Mark Stacey
cc9d87c365
Fix intermittent build error ( #19966 )
...
Occasionally our builds have been failing with the error "Unexpected
end of JSON input", with a stack pointing at `lavamoat-core`. The file
in question was reading the policy, reading overrides, merging them,
then writing the policy back to disk.
The intermittent errors can be explained if the policy file was read in
one process while it was being written in another. The extension build
script builds bundles in multiple processes in parallel, so it does
follow that this would happen some of the time. This could result in a
partial policy file being read by the build script, resulting in a JSON
parsing error.
This has been fixed by removing the policy write step using a patch.
We don't need this step. We update the policy using a different
function altogether, and we have a CI job to ensure we never forget to
update it.
2023-07-11 18:27:52 -02:30
Matthew Walsh
b70c4a8042
Patch signature controller to catch message promise ( #19927 )
2023-07-07 13:31:21 -02:30
OGPoyraz
39089e0f4c
Accept SignController approval request from frontend ( #19184 )
2023-06-20 15:37:09 +02:00
Bernardo Garces Chapero
55a1514513
fix signature controller patch ( #19607 )
2023-06-15 15:12:59 +01:00
Elliot Winkler
f77b1f65e2
Upgrade assets-controllers to v9 ( #19472 )
2023-06-09 15:48:48 -05:00
Bernardo Garces Chapero
5355000202
Handle watch asset accept and reject using ApprovalController only ( #18829 )
2023-06-05 21:13:22 +01:00
Bernardo Garces Chapero
67555fc879
accept approval request first ( #19409 )
2023-06-02 11:07:08 +01:00
legobeat
dc580c1cf1
devDeps: squirrelly@^8.0.8->^9.0.0 ( #19113 )
...
CVE-2021-32819 / GHSA-q8j6-pwqx-pm96
2023-06-01 05:21:42 +09:00
Daniel
471889e5bb
Enable token detection for the Aurora network, fix primary token for Aurora, update a URL ( #19009 )
2023-05-16 17:57:04 +02:00
Frederik Bolding
125021e425
[FLASK] snaps-monorepo@0.33.1-flask.1
( #18913 )
...
* snaps-monorepo@0.33.0-flask.1
* Add browser-passworder
* Patch babel/core
* Fix PermissionController messenger allowlist
* Update test-snaps
* Use latest patch
* Update LavaMoat policies
* Re-enable RPC E2E
* Make snaps iframe URL be a env variable and bump it
* Add new env variable to test env
* Add iframe URL to desktop build
2023-05-15 19:36:24 +02:00
legobeat
576eee7adf
devDeps: eslint@8.14.0,8.20.0->8.36.0 ( #18748 )
...
* devDeps: eslint@8.14.0,8.20.0->8.36.0
- CVE-2021-4279 / CVE-2021-4279
- consolidate eslint into single version
- port patches
* add eslintignore directive
* lavamoat: update build policy overrides
2023-04-28 07:45:15 +09:00
legobeat
c21c2bdcf0
security: patch request for CVE-2023-28155 ( #18208 )
...
* security: patch request for CVE-2023-28155
GHSA-p8p7-x288-28g6
Ported from https://github.com/request/request/pull/3444
* add iyarc exclusion
2023-03-17 11:59:39 -02:30
weizman
6d551f10fe
Update LavaMoat (core/lavapack) ( #17061 )
2023-01-18 14:35:37 +02:00
Brad Decker
8e3eaed57f
fix audit failure for luxon by upgrading ( #17106 )
2023-01-09 12:41:32 -06:00
Brad Decker
35e3b7e82e
fix audit failure ( #17079 )
2023-01-04 11:29:37 -06:00
weizman
3cf5ef642f
Revert "Integrate new LavaMoat scuttling protection feature ( #16994 )" ( #17043 )
2022-12-22 17:26:53 +02:00
weizman
5d320ceec6
Integrate new LavaMoat scuttling protection feature ( #16994 )
...
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2022-12-21 12:54:30 -06:00
Brad Decker
6d1170f06c
upgrade yarn to version 3 ( #16232 )
...
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: ricky <ricky.miller@gmail.com>
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
Co-authored-by: legobt <6wbvkn0j@anonaddy.me>
Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
2022-12-08 10:38:04 -06:00