1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 09:57:02 +01:00
Commit Graph

24 Commits

Author SHA1 Message Date
Brad Decker
05b1b19c6f
Lockfile lint is now compatible with yarn v3 (#20247)
* Lockfile lint is now compatible with yarn v3

* remove the patch
2023-07-28 09:13:04 -05:00
Michele Esposito
11b2c425d4
Use @metamask/keyring-controller (#19659)
* refactor: use patched @metamask/keyring-controller

* refactor: run prettier

* Update LavaMoat policies

* refactor: change patch to use EthKeyringController type

* chore: change policies

* Update LavaMoat policies

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
2023-07-24 20:44:43 +02:00
António Regadas
8ee733c0d5
[MMI] Handle personal sign and sign typed operations (#20087)
* adds listeners for signatureControll and adds the handleSigningEvents method

* clean up

* updates signature request containers files

* adds necessary methods

* wip

* signing flow with core methods

* yarn lint

* updates logic to fit latest signatureCOntroller

* updates mmi extension package

* updates signature-controller and message-manager packages

* checkout develop lock file and run yarn

* checkout develop lock file and package.json to test circleci

* test fix

* adds signature-controller new version

* updates mmi extension package

* tx-list update and runs lavamoat auto

* lint fix

* runs lavamoat auto

* resets lavamoat/build-system/policy.jsono to develop

* Update LavaMoat policies

* adds back the dispatch

* lint

* clean up

* clean up

* applies patch for signature controller

* clean patch file

---------

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
2023-07-21 16:52:47 +01:00
legobeat
0981509e82
devDeps: jsdom@11.12.0->16.7.0 (#19971)
* bump parse5; port patch

* devDeps: jsdom@11.5.1->16.7.0
  - patch-revert https://github.com/jsdom/jsdom/pull/2076
  - jsdom's storage-overriding does not play well with test suite usage of
localforage:
    $ yarn test:unit:global
    ✖ ERROR: TypeError: Cannot set property localStorage of #<Window> which has only a getter
        at Object.<anonymous> (/app/test/helpers/setup-helper.js:79:32)
        at Module._compile (node:internal/modules/cjs/loader:1198:14)
        at Module.m._compile (/app/node_modules/ts-node/src/index.ts:1459:23)
        at Module._compile (/app/node_modules/pirates/lib/index.js:136:24)
        at Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
        at newLoader (/app/node_modules/pirates/lib/index.js:141:7)
        at Object.require.extensions.<computed> [as .js] (/app/node_modules/ts-node/src/index.ts:1462:12)
        at Module.load (node:internal/modules/cjs/loader:1076:32)
        at Function.Module._load (node:internal/modules/cjs/loader:911:12)
        at Module.require (node:internal/modules/cjs/loader:1100:19)
        at require (node:internal/modules/cjs/helpers:108:18)
        at Object.<anonymous> (/app/test/setup.js:4:1)
        at Module._compile (node:internal/modules/cjs/loader:1198:14)
        at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
        at Module.load (node:internal/modules/cjs/loader:1076:32)
        at Function.Module._load (node:internal/modules/cjs/loader:911:12)
        at ModuleWrap.<anonymous> (node:internal/modules/esm/translators:169:29)
        at ModuleJob.run (node:internal/modules/esm/module_job:193:25)
        at async Promise.all (index 0)
        at ESMLoader.import (node:internal/modules/esm/loader:530:24)
        at importModuleDynamicallyWrapper (node:internal/vm/module:438:15)
        at formattedImport (/app/node_modules/mocha/lib/nodejs/esm-utils.js:7:14)
        at exports.requireOrImport (/app/node_modules/mocha/lib/nodejs/esm-utils.js:48:32)
        at exports.handleRequires (/app/node_modules/mocha/lib/cli/run-helpers.js:94:28)
        at /app/node_modules/mocha/lib/cli/run.js:353:25

* update lavamoat policies

* update lavamoat build policy
2023-07-13 23:06:08 +09:00
Mark Stacey
cc9d87c365
Fix intermittent build error (#19966)
Occasionally our builds have been failing with the error "Unexpected
end of JSON input", with a stack pointing at `lavamoat-core`. The file
in question was reading the policy, reading overrides, merging them,
then writing the policy back to disk.

The intermittent errors can be explained if the policy file was read in
one process while it was being written in another. The extension build
script builds bundles in multiple processes in parallel, so it does
follow that this would happen some of the time. This could result in a
partial policy file being read by the build script, resulting in a JSON
parsing error.

This has been fixed by removing the policy write step using a patch.
We don't need this step. We update the policy using a different
function altogether, and we have a CI job to ensure we never forget to
update it.
2023-07-11 18:27:52 -02:30
Matthew Walsh
b70c4a8042
Patch signature controller to catch message promise (#19927) 2023-07-07 13:31:21 -02:30
OGPoyraz
39089e0f4c
Accept SignController approval request from frontend (#19184) 2023-06-20 15:37:09 +02:00
Bernardo Garces Chapero
55a1514513
fix signature controller patch (#19607) 2023-06-15 15:12:59 +01:00
Elliot Winkler
f77b1f65e2
Upgrade assets-controllers to v9 (#19472) 2023-06-09 15:48:48 -05:00
Elliot Winkler
e96b6860a4
Check Node (and Yarn) versions at install (#19537)
Unlike Yarn Classic, Yarn Berry will not verify that the current version
of Node being used matches the `engines` field in `package.json`.
However, someone has written a plugin, [`engines`][1], that provides
this missing functionality, and this commits adds that plugin. This
should ensure that all developers are using the correct version of Node.
(In addition to checking the current Node version, the plugin also
checks the current Yarn version.)

[1]: https://github.com/devoto13/yarn-plugin-engines
2023-06-09 11:23:23 -06:00
Bernardo Garces Chapero
5355000202
Handle watch asset accept and reject using ApprovalController only (#18829) 2023-06-05 21:13:22 +01:00
Bernardo Garces Chapero
67555fc879
accept approval request first (#19409) 2023-06-02 11:07:08 +01:00
legobeat
dc580c1cf1
devDeps: squirrelly@^8.0.8->^9.0.0 (#19113)
CVE-2021-32819 / GHSA-q8j6-pwqx-pm96
2023-06-01 05:21:42 +09:00
Daniel
471889e5bb
Enable token detection for the Aurora network, fix primary token for Aurora, update a URL (#19009) 2023-05-16 17:57:04 +02:00
Frederik Bolding
125021e425
[FLASK] snaps-monorepo@0.33.1-flask.1 (#18913)
* snaps-monorepo@0.33.0-flask.1

* Add browser-passworder

* Patch babel/core

* Fix PermissionController messenger allowlist

* Update test-snaps

* Use latest patch

* Update LavaMoat policies

* Re-enable RPC E2E

* Make snaps iframe URL be a env variable and bump it

* Add new env variable to test env

* Add iframe URL to desktop build
2023-05-15 19:36:24 +02:00
legobeat
576eee7adf
devDeps: eslint@8.14.0,8.20.0->8.36.0 (#18748)
* devDeps: eslint@8.14.0,8.20.0->8.36.0

- CVE-2021-4279 / CVE-2021-4279
- consolidate eslint into single version
  - port patches

* add eslintignore directive

* lavamoat: update build policy overrides
2023-04-28 07:45:15 +09:00
legobeat
c21c2bdcf0
security: patch request for CVE-2023-28155 (#18208)
* security: patch request for CVE-2023-28155

GHSA-p8p7-x288-28g6

Ported from https://github.com/request/request/pull/3444

* add iyarc exclusion
2023-03-17 11:59:39 -02:30
ryanml
4ee93f2594
Fixing yarn version command, adding yarn version plugin (#17325)
* Removing invalid flags for yarn version command

* Adding yarn version plugin

* remove .yarn from coverage

---------

Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2023-02-01 17:05:52 -07:00
weizman
6d551f10fe
Update LavaMoat (core/lavapack) (#17061) 2023-01-18 14:35:37 +02:00
Brad Decker
8e3eaed57f
fix audit failure for luxon by upgrading (#17106) 2023-01-09 12:41:32 -06:00
Brad Decker
35e3b7e82e
fix audit failure (#17079) 2023-01-04 11:29:37 -06:00
weizman
3cf5ef642f
Revert "Integrate new LavaMoat scuttling protection feature (#16994)" (#17043) 2022-12-22 17:26:53 +02:00
weizman
5d320ceec6
Integrate new LavaMoat scuttling protection feature (#16994)
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
2022-12-21 12:54:30 -06:00
Brad Decker
6d1170f06c
upgrade yarn to version 3 (#16232)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: ricky <ricky.miller@gmail.com>
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
Co-authored-by: legobt <6wbvkn0j@anonaddy.me>
Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
2022-12-08 10:38:04 -06:00