Adds a resolution for `follow-redirects` to resolve https://github.com/advisories/GHSA-74fj-2j2h-c42q. The dependency graph is `analytics-node#axios#follow-redirects`, and neither parent package has published a fix for this vulnerability.
This commit fixes a few issues with ConfirmPageContainerSummary (which
holds the contract being used or action being performed and the money
being sent):
* Remove fixed height so that the secondary currency doesn't get cut off
or spill over
* Add missing padding
* Fix font size of primary and secondary currencies
* Add top border when there is a "address not in your address book"
alert at the top
Co-authored-by: Ariella <ariellavu@gmail.com>
These messages were removed from the `en` locale in #13244, but they
were not deleted because that branch was not up-to-date when it was
merged, and the translations were recent additions (#13206)
The auto-generated changelog was too short because it was comparing
against the recent Flask release rather than the real previous release.
Future Flask releases will be created at the same time as normal
MetaMask releases, so we won't have this problem next time.
This PR ensures that the `getLastConnectedInfo` selector handles missing `eth_accounts` permission history. Historically, `eth_accounts` was the only permission in existence, and the only way that a permission subject ended up with a permission history in the first place. This will no longer the case as of #11837, and we were perhaps never right to bake in this assumption to begin with.
* Update the copy for the Flask welcome page (#13223)
* Update the copy for the Flask welcome page
The copy for the Flask Welcome page has been updated to better dissuade
users who are not the target audience, and to better explain the risks
of using Flask.
* Fix typo
* Suggested edits (#13225)
* Suggested edits
* fixup! Suggested edits
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
* Update app/_locales/en/messages.json
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
The first page of the Flask onboarding was causing a propType warning
to appear in the console. It was caused by the array of React Fragments
used to construct the ASCII fox; they were missing the `key` prop.
These fragments are static content, so React doesn't really need to
worry about what to do in the event they are re-ordered. The array
index has been used as the key to silence the warning.
When a lot of transactions are occurring on the network, such as during
an NFT drop, it drives gas fees up. When this happens, we want to not
only inform the user about this, but also dissuade them from using a
higher gas fee (as we have proved in testing that high gas fees can
cause bidding wars and exacerbate the situation).
The method for determining whether the network is "busy" is already
handled by GasFeeController, which exposes a `networkCongestion`
property within the gas fee estimate data. If this number exceeds 0.66 —
meaning that the current base fee is above the 66th percentile among the
base fees over the last several days — then we determine that the
network is "busy".
Sass has changed the syntax for dividing two numbers. Previously you
would use `/`, but because this causes some ambiguity with color
functions (`rgb()`, `rgba()`, and the like), where `/` is regularly used
to separate color channel information from an alpha value, Sass has
deprecate the use of `/` for division. [1]
This commit converts all such usages to use `math.div()` instead. This
is a little bit difficult because there are a few places in
`@fortawesome/fontawesome-free` which use the old syntax. There is an
issue open here about it [2] but that has not been fixed yet. So we have
to patch this package to make the deprecation warnings go away.
[1]: https://sass-lang.com/documentation/breaking-changes/slash-div
[2]: https://github.com/FortAwesome/Font-Awesome/issues/18371
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.
Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.
Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
The ESLint config for the extension explicitly includes support for
Prettier. However, this is already being provided by our global ESLint
config (`@metamask/eslint-config`). Therefore there is no need to
include it here. In fact, this is causing weird issues where the `curly`
option is getting overridden somehow. After this change, these syntaxes
are invalid:
``` javascript
if (foo) return;
```
``` javascript
if (foo) return 'bar';
```
* Update support links for Flask
* Disable 'prefer-const' in code fence linting
* Add bespoke home footer for Flask and update logic
* fixup! Add bespoke home footer for Flask and update logic
* Fix code fence lint failure
* Fix support request link in account menu
* Fix unit test failure
There was a propType error shown on the snap install screen about the
`name` property of `targetSubjectMetadata` being missing despite it
being marked as required. This property should not have been required,
it does not always exist.
* Prevent automatic rejection of confirmations
Confirmations are now only automatically rejected if a user explicitly
closes the notification window. If we close the window programmatically
because there are no notifications left to show, nothing gets rejected.
This partially avoids a race condition where a confirmation gets
rejected automatically without the user having seen the confirmation
first. This could happen if the confirmation was processed just as the
notification window was being closed.
It's still possible for a confirmation that the user has never seen to
get rejected as a result of the user closing the window. But at least
now it's no longer possible for a confirmation to get rejected in this
manner after the user resolves the last confirmation in the queue.
* Fix bug that prevented automatic closure detection
All windows were being detected as explicit window closures,
essentially just as they were previously, because this variable was
cleared too soon.
* Re-open popup when necessary
After the window is automatically closed, a confirmation may have been
queued up while the window was closing. If so, the popup is now re-
opened.
The `lint:fix` script now also calls `yarn stylelint --fix`. This step
was omitted previously, despite `stylelint` being part of the `lint`
npm script.
This error was introduced with #13100, which was merged without CI
checks because CircleCI was not running on that branch for some reason.
This error was fixed with `yarn lint:styles --fix`.
The `mounted` state was used to derive state from props before the
first render of the Home component. Instead this state is now derived
in the constructor, which is also run before the first render. This
should behave exactly the same, except now we don't need the `mounted`
state or the `deriveStateFromProps` function anymore.
The call to `closeCurrentWindow` that was made in `componentDidUpdate`
has been moved to the constructor as well. There is no need to delay
that call, and this saves us from having to compare current with
previous state in that lifecycle function.
Adds a missing middleware hook for `wallet_requestPermissions` that we failed to add in #12243. Also adds a runtime check that throws an error if any expected hooks are not provided to `createMethodMiddleware`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
The 4Byte API can sometimes fail during e2e tests with a 502 error.
Ideally we would avoid calling it at all during e2e tests, but in the
meantime we shouldn't treat this as a reason to fail the e2e test.
We have multiple fallbacks for 4Byte, it isn't relied upon by any
tests.