* fix(settings): fixed two IPFS gateway issues
- adds back in two bugfixes that were originally in #19283
- fixes#16871
- fixes#18140
- achieves 100% code coverage for /ui/pages/settings/security-tab
- removes the npm package `valid-url`, which has not been updated in 10 years
* changes after #20172 was merged
* improved URL validation (specifically spaces)
* better Jest coverage
* response to legobeat review
* fixing lint and Jest
* Enable Snaps feature flag in stable
* Run snaps E2Es in stable
* Fix CI config indentation
* Fix CI paths
* Update LavaMoat policies
* Update iframe URL
* Exclude some tests from running in stable e2e
* Disable another test on stable
* Bump to 1.0.1
* Fix config.yml issue due to staleness
* Stop running newly added test
* Update snapshots used for E2E
* Use shallow-git-clone
* fixed connect mmi button several issues
* Fixed snapshot
* Improved multiple things
* running yarn dedupe
* Update LavaMoat policies
* For some reason, this.mmiConfigurationController.store.mmiConfiguration?.portfolio sometimes is undefined, added [] if null.
Moved the || {} outside the find method
* minor improvements
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Update `protobufjs` to the latest version. This resolves a security
advisory for this package. The advisory is concerning prototype
pollution, so it likely never affected us due to LavaMoat protections.
* Remove fallback phishing warning configuration
The package `@metamask/phishing-controller` has been updated from v4
v6. The only breaking changes are a minimum Node.js version bump, and
the removal of the fallback phishing configuration.
The fallback phishing configuration was resulting in MetaMask being
incorrectly flagged as malware, and the stale config was causing
problems for sites that had been blocked in the past but have since
been unblocked. This should substantially reduce the bundle size as
well.
* Update LavaMoat policies
* Update test state to include example blocked site
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
* Update phishing controller to v4.0.0
* Move phishing e2e test utilities into its own helper.js
* Update phishing detection e2e test
* Update MetaMask Controller test mocks
* Update mv3 phishing tests
* Fix test for 500 error on warning page
* Allow for directories in test folder
* Update migration number
* Linting fixes
* Remove fail on console error
* Separate mocks from helpers
* Have migration delete PhishingController state entirely
* Remove phishing detection directory
* Only delete the listState in migration
* Bump migration version
* devDeps: @lavamoat/allow-scripts@2.0.3->2.3.1
Note: As of right now, this causes depcheck script to fail under yarn due to a server error in NPM registry triggered by https://github.com/yarnpkg/berry/issues/4117. As can be seen in that issue, the results from this script have already been invalid since the upgrade from yarnv1 to yarnv3 and a change of package manager version or dependency-auditing script will have to be made.
* force latest version of dependency bn.js to @5.2.1
* test - fix broken standin data given to bn.js
---------
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
* deps: copy-to-clipboard@3.3.1->3.3.3
* deps: @zxing/library->0.20.0, @zxing/browser->0.1.3
Updates to latest. These were misaligned before:
YN0060: . provides @zxing/library (p7a67d) with version 0.8.0, which doesn't satisfy what @zxing/browser requests
* Update sentry/cli to 2.19.4
* Ensure sentry files are loaded and referenced with a valid url
* Temp to eliminate errors in sentry (should be split into other PRs)
* Fix invalid state persistence error
We have been seeing Sentry errors showing that state persistence has
been failing for some users that have invalid `NetworkController`
state. This has been fixed by updating to
`@metamask/base-controller@v3.2.0`, which is more tolerant of
unexpected state properties.
* Update LavaMoat policies
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
When the NetworkController in this repo was replaced with
`@metamask/network-controller`, support for Linea networks was lost
as it did not support it at that time. `@metamask/network-controller`
has since been updated, so this commit bumps that package to restore
support.
* bump parse5; port patch
* devDeps: jsdom@11.5.1->16.7.0
- patch-revert https://github.com/jsdom/jsdom/pull/2076
- jsdom's storage-overriding does not play well with test suite usage of
localforage:
$ yarn test:unit:global
✖ ERROR: TypeError: Cannot set property localStorage of #<Window> which has only a getter
at Object.<anonymous> (/app/test/helpers/setup-helper.js:79:32)
at Module._compile (node:internal/modules/cjs/loader:1198:14)
at Module.m._compile (/app/node_modules/ts-node/src/index.ts:1459:23)
at Module._compile (/app/node_modules/pirates/lib/index.js:136:24)
at Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
at newLoader (/app/node_modules/pirates/lib/index.js:141:7)
at Object.require.extensions.<computed> [as .js] (/app/node_modules/ts-node/src/index.ts:1462:12)
at Module.load (node:internal/modules/cjs/loader:1076:32)
at Function.Module._load (node:internal/modules/cjs/loader:911:12)
at Module.require (node:internal/modules/cjs/loader:1100:19)
at require (node:internal/modules/cjs/helpers:108:18)
at Object.<anonymous> (/app/test/setup.js:4:1)
at Module._compile (node:internal/modules/cjs/loader:1198:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
at Module.load (node:internal/modules/cjs/loader:1076:32)
at Function.Module._load (node:internal/modules/cjs/loader:911:12)
at ModuleWrap.<anonymous> (node:internal/modules/esm/translators:169:29)
at ModuleJob.run (node:internal/modules/esm/module_job:193:25)
at async Promise.all (index 0)
at ESMLoader.import (node:internal/modules/esm/loader:530:24)
at importModuleDynamicallyWrapper (node:internal/vm/module:438:15)
at formattedImport (/app/node_modules/mocha/lib/nodejs/esm-utils.js:7:14)
at exports.requireOrImport (/app/node_modules/mocha/lib/nodejs/esm-utils.js:48:32)
at exports.handleRequires (/app/node_modules/mocha/lib/cli/run-helpers.js:94:28)
at /app/node_modules/mocha/lib/cli/run.js:353:25
* update lavamoat policies
* update lavamoat build policy
* Sending showCustodyConfirmLink as a prop and fixing other issues
* Upgraded MMI extension monrepo and trying to fix the issue
* prevents deeplink from closing
* Fixed styles of Custody view and changed the place of it
* Fixed CI issues
* fixing eslint issues
* Update LavaMoat policies
* fixing tests
* Fixed test
* updated snapshots
* reorder, otherwise it won't make sense
* adds necessary methods
* removes duplicated key value
* updated snapshot
---------
Co-authored-by: Antonio Regadas <antonio.regadas@consensys.net>
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Co-authored-by: António Regadas <apregadas@gmail.com>
* Prevent controller events from crashing
The package `@metamask/base-controller` has been updated to v3.1, which
includes a change to how event subscriber errors are handled. Errors
thrown in event subscribers will no longer interrupt event publishing.
Subscriber errors are caught and thrown in a timeout handler, ensuring
that they are logged and captured by Sentry. We can find any subscriber
errors by looking at the background console, or at the Sentry
dashboard.
Fixes#19801
* Update LavaMoat policies
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Occasionally our builds have been failing with the error "Unexpected
end of JSON input", with a stack pointing at `lavamoat-core`. The file
in question was reading the policy, reading overrides, merging them,
then writing the policy back to disk.
The intermittent errors can be explained if the policy file was read in
one process while it was being written in another. The extension build
script builds bundles in multiple processes in parallel, so it does
follow that this would happen some of the time. This could result in a
partial policy file being read by the build script, resulting in a JSON
parsing error.
This has been fixed by removing the policy write step using a patch.
We don't need this step. We update the policy using a different
function altogether, and we have a CI job to ensure we never forget to
update it.
Two new security advisories have been resolved. These advisories are
causing CI to fail on `develop`. Neither presents any risk to us,
as they are prototype pollution issues that are prevented by lockdown.
The first advisory isn't easy for us to patch. It's caused by an
outdated version of `protobufjs` used by `@trezor/transport`. It has
been ignored for now, until Trezor updates that package.
For the second advisory (related to `tough-cookie`), it was resolved
by updating that dependency in our lockfile.