1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-29 07:16:36 +01:00
Commit Graph

18 Commits

Author SHA1 Message Date
legobeat
b7da0a98e4
@metamask/smart-transactions-controller@3.1.0->4.0.0 (#20016) 2023-07-19 06:42:50 +09:00
Elliot Winkler
751120bd01
Restore support for Linea networks (#20011)
When the NetworkController in this repo was replaced with
`@metamask/network-controller`, support for Linea networks was lost
as it did not support it at that time. `@metamask/network-controller`
has since been updated, so this commit bumps that package to restore
support.
2023-07-13 16:57:31 -06:00
Mark Stacey
9c278c3610
Resolve two new security advisories (#19940)
Two new security advisories have been resolved. These advisories are
causing CI to fail on `develop`. Neither presents any risk to us,
as they are prototype pollution issues that are prevented by lockdown.

The first advisory isn't easy for us to patch. It's caused by an
outdated version of `protobufjs` used by `@trezor/transport`. It has
been ignored for now, until Trezor updates that package.

For the second advisory (related to `tough-cookie`), it was resolved
by updating that dependency in our lockfile.
2023-07-10 12:56:34 -02:30
Elliot Winkler
b385cbcbcc
Bump @metamask/network-controller to 10.3.0 (#19903)
In the new version of NetworkController, it will now precreate network
clients for built-in and custom networks and expose those network
clients for consumers. This furthers the multichain UX project by making
it possible for MetaMask to interface with multiple networks
simultaneously.

This commit also upgrades `@metamask/gas-fee-controller` to prevent a
peer dependency warning from showing up as well as
`@metamask/controller-utils` in order to reduce the dependency tree.
There are no user-facing changes to either package.
2023-07-07 12:14:18 -06:00
Elliot Winkler
f77b1f65e2
Upgrade assets-controllers to v9 (#19472) 2023-06-09 15:48:48 -05:00
legobeat
8675c7863e
devDeps: storybook@7 (#19092)
* devDeps: pin @babel/core and @babel/runtime in resulotions
    Without this: misses patch, lavamoat error


* storybook 6 to 7 migration
* devDeps: add @storybook/addon-mdx-gfm
* fix lint deps
* devDeps: remove unused require-from-string
* devDeps/resolutions: @types/react@^16.9.53
* devDeps: add @storybook/cli
* storybook: new-frameworks migration
* iyarc: remove resolved dependency advisory
* deps: set globalthis@1.0.1 in resolutions
   This is required since a file is copied over from a set path in the dist
   package subdirectory as of d13aabde23 (#10014).
   A future update should either vendor the shim, or update to
   compatibility with a maintained upstream version.

* mdx2 migration fixes
* chore: bump ljharb packages
* devDeps: @storybook/*@^7.0.10->^7.0.11
* storybook: update preview.js to use v7 addon api
* ci/test/storybook: echo between storybook build&test
* ci/circleci: resources tweak
* info-tab: handle undefined global.platform
* update lavamoat build policy
* update lavamoat browserify policies
2023-05-18 11:07:42 +09:00
legobeat
576eee7adf
devDeps: eslint@8.14.0,8.20.0->8.36.0 (#18748)
* devDeps: eslint@8.14.0,8.20.0->8.36.0

- CVE-2021-4279 / CVE-2021-4279
- consolidate eslint into single version
  - port patches

* add eslintignore directive

* lavamoat: update build policy overrides
2023-04-28 07:45:15 +09:00
legobeat
c21c2bdcf0
security: patch request for CVE-2023-28155 (#18208)
* security: patch request for CVE-2023-28155

GHSA-p8p7-x288-28g6

Ported from https://github.com/request/request/pull/3444

* add iyarc exclusion
2023-03-17 11:59:39 -02:30
Brad Decker
35e3b7e82e
fix audit failure (#17079) 2023-01-04 11:29:37 -06:00
Brad Decker
6d1170f06c
upgrade yarn to version 3 (#16232)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: ricky <ricky.miller@gmail.com>
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
Co-authored-by: legobt <6wbvkn0j@anonaddy.me>
Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
2022-12-08 10:38:04 -06:00
Erik Marks
a8c1756816
Remove 3box feature and delete ThreeBoxController (#14571)
* Remove 3box feature and delete ThreeBoxController

Lint locale messages

lavamoat policy updates

* Restore 3Box user trait with value `false`

The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.

A deprecation comment has been left in various places for this trait.

* Remove unused state

* Remove additional 3box-related things

* Run `yarn-deduplicate`

* Restore migration that was lost while rebasing

* Remove obsolete override

* Remove additional unused resolutions/dependencies

* Update LavaMoat policies

* Remove obsolete security advisory ignore entries

* Remove 3Box fixture builder method

* Update unit tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2022-10-31 13:50:50 -02:30
legobeat
ef9d5d117b
chore: Adjust trailing whitespace (#15636)
Co-authored-by: ryanml <ryanlanese@gmail.com>
2022-08-24 14:11:49 -05:00
Brad Decker
e72170a4cd
remove audit exclusion (#15346) 2022-07-26 15:48:25 -05:00
Brad Decker
2f37635a88
fix filetype audit (#15334) 2022-07-26 09:03:31 -05:00
Dan J Miller
82430e4659
Add exclusion for GHSA-pfrx-2q88-qq97, which is in the 3box dependency tree but not our build (#15005) 2022-06-22 11:46:58 -02:30
Mark Stacey
e34a5ee0eb
Update protobufjs and remove obsolete advisory exclusion (#14841)
The package `protobufjs` has been updated from v6.11.2 to v6.11.3. This
addresses a security advisory.

The advisory `GHSA-fwr7-v2mv-hh25` has also been removed from our list
of ignored advisories.

These two changes should fix the `test-deps-audit` failures.
2022-06-03 08:26:21 -02:30
Dan J Miller
0d595df635
Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
* We can safely ignore this advisory because the affected package is only used in the ipfs cli, which our use of 3box does not use, therefore the vulnerable code is not included in our build.
2022-05-26 14:31:47 -02:30
ricky
0fd1cea1fe
Feature/remove bitmask (#14489)
* remove bitmask

* add --fail-on-missing-exclusions

* add .iyarc
2022-04-21 17:58:57 -04:00