1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-29 15:50:28 +01:00
Commit Graph

1786 Commits

Author SHA1 Message Date
Mark Stacey
44f8e9e10e
Replace rc with ini (#15464)
We use the `rc` package to read the `.metamaskrc` configuration file,
which is in "ini" format. This package has been replaced by the `ini`
package.

The `rc` package was not actively maintained, and it has had recent
security vulnerabilities. But most importantly, the config object
returned by `rc` includes a bunch of extra information that made build
script validation [1] difficult to implement. Specifically, it made it
challenging to ensure no extra environment variables were present.

The `ini` package on the other hand is simple, well maintained, and
is simpler to use. This package doesn't add any extra properties to the
object it returns, making validation easy.

[1]: https://github.com/MetaMask/metamask-extension/issues/15003
2022-08-05 15:11:18 -02:30
Brad Decker
7b42c54728
Update Babel and dependencies (#15392) 2022-08-05 10:04:44 -05:00
ryanml
46c110b70c Merge remote-tracking branch 'origin/develop' into master-sync 2022-08-04 21:41:32 -07:00
MetaMask Bot
60ba129eb2 Version v10.18.3 2022-08-04 19:56:00 +00:00
MetaMask Bot
f503a634f0 Version v10.18.2 2022-08-03 20:57:32 +00:00
Sam Gbafa
5802805597
Add Sign-In with Ethereum (#14438)
Co-authored-by: Gregório Granado Magalhães <greg.magalhaes@gmail.com>
Co-authored-by: George Marshall <georgewrmarshall@gmail.com>
Co-authored-by: georgewrmarshall <george.marshall@consensys.net>
Co-authored-by: Ariella Vu <20778143+digiwand@users.noreply.github.com>
Co-authored-by: brad-decker <bhdecker84@gmail.com>
2022-08-03 09:56:11 -05:00
Brad Decker
c72199a1a6
update prettier (#15360) 2022-07-31 13:26:40 -05:00
Brad Decker
31fa55123a
fix storybook (#15387) 2022-07-29 14:15:48 -05:00
Alex Miller
77c3b4622b
Updates eth-lattice-keyring to v0.10.0 (#15261)
This is mainly associated with an update in GridPlus SDK and enables
better strategies for fetching calldata decoder data.
`eth-lattice-keyring` changes:
GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0
`gridplus-sdk` changes (which includes a codebase rewrite):
GridPlus/gridplus-sdk@v1.2.3...v2.2.2
2022-07-27 12:04:04 -05:00
ryanml
e24997d67c
Sync master with develop (#15355)
* Version v10.18.1

* Update changelog for v10.18.1

* Metrics adjustments (#15313)

* Don't send errors to sentry if users have not opted-in to participate in metametrics

* Don't capture opt-out metrics

* Move the metrics-opt in screen to immediately after the welcome screen

* Ensure that global.getSentryState is set in the background

* Fix e2e tests after rearranging onboardin flow

* Fix unit tests

* More e2e test fixes

* Remove unnecessary wrappers around capture exception

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Co-authored-by: Dan Miller <danjm.com@gmail.com>
2022-07-27 10:05:05 -02:30
Brad Decker
1db0ee87ec
Update Eslint and deps (#15293) 2022-07-26 13:10:51 -05:00
MetaMask Bot
e577a1b66e Version v10.18.1 2022-07-22 20:44:27 +00:00
Dan Miller
7bea9848ab Merge remote-tracking branch 'origin/develop' into master-sync 2022-07-22 12:50:58 -02:30
Jyoti Puri
be47d78475
Fix for mv3 performance stats (#15321) 2022-07-22 16:24:14 +05:30
George Marshall
5592687df1
Updating design tokens package and shadow values with new tokens (#15264)
* Updating design tokens v1.8 and shadows

* Adding missing stories

* Some fixes and updates to css and stories

* removing unneeded story

* Fixing story order
2022-07-21 15:43:31 -07:00
Jyoti Puri
0622883a3c
Capturing load time stats (#15157) 2022-07-20 11:40:31 +04:00
Jyoti Puri
6aa0ecce2a
Capturing lavamoat stats in E2E (#15153) 2022-07-20 03:07:15 +04:00
Frederik Bolding
1ec190bd8c
[FLASK] snaps-skunkworks@0.18.1 (#15230)
* snaps-skunkworks@0.17.0

* Handle breaking changes

* Fix import

* Fix blocklist implementation

* snaps-skunkworks@0.18.0

* Fix lint

* Update LavaMoat policy

* Update iframe-execution-environment

* snaps-skunkworks@0.18.1

* Bump iframe-execution-environment

* Update LavaMoat policy
2022-07-19 17:41:06 +02:00
Alex Donesky
09164dcabb
Bump controllers v30.0.2 (#14906)
* bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 09:43:30 -05:00
PeterYinusa
9ae909d6a7
[E2E] Install Firefox extension from dist folder (#15255)
* update webdriver

* install extension from dist folder

* remove redundant code
2022-07-18 09:22:23 +01:00
Jyoti Puri
aeb0147846
Adding tasks for MV3 test build (#15133) 2022-07-14 03:34:33 +04:00
Makoto Inoue
fdd8646ce8
Support for ENS wildcard and offchain resolution (#14675) 2022-07-12 09:30:31 -05:00
MetaMask Bot
550103a5b0 Version v10.18.0 2022-07-11 08:38:29 +00:00
Dan J Miller
6553b9a29b
Merge pull request #15126 from MetaMask/master-sync
Master sync following v10.17.0
2022-07-07 16:26:34 -02:30
Erik Marks
08cc6c5e77
Bump minimum Node.js version to 16 (#15131) 2022-07-02 23:32:18 -07:00
Dan Miller
9bc8e0bb08 Merge remote-tracking branch 'origin/develop' into master-sync 2022-07-01 13:57:47 -02:30
Dan J Miller
0884b6aa10 Merge remote-tracking branch 'origin/develop' into master-sync 2022-06-30 02:26:56 -02:30
Dan Miller
bc6c60cde1 Revert "Merge pull request #15063 from MetaMask/revert-v10.16.0"
This reverts commit 4d42715220, reversing
changes made to f09ab88891.
2022-06-29 13:03:10 -02:30
MetaMask Bot
e1f392a1de Version v10.16.2 2022-06-29 15:32:25 +00:00
Dan Miller
93c4d33cda Merge remote-tracking branch 'origin/develop' into master-sync 2022-06-29 10:22:51 -02:30
Dan Miller
24662963c5 Revert "Merge pull request #15063 from MetaMask/revert-v10.16.0"
This reverts commit 4d42715220, reversing
changes made to f09ab88891.
2022-06-29 10:21:35 -02:30
MetaMask Bot
51311e4024 Version v10.16.1 2022-06-28 14:42:13 +00:00
Mark Stacey
925a19fa4a Revert "Merge pull request #14912 from MetaMask/Version-v10.16.0"
This reverts commit f09ab88891, reversing
changes made to effc761e0e.

This is being temporarily reverted to make it easier to release an
urgent fix for v10.15.1.
2022-06-28 10:41:47 -02:30
PeterYinusa
bf9140aa57
Chromedriver v103 (#15015)
* update chromdriver to v103

* update chrome binary to v103
2022-06-24 08:41:55 -04:00
MetaMask Bot
b96690a976 Version v10.17.0 2022-06-23 23:25:06 +00:00
ryanml
50e7fe9386 Merge remote-tracking branch 'origin/develop' into master-sync 2022-06-23 12:28:06 -07:00
ryanml
71755bf4cc Merge remote-tracking branch 'origin/develop' into master-sync 2022-06-22 12:24:48 -07:00
Mark Stacey
b68aee1bef
Migrate the build script to yargs (#14836)
The build script now uses `yargs` rather than `minimist`. The CLI is
now better documented, and we have additional validation for each
option.

A patch for `yargs` was required because it would blow up on the line
`Error.captureStackTrace`. For some reason when running under LavaMoat,
that property did not exist.

Closes #12766
2022-06-21 17:37:05 -02:30
Frederik Bolding
506a9872f0 Update E2E tests for new test-dapp version (#14939)
* Update xDAI E2E information

* Use local Ganache instance instead of Gnosis Chain

* Bump test-dapp

* Bump test-dapp

* Enable secondary Ganache server for other test

* Fix linting

* Improve E2E stability

* Update network selector
2022-06-21 17:13:57 -02:30
MetaMask Bot
390cf09b3f Version v10.15.1 2022-06-21 19:26:15 +00:00
Frederik Bolding
5168538afe Update E2E tests for new test-dapp version (#14939)
* Update xDAI E2E information

* Use local Ganache instance instead of Gnosis Chain

* Bump test-dapp

* Bump test-dapp

* Enable secondary Ganache server for other test

* Fix linting

* Improve E2E stability

* Update network selector
2022-06-20 17:53:06 -07:00
Frederik Bolding
82645ba516
[FLASK] snaps-skunkworks@0.16.0 (#14952)
* snaps-skunkworks@0.16.0

* Bump iframe-execution-environment

* Add getAppKey

* Regen LavaMoat policy

* Bump test-snaps
2022-06-20 10:13:12 +02:00
Daniel
7d1259476b
Update smart-transactions-controller to v2.1.0 (#14955) 2022-06-16 17:51:55 +02:00
Frederik Bolding
25aa3ab4b4
Update E2E tests for new test-dapp version (#14939)
* Update xDAI E2E information

* Use local Ganache instance instead of Gnosis Chain

* Bump test-dapp

* Bump test-dapp

* Enable secondary Ganache server for other test

* Fix linting

* Improve E2E stability

* Update network selector
2022-06-15 15:50:37 +02:00
MetaMask Bot
2c6236ed4f Version v10.16.0 2022-06-09 19:09:50 +00:00
Dan J Miller
9121a028e6
Merge pull request #14905 from MetaMask/master-sync
Sync master to develop (v10.15.0)
2022-06-09 14:29:30 -02:30
Erik Marks
7df0af8f4f
@metamask/providers@9.0.0 (#14904)
Bump `@metamask/providers` to `9.0.0`. Should be completely non-breaking for our purposes.
2022-06-09 09:03:07 -07:00
Dan J Miller
e7b86fb54b Merge branch 'develop' into master-sync 2022-06-09 11:54:20 -02:30
kumavis
c1804c33f5 lavamoat - bump for stats support (#14641)
* lavamoat - bump for stats support

* lavamoat - update policy

* deps - dedupe lockfile
2022-06-09 02:34:47 -02:30
kumavis
15a962527a LavaMoat - UI upgrade - secure package naming (#14565)
* lavamoat - update lavamoat-browserify to v15

* lavamoat/ui - unify override across build types

* lavamoat/ui - update policy overrides

* lavamoat - update to lavapack@3 to match lavamoat-browserify@15

* lavamoat - add missing policy

* lavamoat - add missing nanoid policy

* lavamoat - regenerate policy

* deps - update lock

* lavamoat - update policy

* lavamoat - update policy
2022-06-09 01:55:29 -02:30
PeterYinusa
2fd4549333
Update chromedriver and chrome binary (#14877)
* Update chromedriver and chrome binary

* yarn deduplicate
2022-06-07 16:02:11 +01:00
Erik Marks
ada427af6d Fix development build scripts (#14594)
#14583 broke the development build scripts (e.g. `yarn start`) by adding a positional argument to a package script (`build:dev`) that is used and passed positional arguments in the build script itself. This PR removes the positional argument from the `build:dev` script and `yarn start` now works again. In addition, the `--apply-lavamoat` flag is properly forwarded to child processes, which was not the case in the original implementation.

To test, `yarn start` should work and LavaMoat should _not_ be applied, in distinction to `yarn build:dev dev --apply-lavamoat=true`. Whether LavaMoat is applied can be determined by checking whether `Object.isFrozen(Object.prototype)` is `true` (with LavaMoat) or `false` (without LavaMoat).
2022-06-06 14:13:01 -02:30
Erik Marks
fda057637e Add applyLavaMoat build flag (#14583)
Adds a new flag, `--apply-lavamoat`, to the main build script. The flag controls whether LavaMoat is actually applied to the output of the build process. The flag defaults to `true`, but we explicitly set it to `false` in the `start` package script. Meanwhile, the `start:lavamoat` script is modified such that it applies LavaMoat to the build output in development mode, but it no longer runs the build process itself under LavaMoat as there aren't very compelling reasons to do so.

This change is motivated by the fact that development builds do not have their own dedicated LavaMoat policies, which causes development builds to fail since #14537. The downside of this change is that LavaMoat-related failures will not be detected when running `yarn start`. @kumavis has plans for fixing this problem in a future major version of the `@lavamoat` suite.
2022-06-06 14:13:01 -02:30
Mark Stacey
c70ea259d6 Update minimist from v1.2.5 to v1.2.6 (#14850)
This addresses a security advisory.
2022-06-03 17:09:17 -02:30
Mark Stacey
db519a8cff
Update minimist from v1.2.5 to v1.2.6 (#14850)
This addresses a security advisory.
2022-06-03 16:21:21 -02:30
Mark Stacey
e6d5af5f9a Merge remote-tracking branch 'origin/develop' into master-sync
* origin/develop: (131 commits)
  Update `protobufjs` and remove obsolete advisory exclusion (#14841)
  Include snap version in pill (#14803)
  Update PULL_REQUEST_TEMPLATE.md (#14790)
  fix: keystone transaction qrcode has no white spacing (#14798)
  Snap notifications integration (#14605)
  Upgrade @metamask/eth-ledger-bridge-keyring (#14799)
  snaps-skunkworks@0.15.0 (#14772)
  Fix proptype errors in network dropdown, tx list item details, and account details modal tests (#14747)
  Ensure transaction type is correctly updated on edit (#14721)
  Add fiat onboarding for AVAX and MATIC through Wyre (#14683)
  Bump @metamask/contract-metadata from 1.33.0 to 1.35.0 (#14791)
  Slight cleanup of constants/transactions, useTransactionDisplayData, and TransactionIcon (#14784)
  Migrate the "estimateGas" API call to "getFees" for STX (#14767)
  Ignore advisory GHSA-wm7h-9275-46v2 (#14789)
  Adding flag for MV3 (#14762)
  Add types to send state (#14740)
  Remove site origin on snap install (#14752)
  Update design tokens library from 1.5 to 1.6 WIP (#14732)
  Enables the "Safe Transaction From" copy for safeTransferFrom transactions (#14769)
  remove draft transaction (#14701)
  ...
2022-06-03 11:53:40 -02:30
Dan Miller
3942502951 Merge branch 'master' into Version-v10.15.0 2022-06-03 08:16:08 -02:30
Mark Stacey
cf5db650fe Merge remote-tracking branch 'origin/master' into Version-v10.14.7
* origin/master: (101 commits)
  Updating changelog
  Add token standard to custom token details (#14506)
  Revert "Dark Mode: What's New Announcement (#14346)"
  Ensure network name in confirm page container is defined (#14520)
  Updating lavamoat policies
  Fix the alerts toggles in settings (#14498)
  Disable swaps whenever the environment is not development or testing, so that behaviour follows production for QA purposes (#14499)
  [skip e2e] Updating changelog for v10.14.0 (#14487)
  Version v10.14.0
  Docs - segment metrics (#14435)
  Add snaps view search (#14419)
  Run main, flask and beta in sequence in generate-lavamoat-policies.sh (#14470)
  Modify import SRP page (#14425)
  Dark Mode: Implement Metrics (#14455)
  HoldToRevealButton component (#13785)
  e2e test import json file as import account strategy (#14449)
  MetaMetrics: Identify 'number_of_tokens' user trait (#14427)
  MetaMetrics: Identify 'nft_autodetection_enabled' &  'opensea_api_enabled' (#14367)
  Swaps: Sort "token_from" dropdown tokens by their fiat value first and "token_to" by top tokens (#14436)
  Update segment instantiation check. Only check if SEGMENT_WRITE_KEY exists (#14407)
  ...
2022-06-02 18:30:23 -02:30
Jyoti Puri
95c230127c
Upgrade @metamask/eth-ledger-bridge-keyring (#14799) 2022-06-01 22:04:29 +05:30
Frederik Bolding
7ce4868401
snaps-skunkworks@0.15.0 (#14772)
* snaps-skunkworks@0.15.0

* Update patch

* Update tofu and LavaMoat policy
2022-06-01 11:26:12 +02:00
Alex Miller
08490def8f [GridPlus] Updates Lattice-related modules to unlock functionality (#14467)
GridPlus has updated the EVM signing pathway in Lattice firmware,
which has not yet been released. Additionally, requesters can now
include ABI definitions with signing requests, which are used by
Lattice firmware to decode calldata in place.
All updates are backward compatable.
Updates:
* https://github.com/GridPlus/gridplus-sdk/compare/v1.1.6...v1.2.4
* https://github.com/GridPlus/eth-lattice-keyring/compare/v0.6.1...v0.7.3
2022-05-27 14:41:05 -02:30
Daniel
6dbb2c4ded
Migrate the "estimateGas" API call to "getFees" for STX (#14767) 2022-05-26 19:56:28 +02:00
Jyoti Puri
25082ae272
Adding flag for MV3 (#14762) 2022-05-26 10:18:23 +05:30
George Marshall
8fcbebc546
Update design tokens library from 1.5 to 1.6 WIP (#14732)
* Updating account menu icon color

* Updating design-tokens and making appropriate updates to extension styles

* Adding more deprecated tags to colors

* Adding spinner and removing todo comment

* Remove comment

* Updates

* Updating snapshots

* More color and ui updates

* reverting transition change
2022-05-25 08:35:36 -07:00
Mark Stacey
5b05dd4e8e v10.14.7
This release includes another change to make the builds reproducible
between different environments.
2022-05-23 18:17:32 -02:30
Frederik Bolding
66c049bb35
snaps-skunkworks@0.14.0 (#14700)
* snaps-skunkworks@0.13.0

* snaps-skunkworks@0.14.0

* Fix test

* Add long-running permission copy and icon

* Run linting

* Fix typo

* Bump E2E version
2022-05-18 13:49:26 +02:00
Mark Stacey
211f98c5c7 v10.14.6
In this release, the phishing warning page is extracted to an external
site.
2022-05-16 18:48:20 -02:30
Mark Stacey
5a5e541b5e Fix e2e tests
The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`.
The iframe case was updated with a new design, which required test
changes. The third test that was meant to ensure the phishing page
can't redirect to an extension page has been updated to navigate
directly to the phishing warning page and setting the URL manually via
query parameters, as that was the only way to test that redirect.
2022-05-16 18:48:20 -02:30
Mark Stacey
3693de7947 Reproducible .zip files (#14623)
* Create `.zip` files deterministically

Our build system now creates `.zip` archives deterministically.
Previously the `.zip` file would differ between builds even when the
files being archived were identical. This was because the order the
files were passed in was non-deterministic, and the `mtime` for each
file was different between builds.

The files are now sorted before being zipped, and the `mtime` for each
file has been set to the unix epoch.

* Update lavamoat build policy
2022-05-16 14:48:09 -02:30
Mark Stacey
7199d9c567 Use externally hosted phishing warning page
An externally hosted phishing warning page is now used rather than the
built-in phishing warning page.The phishing page warning URL is set via
configuration file or environment variable. The default URL is either
the expected production URL or `http://localhost:9999/` for e2e testing
environments.

The new external phishing page includes a design change when it is
loaded within an iframe. In that case it now shows a condensed message,
and prompts the user to open the full warning page in a new tab to see
more details or bypass the warning. This is to prevent a clickjacking
attack from safelisting a site without user consent.

The new external phishing page also includes a simple caching service
worker to ensure it continues to work offline (or if our hosting goes
offline), as long as the user has successfully loaded the page at least
once. We also load the page temporarily during the extension startup
process to trigger the service worker installation.

The old phishing page and all related lines have been removed. The
property `web_accessible_resources` has also been removed from the
manifest. The only entry apart from the phishing page was `inpage.js`,
and we don't need that to be web accessible anymore because we inject
the script inline into each page rather than loading the file directly.

New e2e tests have been added to cover more phishing warning page
functionality, including the "safelist" action and the "iframe" case.
2022-05-16 14:40:50 -02:30
Frederik Bolding
c2cd6f8097
Bump addons-linter (#14717)
* Bump addons-linter

* Deduplicate yarn.lock

* Rerun yarn install and LavaMoat policy gen
2022-05-16 18:04:25 +02:00
Dan J Miller
f4094925f0 Ensure ledger keyring message event listener are removed on metamask lock (#14691)
* Ensure ledger keyring message event listener are removed on metamask lock

* Clean up
2022-05-16 06:04:22 -07:00
Mark Stacey
8a14504b63 Version v10.14.5
This version is equivalent to v10.14.2. This release is just intended
to fix build configuration issues.
2022-05-14 21:03:06 -02:30
Alex Donesky
23565cac2c
Bump @metamask/controllers version, remove patches (#14618) 2022-05-12 18:01:24 -05:00
Dan J Miller
8948018e5a
Ensure ledger keyring message event listener are removed on metamask lock (#14691)
* Ensure ledger keyring message event listener are removed on metamask lock

* Clean up
2022-05-12 13:36:14 -02:30
PeterYinusa
12cda5eb2d
Chromedriver v101 (#14617)
* update chromedriver package

* update chrome binary used in ci
2022-05-11 13:17:49 +01:00
Frederik Bolding
2dac88cbf4
snaps-skunkworks@0.12.0 (#14670)
* snaps-skunkworks@0.12.0

* Bump iframe execution environment

* Remove policy override

* Rerun LavaMoat

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2022-05-10 23:08:42 -07:00
kumavis
55e88a0e8e
lavamoat - bump for stats support (#14641)
* lavamoat - bump for stats support

* lavamoat - update policy

* deps - dedupe lockfile
2022-05-09 11:04:41 -10:00
kumavis
07da8ce589
LavaMoat - UI upgrade - secure package naming (#14565)
* lavamoat - update lavamoat-browserify to v15

* lavamoat/ui - unify override across build types

* lavamoat/ui - update policy overrides

* lavamoat - update to lavapack@3 to match lavamoat-browserify@15

* lavamoat - add missing policy

* lavamoat - add missing nanoid policy

* lavamoat - regenerate policy

* deps - update lock

* lavamoat - update policy

* lavamoat - update policy
2022-05-05 12:47:51 -10:00
Alex Miller
32a82be2b6
[GridPlus] Updates Lattice-related modules to unlock functionality (#14467)
GridPlus has updated the EVM signing pathway in Lattice firmware,
which has not yet been released. Additionally, requesters can now
include ABI definitions with signing requests, which are used by
Lattice firmware to decode calldata in place.
All updates are backward compatable.
Updates:
* https://github.com/GridPlus/gridplus-sdk/compare/v1.1.6...v1.2.4
* https://github.com/GridPlus/eth-lattice-keyring/compare/v0.6.1...v0.7.3
2022-05-05 09:55:17 -05:00
Frederik Bolding
c3071b273b
slip44@2.1.0 (#14619) 2022-05-05 16:32:08 +02:00
Mark Stacey
91fd8342dc
Reproducible .zip files (#14623)
* Create `.zip` files deterministically

Our build system now creates `.zip` archives deterministically.
Previously the `.zip` file would differ between builds even when the
files being archived were identical. This was because the order the
files were passed in was non-deterministic, and the `mtime` for each
file was different between builds.

The files are now sorted before being zipped, and the `mtime` for each
file has been set to the unix epoch.

* Update lavamoat build policy
2022-05-05 11:58:24 -02:30
PeterYinusa
4127583224
Jest tests - incremental coverage (#14612)
* add jest-it-up dependancy

* add reporter

* post test run jest-it-up

* Add CI check

* update coverage

* deduplicate dependancies
2022-05-04 17:02:42 +01:00
Mark Stacey
a58faa13a3 Version v10.14.2
This version includes a build system fix that ensures our builds are
deterministic.
2022-05-04 12:57:38 -02:30
kumavis
fefe9401a1 build - update bify-module-groups for build determinism (#14610) 2022-05-04 12:54:59 -02:30
kumavis
5524f224b2
build - update bify-module-groups for build determinism (#14610) 2022-05-04 12:36:33 -02:30
Mark Stacey
900ac4596b Version v10.14.1
This is a rollback release to v10.13.0
2022-05-03 14:06:07 -02:30
Brad Decker
8a141fe28c fix cross-fetch moderate vulnerability alert (#14570) 2022-05-02 23:10:06 -07:00
Erik Marks
6915dd1a57
Fix development build scripts (#14594)
#14583 broke the development build scripts (e.g. `yarn start`) by adding a positional argument to a package script (`build:dev`) that is used and passed positional arguments in the build script itself. This PR removes the positional argument from the `build:dev` script and `yarn start` now works again. In addition, the `--apply-lavamoat` flag is properly forwarded to child processes, which was not the case in the original implementation.

To test, `yarn start` should work and LavaMoat should _not_ be applied, in distinction to `yarn build:dev dev --apply-lavamoat=true`. Whether LavaMoat is applied can be determined by checking whether `Object.isFrozen(Object.prototype)` is `true` (with LavaMoat) or `false` (without LavaMoat).
2022-05-02 15:35:52 -07:00
Erik Marks
73a7ce9e39
Add applyLavaMoat build flag (#14583)
Adds a new flag, `--apply-lavamoat`, to the main build script. The flag controls whether LavaMoat is actually applied to the output of the build process. The flag defaults to `true`, but we explicitly set it to `false` in the `start` package script. Meanwhile, the `start:lavamoat` script is modified such that it applies LavaMoat to the build output in development mode, but it no longer runs the build process itself under LavaMoat as there aren't very compelling reasons to do so.

This change is motivated by the fact that development builds do not have their own dedicated LavaMoat policies, which causes development builds to fail since #14537. The downside of this change is that LavaMoat-related failures will not be detected when running `yarn start`. @kumavis has plans for fixing this problem in a future major version of the `@lavamoat` suite.
2022-04-29 15:56:30 -07:00
Brad Decker
54a89f029e
fix cross-fetch moderate vulnerability alert (#14570) 2022-04-29 19:41:35 +02:00
Shane
7da6c66ea2
Added getAccounts suppressUnauthorized param (#14126)
* Added getAccounts suppressUnauthorized param

* Changed getAccounts supresss unauth param name

* Changed getAccounts param to object

* Fixed default empty obj for getAccounts getPermittedAccounts param

* Bump eth-json-rpc-middleware version to 8.0.2

* Fixed lavamoat policy

* Fixed lavamoat policies

* Fixed dedupe issues

* Fixed lavamoat allowscripts

* yarn deduplicate

* Fixed lavamoat policies

Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
2022-04-29 06:05:14 -07:00
MetaMask Bot
402db4e94e Version v10.15.0 2022-04-28 22:32:12 +00:00
ryanml
f19173b0f2 Merge remote-tracking branch 'origin/develop' into master-sync 2022-04-28 12:04:17 -07:00
Frederik Bolding
1624af2364
snaps-skunkworks@0.11.1 (#14531)
* snaps-skunkworks@0.11.0

* Update LavaMoat policies

* Fix breaking changes

* Use SnapController:clearSnapState

* Fix fetch properly

* Bump iframe execution environment

* snaps-skunkworks@0.11.1

* Run allow-scripts auto
2022-04-28 18:17:28 +02:00
Frederik Bolding
27ad7279cd
Rename NotificationController to AnnouncementController (#14389)
* Rename NotificationController to AnnouncementController

* Fix test

* Add test for missing NotificationController state

* Bump controllers

* Move test to correct file

* Rename config key

* Add migration 71 to list of migrations

* Fix selector after migration
2022-04-27 10:36:32 +02:00
ryanml
5568558554
Adjust package version to 10.13.0 (#14540) 2022-04-26 21:29:26 -10:00
kumavis
223124a561
lavamoat@6 - update to secure package naming (#14488) 2022-04-26 07:36:57 -10:00
Brad Decker
193c22588e
call controller methods directly in send duck (#14465) 2022-04-26 12:07:39 -05:00
Erik Marks
cef95f8733
Stop storing request and response objects in the permission activity log (#14485)
We currently store the JSON-RPC request and response objects in the permission activity log. The utility of doing this was always rather dubious, but never problematic. Until now.

In Flask, as the restricted methods have expanded in number, user secrets may be included on JSON-RPC message objects. This PR removes these properties from the permission activity log, and adds a migration which does the same to existing log objects. We don't interact with the log objects anywhere in our codebase, but we don't want unexpected properties to cause errors in the future should any log objects be retained.

This PR also updates relevant tests and test data. It makes a minor functional change to how a request is designated as a success or failure, but this should not change any behavior in practice.
2022-04-21 08:44:15 -07:00