Adds a new flag, `--apply-lavamoat`, to the main build script. The flag controls whether LavaMoat is actually applied to the output of the build process. The flag defaults to `true`, but we explicitly set it to `false` in the `start` package script. Meanwhile, the `start:lavamoat` script is modified such that it applies LavaMoat to the build output in development mode, but it no longer runs the build process itself under LavaMoat as there aren't very compelling reasons to do so.
This change is motivated by the fact that development builds do not have their own dedicated LavaMoat policies, which causes development builds to fail since #14537. The downside of this change is that LavaMoat-related failures will not be detected when running `yarn start`. @kumavis has plans for fixing this problem in a future major version of the `@lavamoat` suite.
* origin/master: (101 commits)
Updating changelog
Add token standard to custom token details (#14506)
Revert "Dark Mode: What's New Announcement (#14346)"
Ensure network name in confirm page container is defined (#14520)
Updating lavamoat policies
Fix the alerts toggles in settings (#14498)
Disable swaps whenever the environment is not development or testing, so that behaviour follows production for QA purposes (#14499)
[skip e2e] Updating changelog for v10.14.0 (#14487)
Version v10.14.0
Docs - segment metrics (#14435)
Add snaps view search (#14419)
Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470)
Modify import SRP page (#14425)
Dark Mode: Implement Metrics (#14455)
HoldToRevealButton component (#13785)
e2e test import json file as import account strategy (#14449)
MetaMetrics: Identify 'number_of_tokens' user trait (#14427)
MetaMetrics: Identify 'nft_autodetection_enabled' & 'opensea_api_enabled' (#14367)
Swaps: Sort "token_from" dropdown tokens by their fiat value first and "token_to" by top tokens (#14436)
Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
...
The phishing warning page URL environment variable has been renamed
from `PHISHING_PAGE_URL` to `PHISHING_WARNING_PAGE_URL`. We call this
page the "phishing warning page" everywhere else, and this name seemed
better suited (it's not a phishing page itself).
The variable has been listed and documented in `.metamaskrc.dist` as
well.
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.
The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.
The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.
The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.
New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
* Rename NotificationController to AnnouncementController
* Fix test
* Add test for missing NotificationController state
* Bump controllers
* Move test to correct file
* Rename config key
* Add migration 71 to list of migrations
* Fix selector after migration
* fix failed off chain tx mismatch with next confirmed transaction
* dont drop failed txs when tx in confirmed
* add comment for reassigning logic
* resolve change requests
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.
In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.
This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.
* MetaMetrics: identify number_of_tokens
* MetaMetrics: update number_of_tokens
do not filter by unique addresses.
Each token contract x chain id combo is a unique contract
* MetaMetrics: update MetaMetricsTraits @typedef
- add number_of_tokens
* MetaMetrics: clean up number_of_tokens
* MetaMetrics: alphabetize in test
* segment: instantiate w/out SEGMENT_HOST check
If SEGMENT_HOST is null, then the analytics-node library will usea defaulted host
* Segment: rm IN_TEST check for instantiation
* Add new user trait for 'Number of NFT collections'.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
FIx JS DOC
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Arrange TRAITS in alphabetical order
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Unit Tests for allCollectibles traits tracking.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
change cid to chainId
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* invert condition
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* jsdoc - alphabetical order
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* change {string} to the literal {number_of_nft_collections}
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Optimize _getNumberOfNFTs
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Set up correct timer value for fetching new quotes
* Show red timer in Swaps if quotes fetching will happen in less than 10s (previously it was 30s)
* Fix a UI issue with the notification close button
* Make stx refresh rates optional, since not every network supports them
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.
A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.
Certain build steps accidentally omitted the `version` variable. It has
now been restored to all steps, ensuring that all environment variables
are correctly injected into all bundles.
A check has been added to the Sentry setup module to ensure the release
is not omitted in the future.