom networks and expose those network
clients for consumers. This furthers the multichain UX project by making
it possible for MetaMask to interface with multiple networks
simultaneously.
This commit also upgrades `@metamask/gas-fee-controller` to prevent a
peer dependency warning from showing up as well as
`@metamask/controller-utils` in order to reduce the dependency tree.
There are no user-facing changes to either package.
* devDeps: pin @babel/core and @babel/runtime in resulotions
Without this: misses patch, lavamoat error
* storybook 6 to 7 migration
* devDeps: add @storybook/addon-mdx-gfm
* fix lint deps
* devDeps: remove unused require-from-string
* devDeps/resolutions: @types/react@^16.9.53
* devDeps: add @storybook/cli
* storybook: new-frameworks migration
* iyarc: remove resolved dependency advisory
* deps: set globalthis@1.0.1 in resolutions
This is required since a file is copied over from a set path in the dist
package subdirectory as of d13aabde23 (#10014).
A future update should either vendor the shim, or update to
compatibility with a maintained upstream version.
* mdx2 migration fixes
* chore: bump ljharb packages
* devDeps: @storybook/*@^7.0.10->^7.0.11
* storybook: update preview.js to use v7 addon api
* ci/test/storybook: echo between storybook build&test
* ci/circleci: resources tweak
* info-tab: handle undefined global.platform
* update lavamoat build policy
* update lavamoat browserify policies
* Remove 3box feature and delete ThreeBoxController
Lint locale messages
lavamoat policy updates
* Restore 3Box user trait with value `false`
The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.
A deprecation comment has been left in various places for this trait.
* Remove unused state
* Remove additional 3box-related things
* Run `yarn-deduplicate`
* Restore migration that was lost while rebasing
* Remove obsolete override
* Remove additional unused resolutions/dependencies
* Update LavaMoat policies
* Remove obsolete security advisory ignore entries
* Remove 3Box fixture builder method
* Update unit tests
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
The package `protobufjs` has been updated from v6.11.2 to v6.11.3. This
addresses a security advisory.
The advisory `GHSA-fwr7-v2mv-hh25` has also been removed from our list
of ignored advisories.
These two changes should fix the `test-deps-audit` failures.
* We can safely ignore this advisory because the affected package is only used in the ipfs cli, which our use of 3box does not use, therefore the vulnerable code is not included in our build.
