The mobile sync feature has been removed. It has been disabled for
years. When we enable sync again, it will be using a different
implementation. This has already been removed on the mobile side.
All controllers from the core monorepo have been updated to be equal to
or greater than the versions included in the v42 core release.
This release included a breaking change to all controllers because the
package `isomorphic-fetch` was removed. That package was used to ensure
that a `fetch` polyfill was present, so that the controllers could be
used in a non-browser context. This breaking change does not affect the
extension because we already install a `fetch` polyfill in our unit test
environment, and in a real build the real `fetch` API is present.
The gas fee controller had an additional breaking change: the EIP 1559
API endpoint is now a required argument. This does not affect the
extension because this argument was already being set.
The gas fee controller has been updated from v1 to v3. The breaking
changes for v2 and v3 related to the `@metamask/network-controller`
type that was referenced. They don't affect the extension's usage of
this package, so they are non-breaking for the extension.
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
The announcement controller has been updated to v2.0.1. The breaking
change in v2 was the migration to the BaseControllerV2 API. This
affected the constructor, as well as some methods/properties that we do
not use.
`@metamask/obs-store` has been updated from v5 to v8. The breaking
changes include updating the minimum supported Node.js version to v12,
and removing an unused class `LocalStorageStore`. v8 includes a bugfix
that resolves an accidental breaking change in v6.0.2; it's non-
breaking when updating from older versions.
This update includes type improvements. The main improvement is that
now we can type the observational store using generic parameters. The
previous version used `unknown` for the store contents.
The package `safe-event-emitter` has been updated to v2. This update
includes renaming the package to be scoped under `@metamask`, and it
includes a TypeScript migration.
This release only includes one breaking change, which is the renaming
of the package to be under the `@metamask` scope. It includes
improvements to the types that will unblock migrating our network
clients to TypeScript.
The PhishingController has been updated to v2. This release should
dramatically reduce network traffic and double the update speed of the
phishing list.
This was accomplished by combining both of our phishing configurations
into one list (the "stalelist"), then creating a separate list of the
changes just the past few days (the "hotlist"). Now users will download
a smaller list more frequently (every 30 minutes rather than every
hour), whereas the full list is only updated every 4 days.
The combined configuration means that we no longer know which list was
responsible for each block. The phishing warning page has been updated
to dynamically look this information up, to ensure users are still
directed to the correct place to dispute a block. This update to the
phishing warning page also includes the recent redesign.
This package has been updated to reduce the bundle size (we already use
the v4 version indirectly). The only breaking change applicable to the
usage of this package in the extension is to the package's exports. The
one import line has been updated accordingly.
This update comes with types (v3 was the TypeScript migration).
* Adding browser outdated notification
* updating dependency
* adding unit tests for util function
* adding unit tests for selectors, lintfix
* Added Tests, refactored notification delay logic
* lint:fix
* adding test coverage for method parameter
* Update app/scripts/controllers/app-state.js
adding documentation details
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* moving declaration into test
* Update app/scripts/controllers/app-state.test.js
spacing in test file
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Update jest.config.js
removing duplicate entries
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* using async submitRequestToBackground method
* removing unused import
* removing unnecessary link syntax in notification
* adding opera and edge and associated tests
* handling the undefined case in bowser.satisfies
* setOutdatedBrowserWarningLastShown try/catch
* lint:fix
* Removing try/catch and letting errors bubble up
Removing deprecated displayWarning method
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* taking out forceMetamaskUpdateState call
* excludint app-state test from mocha test suite
* Added note: Jest files should match Mocha excluded
* syntax error, lint:fix
---------
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Persist phishing state controller state.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
update phishing controller to latest version
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Rebase, Yarn3, Lavamoat
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
run allow-scrips.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
lavamoat:auto and linter
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Migrate to new controller packages
`@metamask/controllers` is deprecated, and most of the controllers that
lived here are now located in their own package ([1]). This commit
replaces `@metamask/controllers` in `package.json` with references to
these packages and updates `import` lines to match.
[1]: https://github.com/MetaMask/controllers/pull/831
* Support GitHub registry for draft PRs (#16549)
* Add additional allowed host to lockfile linter
* Update LavaMoat policies
* Add policy exception for nanoid
* Add additional nanoid overrides
* Update LavaMoat policies again
* Bump controller packages
* Update lavamoat
* Bump controller packages
* Update packages to v1.0.0
* Expand gitignore comment
* Unpin controller dependencies, using ^ range instead
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Mock token import
* Add mocks, improve stability
* Update LavaMoat policies
The policies became outdated recently due to undetected conflicts
between PRs.
* Use veryLargeDelayMs, refactoring
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Remove 3box feature and delete ThreeBoxController
Lint locale messages
lavamoat policy updates
* Restore 3Box user trait with value `false`
The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.
A deprecation comment has been left in various places for this trait.
* Remove unused state
* Remove additional 3box-related things
* Run `yarn-deduplicate`
* Restore migration that was lost while rebasing
* Remove obsolete override
* Remove additional unused resolutions/dependencies
* Update LavaMoat policies
* Remove obsolete security advisory ignore entries
* Remove 3Box fixture builder method
* Update unit tests
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Updating controller dependency
* fix
* fix
* fix
* fix
* fixes
* Lavamoat auto
* Update URLs for phishing detection testcase
* update lavamoat files
* call phishingController.test synchronously again
* bump @metamask/controllers to v32.0.1
* lint
* update policy files
* bump controllers version again
* modify update phishing list strategy
* revert back to use isOutOfDate, but without blocking substream
* possible way to fix e2e tests?
* enable testing
* Remove promise return from setupController in background.js, as it is no longer used
* Ensure updatePhishingLists is called in MM contrller constructer, so that phishing lists are updated right away
Co-authored-by: seaona <mariona@gmx.es>
Co-authored-by: Alex <adonesky@gmail.com>
Co-authored-by: Dan Miller <danjm.com@gmail.com>
This update includes fixes for our `block-ref` and `retry-on-empty`
middleware.
The `block-ref` middleware resolves the block reference `latest` to a
specific block number, the latest one we are aware of. This is meant to
protect against situations where the network gives inconsistent answers
for what the latest block number is due to some nodes being out-of-sync
with each other (this was a frequent problem years ago with Infura).
It was broken in that the `latest` resolution was failing, and we were
submitting an additional redundant request to Infura for each request.
The `retry-on-empty` middleware is meant to retry certain methods
when they return an empty response. This was also meant to deal with
network synchronization issues that were more common years ago. This
middleware works by making a "child" request over and over until either
a retry limit is reached, or a non-empty response is received.
It was broken in that the final response recieved was thrown away, so
it's as though the middleware was not used. Except that it did result
in additional redundant network requests.
As a result of this update we should see that the extension is more
resilient to certain network synchronization issues. But this is
difficult to test, and these issues may not happen in production
anymore today.
We should see a reduction in requests to Infura as well. This should
be easier to test.
* snaps-skunkworks@0.22.0
* Update LavaMoat policies
* Bump execution environment and fix a breaking change
* Fix caveat and permissions
* Fix test
* Exclude keyring endowment for now
* Fix test
* Fix snap_confirm missing title
Add tests for the `block-tracker-inspector` middleware — which makes
sure that the block tracker never has a reference to the latest block
which is less than a block number that shows up in an RPC method's
response — and the Infura middleware — which takes care of sending the
request to Infura, and will retry the request up to 5 times if Infura
sends back a certain type of error.
Note that the `retry-on-empty` middleware is not tested because it
currently has a [bug][1] which is making it ineffective.
[1]: https://github.com/MetaMask/eth-json-rpc-middleware/issues/139
We are working on migrating the extension to a unified network
controller, but before we do so we want to extract some of the existing
pieces, specifically `createInfuraClient` and `createJsonRpcClient`,
which provide the majority of the behavior exhibited within the provider
API that the existing NetworkController exposes. This necessitates that
we understand and test that behavior as a whole.
With that in mind, this commit starts with the Infura-specific network
client and adds some initial functional tests for `createInfuraClient`,
specifically covering three pieces of middleware provided by
`eth-json-rpc-middleware`: `createNetworkAndChainIdMiddleware`,
`createBlockCacheMiddleware`, and `createBlockRefMiddleware`.
These tests exercise logic that originate from multiple different places
and combine in sometimes surprising ways, and as a result, understanding
the nature of the tests can be tricky. I've tried to explain the logic
(both of the implementation and the tests) via comments. Additionally,
debugging why a certain test is failing is not the most fun thing in the
world, so to aid with this, I've added some logging to the underlying
packages used when a request passes through the middleware stack.
Because some middleware change the request being made, or make new
requests altogether, this greatly helps to peel back the curtain, as
failures from Nock do not supply much meaningful information on their
own. This logging is disabled by default, but can be activated by
setting `DEBUG=metamask:*,eth-query DEBUG_COLORS=1` alongside the `jest`
command.
We use this logging by bumping `eth-block-tracker`, and
`eth-json-rpc-middleware`.
* Update `eth-json-rpc-infura`
The package `eth-json-rpc-infura@5` has been updated to
`@metamask/eth-json-rpc-infura@7`. This update includes TypeScript
support, and it drops support for older node.js versions. The exports
have also been changed from default to named exports.
See here for a full list of changes: https://github.com/MetaMask/eth-json-rpc-infura/blob/main/CHANGELOG.md#700
* Fix LavaMoat policy issue
The `web3` package used by `@metamask/controllers` unintentionally
overwrites the `XMLHttpRequest` global, which breaks things. This was
fixed by revoking `web3`'s write access to that global using a policy
override.
Previously this policy override was applied to `web3`, but for some
unknown reason, this update caused that override to no longer apply.
The Sentry `Dedupe` integration has been filtering out our events, even
when they were never sent due to our `beforeSend` handler. It was
wrongly identifying them as duplicates because it has no knowledge of
`beforeSend` or whether they were actually sent or not.
To resolve this, the filtering we were doing in `beforeSend` has been
moved to a Sentry integration. This integration is installed ahead of
the `Dedupe` integration, so `Dedupe` should never find out about any
events that we filter out, and thus will never consider them as sent
when they were not.
* addding the legacy tokenlist, tuning token detection OFF by default, adding new message while importing tokens
updating the controller version and calling detectNewToken on network change
fixing rebase error
Run yarn lavamoat:auto for updating policies
updating lavamoat
Deleted node modules and run again lavamoat auto
fixing rebase issues
updating lavamoat policies
updating lavamoat after rebasing
policies
updating custom token warning and blocking detectedtoken link when tpken detection is off for supported networks
to update the token in fetchTosync
updating the contract map object
Revert build-system lavamoat policy changes
Move token list selection logic from components to getTokenList selector
updating the tokenList
Update lavamoat
Fix error
updating lavamoat
lint fix
fix unit test fail
fix unit test fail
lint fix
fixing rebase locale error
rebase fix
Revert build-system policy changes
temp
addressing review comments
* rebase fix
As we convert parts of the codebase to TypeScript, we will want a way to
track progress. This commit adds a dashboard which displays all of the
files that we wish to convert to TypeScript and which files we've
already converted.
The list of all possible files to convert is predetermined by walking
the dependency graph of each entrypoint the build system uses to compile
the extension (the files that the entrypoint imports, the files that the
imports import, etc). The list should not need to be regenerated, but
you can do it by running:
yarn ts-migration:enumerate
The dashboard is implemented as a separate React app. The CircleCI
configuration has been updated so that when a new commit is pushed, the
React app is built and stored in the CircleCI artifacts. When a PR is
merged, the built files will be pushed to a separate repo whose sole
purpose is to serve the dashboard via GitHub Pages (this is the same
way that the Storybook works). All of the app code and script to build
the app are self-contained under
`development/ts-migration-dashboard`. To build this app yourself, you
can run:
yarn ts-migration:dashboard:build
or if you want to build automatically as you change files, run:
yarn ts-migration:dashboard:watch
Then open the following file in your browser (there is no server
component):
development/ts-migration-dashboard/build/index.html
Finally, although you shouldn't have to do this, to manually deploy the
dashboard once built, you can run:
git remote add ts-migration-dashboard git@github.com:MetaMask/metamask-extension-ts-migration-dashboard.git
yarn ts-migration:dashboard:deploy
This is mainly associated with an update in GridPlus SDK and enables
better strategies for fetching calldata decoder data.
`eth-lattice-keyring` changes:
GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0
`gridplus-sdk` changes (which includes a codebase rewrite):
GridPlus/gridplus-sdk@v1.2.3...v2.2.2
* lavamoat - apply lavamoat protections to popup and notification
* build - enable lavamoat for home
* lavamoat - add missing ui overrides for react family
* deps/patches - patch zxcvbn for ses compat
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.
In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.
This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.