1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-28 23:06:37 +01:00
Commit Graph

639 Commits

Author SHA1 Message Date
Daniel
e4bf3400bd
stx-controller-v1.10.0 (#14352)
* stx-controller-v1.10.0

* yarn yarn-deduplicate
2022-04-05 16:58:47 +02:00
PeterYinusa
1582efdc06
update chromedriver and chrome binary to v100 (#14337) 2022-04-04 16:02:54 +01:00
David Walsh
ae3953fd01
Update eth-ledger-bridge-keyring to 0.11.0 (#14317) 2022-04-04 08:54:08 -05:00
Frederik Bolding
cb963f3c29
snaps-skunkworks@0.10.7 (#14323)
* snaps-skunkworks@0.10.7

* Bump iframe-execution-environment
2022-04-01 18:14:48 +02:00
George Marshall
5b9a8a295e
Updating design-tokens to 1.5.1 (#14286) 2022-03-31 08:11:23 -07:00
Elliot Winkler
53006d4cf0
Add TypeScript to the build system (#13489)
This commit modifies the build system so that TypeScript files can be
transpiled into ES5 just like JavaScript files.

Note that this commit does NOT change the build system to run TypeScript
files through the TypeScript compiler. In other words, no files will be
type-checked at the build stage, as we expect type-checking to be
handled elsewhere (live, via your editor integration with `tsserver`,
and before a PR is merged, via `yarn lint`). Rather, we merely instruct
Babel to strip TypeScript-specific syntax from any files that have it,
as if those files had been written using JavaScript syntax alone.

Why take this approach? Because it prevents the build process from being
negatively impacted with respect to performance (as TypeScript takes a
significant amount of time to run).

It's worth noting the downside of this approach: because we aren't
running files through TypeScript, but relying on Babel's [TypeScript
transform][1] to identify TypeScript syntax, this transform has to keep
up with any syntax changes that TypeScript adds in the future. In fact
there are a few syntactical forms that Babel already does not recognize.
These forms are rare or are deprecated by TypeScript, so I don't
consider them to be a blocker, but it's worth noting just in case it
comes up later. Also, any settings we place in `tsconfig.json` will be
completely ignored by Babel. Again, this isn't a blocker because there
are some analogs for the most important settings reflected in the
options we can pass to the transform. These and other caveats are
detailed in the [documentation for the transform][2].

[1]: https://babeljs.io/docs/en/babel-plugin-transform-typescript
[2]: https://babeljs.io/docs/en/babel-plugin-transform-typescript#caveats
2022-03-28 16:33:40 -06:00
Alex Miller
d14c588404
[GridPlus] Updates SDK and Lattice keyring to fix several UX issues (#14158)
There were several issues related to a retry mechanism. The latest keyring
offers a significant speed and UX enhancement relative to the previous release.
For full details, see:
GridPlus/eth-lattice-keyring@v0.5.0...v0.6.1
2022-03-28 12:38:28 -02:30
dependabot[bot]
7398a1c241
Bump @metamask/design-tokens from 1.4.2 to 1.4.4 (#14119) 2022-03-22 16:37:51 -05:00
Mark Stacey
150a9e9c8e
Fix dependency audit failure (#14114)
The Yarn resolution for `node-forge` has been updated to use a more
recent version of the library that includes fixes for the
vulnerabilities currently causing our audit job to fail. This update
should include no breaking changes.
2022-03-22 16:13:43 -02:30
Frederik Bolding
be17d8f3d9
snaps-skunkworks@0.10.6 (#14070)
* snaps-skunkworks@0.10.6

* iframe-execution-environment@0.4.2

Co-authored-by: Erik Marks <rekmarks@protonmail.com>
2022-03-21 13:55:08 -07:00
Elliot Winkler
4447727eb6
Add TypeScript to the linting process (#13495)
This commit allows developers to write TypeScript files and lint them
(either via a language server in their editor of choice or through the
`yarn lint` command).

The new TypeScript configuration as well as the updated ESLint
configuration not only includes support for parsing TypeScript files,
but also provides some compatibility between JavaScript and TypeScript.
That is, it makes it possible for a TypeScript file that imports a
JavaScript file or a JavaScript file that imports a TypeScript file to
be linted.

Note that this commit does not integrate TypeScript into the build
system yet, so we cannot start converting files to TypeScript and
pushing them to the repo until that final step is complete.
2022-03-21 12:54:47 -06:00
Alex Donesky
8df8f81df7
Deprecate extensionizer for webextension-polyfill (#13960)
* deprecate extensionizer for webextension-polyfill

* fix tests

* remove extensionizer

* fix browser windows api calls

* fix broken on firefox

* fix getAcceptLanguages call

* update more browser apis that are now promisified

* remove unnecessary console error ignoring in e2e tests
2022-03-18 14:07:05 -05:00
Frederik Bolding
87636bfdf7
snaps-skunkworks@0.10.3 (#14041) 2022-03-18 18:07:12 +01:00
Alex Donesky
e3ea4f2cd0
Fix issue where we show contract address as recipient when calling safe transfer method on erc721 or erc1155 contracts (#13535)
* fix issue where we show contract address as recipient when calling safe transfer method on erc721 or erc1155 contracts

* updates function name getTransactionData -> parseStandardTokenTransactionData, and adds documentation
2022-03-17 13:35:40 -05:00
Guillaume Roux
ad28c81a39
General backgrounds and borders design token updates (#13764)
Co-authored-by: Guillaume Roux <guillaumeroux123@gmail.com>
Co-authored-by: George Marshall <george.marshall@consensys.net>
Co-authored-by: David Walsh <davidwalsh83@gmail.com>
2022-03-16 15:49:25 +01:00
Dan J Miller
c441ab6947
Bump controllers to 27 (#13985) 2022-03-16 10:32:55 -02:30
Erik Marks
da1b8dd4bb
Fix yarn.lock (#13941) 2022-03-14 17:59:53 -07:00
Erik Marks
118480280c
snaps-skunkworks@0.10.2 (#13901) 2022-03-14 12:37:19 -07:00
dependabot[bot]
2c19ecc3da
Bump @metamask/design-tokens from 1.4.0 to 1.4.2 (#13920)
Bumps [@metamask/design-tokens](https://github.com/MetaMask/design-tokens) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/MetaMask/design-tokens/releases)
- [Changelog](https://github.com/MetaMask/design-tokens/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/design-tokens/compare/v1.4.0...v1.4.2)

---
updated-dependencies:
- dependency-name: "@metamask/design-tokens"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-11 11:44:47 -08:00
Erik Marks
259e30abc2
@metamask/controllers@26.0.0 (#13867)
* @metamask/controllers@26.0.0
2022-03-09 15:37:40 -08:00
PeterYinusa
4f6eb02854
update chromedriver (#13854) 2022-03-07 19:05:58 +00:00
VSaric
bea907e437
Create password page (#13792) 2022-03-07 09:35:03 -06:00
Alex Miller
6206dbdfe4
[GridPlus] Updates Lattice dependencies (#13834) 2022-03-07 09:28:30 -06:00
dependabot[bot]
718d84b211
Bump @metamask/design-tokens from 1.3.0 to 1.4.0 (#13832)
Bumps [@metamask/design-tokens](https://github.com/MetaMask/design-tokens) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/MetaMask/design-tokens/releases)
- [Changelog](https://github.com/MetaMask/design-tokens/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/design-tokens/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: "@metamask/design-tokens"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-04 21:11:24 +05:30
Mark Stacey
68f42a2fb9
Improve unit tests for SrpInput component (#13803)
The library `@testing-library/user-event` has been updated to the
latest beta version, so that our unit tests better model real user
interactions. In particular, I found that previously the `paste` event
was missing the `clipboardData` API, so it was impossible to implement
any custom handling of paste events (which we will need in later PRs).

See the `v14.0.0-beta.1` release notes for a list of all breaking
changes [1]. The main change is that all methods now return Promises.
The `paste` method has also been dramatically simplified.

The unit tests have also been updated to reset all mocks before each
test. These tests don't have any shared mocks, but this is generally a
good practice, to ensure that tests don't develop accidental inter-
dependencies.

[1]: https://github.com/testing-library/user-event/releases/tag/v14.0.0-beta.1
2022-03-03 19:38:03 -03:30
Guillaume Roux
23e6c073c4
Dark Theme setup and button theming (#13651)
* Add design-tokens and apply colors to button

* swap more colors

* tweak button and add dark theme switch to storybook

* tweak buttons

* fix typo

* remove comments

* add dep to ignored list

* fix linting issue

* fix linting issues

* Updating some styles and removing some deprecated buttons (#13742)

* Updating some styles and removing some deprecated buttons

* Warning button fixes

* Fixing warning text for darkmode

* bump design tokens and update storybook theme strategy

Co-authored-by: George Marshall <george.marshall@consensys.net>
2022-02-25 14:11:22 -08:00
dependabot[bot]
d239d0fddb
Bump @metamask/design-tokens from 1.2.0 to 1.3.0 (#13749)
Bumps [@metamask/design-tokens](https://github.com/MetaMask/design-tokens) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/MetaMask/design-tokens/releases)
- [Changelog](https://github.com/MetaMask/design-tokens/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/design-tokens/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: "@metamask/design-tokens"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-24 18:06:26 -08:00
Mark Stacey
f49e5076f3
Refactor: Extract SRP input from create vault component (#13720)
This is a pure refactor that extracts the SRP input from the
`CreateNewVault` component. This is intended to make future changes to
the SRP input easier, and to reduce duplication between the old and new
onboarding flows.

Extensive unit tests have been added for the new SRP input component.

A new test library was added (`@testing-library/user-event`) for
simulating user events with components rendered using the
`@testing-library` library.

A new helper method has been added (`renderWithLocalization`) for
rendering components using `@testing-library` with just our
localization contexts added as a wrapper. The localization contexts
were already added by the `renderWithProviders` helper function, but
there is no need for a Redux provider in these unit tests.
2022-02-23 17:00:26 -03:30
George Marshall
a1eaa33b45
Installing design tokens and writing docs in storybook (#13657)
* Installing design tokens and writing docs in storybook

* Adding design-tokens to dep check ignore

* Link updates, Sentence casing, better css code formatting, other grammer fixes
2022-02-22 18:26:11 -08:00
Dan J Miller
96b82349a0
Add EIP-712 support for Trezor (#13693)
* Add EIP-712 support for Trezor

Co-authored-by: alisinabh <alisina.bm@gmail.com>
Co-authored-by: matejcik <ja@matejcik.cz>
Co-authored-by: Brandon Noad <Brandon.Noad@gmail.com>

* Update eth-trezor-keyring version

Co-authored-by: Alois Klink <alois.klink@gmail.com>
Co-authored-by: alisinabh <alisina.bm@gmail.com>
Co-authored-by: matejcik <ja@matejcik.cz>
Co-authored-by: Brandon Noad <Brandon.Noad@gmail.com>
2022-02-22 16:22:58 -03:30
Alex Miller
0145041d0b
[GridPlus] Updates SDK to v0.9.10 (hotfix) (#13691)
See: https://github.com/GridPlus/gridplus-sdk/releases/tag/v0.9.10-hotfix
2022-02-21 22:03:48 -03:30
Daniel
2585f45bde
Add support for Smart Transactions (#12676) 2022-02-18 17:48:38 +01:00
dragana8
5095071083
Make default icons the same on mobile and extension #13264 (#13408) 2022-02-16 11:03:17 -06:00
PeterYinusa
ebeb2668ea
E2e mocking (#13640)
* mock gas price api

* fix error

* full url

* remove duplicated packages

* full url

* customise mock per test

* customise mock per test

* enable mocking

* enable mocking

* enable mocking by default

* duplicated packages

* update mockttp

* pass through

* pass through
2022-02-16 14:21:41 +00:00
dependabot[bot]
3dc60e8e30
Bump vm2 from 3.9.5 to 3.9.7 (#13625)
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.5 to 3.9.7.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/patriksimek/vm2/compare/3.9.5...3.9.7)

---
updated-dependencies:
- dependency-name: vm2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
2022-02-15 14:07:20 -03:30
dependabot[bot]
3fb21fee27
Bump follow-redirects from 1.14.7 to 1.14.8 (#13612)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 06:35:30 -03:30
Erik Marks
35ac762e10
Add Snaps via Flask (#13462)
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.

Closes #11626
2022-02-14 16:02:51 -08:00
PeterYinusa
2b1256faf4
Update to latest ChromeDriver (#13616) 2022-02-14 17:06:10 +00:00
Dan J Miller
e84138e2bc
Add resolution for engine.io, a nested dependency of 3box (#13589) 2022-02-10 13:54:36 -03:30
Alex Miller
79e96f93db
[GridPlus] Updates corresponding to Lattice firmware v0.13.2 (#13455)
This updates `eth-lattice-keyring`, which itself updates `gridplus-sdk`.
These changes are backwards compatible but do unlock functionality in
Lattice firmware v0.13.2

Underlying Changes:
* `gridplus-sdk`: https://github.com/GridPlus/gridplus-sdk/compare/v0.9.2...v0.9.7
* `eth-lattice-keyring`: https://github.com/GridPlus/eth-lattice-keyring/compare/v0.4.0...v0.4.9
2022-02-09 22:07:22 +01:00
Brad Decker
d45cb6c12e
update test-dapp to 5.0.0 (#13503)
* update test-dapp to 5.0.0

* Update edit-gas-fee.spec.js

* Lint

* Update send-eth.spec.js

* Update signature-request.spec.js

* typo

Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
Co-authored-by: Alex Donesky <adonesky@gmail.com>
2022-02-09 13:57:05 +00:00
PeterYinusa
2b010710ae
update chromedriver to v97 (#13502) 2022-02-03 15:02:56 +00:00
dependabot[bot]
37f930ddf6
Bump cached-path-relative from 1.0.2 to 1.1.0 (#13424)
Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/ashaffer/cached-path-relative/releases)
- [Commits](https://github.com/ashaffer/cached-path-relative/commits)

---
updated-dependencies:
- dependency-name: cached-path-relative
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-31 16:30:44 -07:00
dependabot[bot]
c3265727f2
Bump node-fetch from 2.6.1 to 2.6.7 (#13397)
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-31 13:23:15 -03:30
Brad Decker
5889d0ac45
add resolution for simple-get (#13471) 2022-01-31 08:46:25 -06:00
kumavis
3729e15c0c
lavamoat - @lavamoat/allow-scripts v2 (#13428) 2022-01-28 10:02:49 -10:00
dependabot[bot]
7fb5f417c4
Bump @metamask/controllers from 25.0.0 to 25.1.0 (#13399)
Bumps [@metamask/controllers](https://github.com/MetaMask/controllers) from 25.0.0 to 25.1.0.
- [Release notes](https://github.com/MetaMask/controllers/releases)
- [Changelog](https://github.com/MetaMask/controllers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/controllers/compare/v25.0.0...v25.1.0)

---
updated-dependencies:
- dependency-name: "@metamask/controllers"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-25 20:31:33 -03:30
Brad Decker
ec8a9384c9
fix node-forge vulnerability (#13389) 2022-01-25 12:49:58 -03:30
PeterYinusa
e2a8886a05
Upgrade ganache - continued (#13354)
* remove ganache-core

* use ganache v7

* convert to hex

* lint
2022-01-20 16:56:52 +00:00
dragana8
a67a5efca3
Incorrect Rounding Down of Balance #10167 (#13337) 2022-01-19 13:04:33 -06:00
Alex Donesky
f7849a0b7c
Add error that redirects users to Import NFT page when they attempt to add an NFT on the Import Token page (#13271)
* Add error that redirects users to Import NFT page when they attempt to add an NFT on the Import Token page
2022-01-19 08:38:33 -06:00
Jyoti Puri
9a3c917a48
Adding support for EIP-1559 in E2E tests (#13282) 2022-01-19 04:38:41 +05:30
Mark Stacey
48d9ca19cc
Remove unnecessary Yarn resolution (#13305)
This resolution was used to force a transitive dependency to be updated
to a specific version. But this target version was within the range
that was already requested, so a resolution is not needed. Yarn
resolutions are used for forcing a package to update to something
_outside_ of the requested range. For in-range updates, a Yarn lockfile
update is all we need, and it leaves us with less of a maintenance
burden (the resolution can clobber future updates).
2022-01-13 13:19:35 -03:30
Erik Marks
d4b6e95f89
Add resolution for follow-redirects (#13301)
Adds a resolution for `follow-redirects` to resolve https://github.com/advisories/GHSA-74fj-2j2h-c42q. The dependency graph is `analytics-node#axios#follow-redirects`, and neither parent package has published a fix for this vulnerability.
2022-01-12 21:37:40 -08:00
dependabot[bot]
ac5d06e4e3
Bump copy-props from 2.0.4 to 2.0.5 (#13245)
Bumps [copy-props](https://github.com/gulpjs/copy-props) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/gulpjs/copy-props/releases)
- [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/copy-props/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: copy-props
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-10 21:57:13 +05:30
Alex Donesky
4826c8c95e
Feat/collectibles send flow (#13048)
* Add collectibles send flow
2022-01-10 10:23:53 -06:00
Mark Stacey
3732c5f71e
Add JSDoc ESLint rules (#12112)
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.

Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.

Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
2022-01-07 12:27:33 -03:30
Alex Donesky
c266d4e6af
Feat/check update collectible ownership (#13110)
* Use method to check and update collectible ownership
2022-01-03 14:39:41 -06:00
Alex Donesky
1b6e58c417
Feat/collectibles the return (#12970)
* Wire collectibles frontend UI with controller data
2021-12-13 17:41:10 -06:00
dependabot[bot]
69e27c8a82
Bump just-safe-set from 2.1.0 to 2.2.3 (#13049)
Bumps [just-safe-set](https://github.com/angus-c/just) from 2.1.0 to 2.2.3.
- [Release notes](https://github.com/angus-c/just/releases)
- [Commits](https://github.com/angus-c/just/commits)

---
updated-dependencies:
- dependency-name: just-safe-set
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-13 11:45:55 -03:30
Mark Stacey
ba54a3d83b
Update ESLint config to v8 (#12886)
The ESLint config has been updated to v8. The breaking changes are:

* The Prettier rule `quoteProps` has been changed from `consistent` to
`as-needed`, meaning that if one key requires quoting, only that key is
quoted rather than all keys.
* The ESLint rule `no-shadow` has been made more strict. It now
prevents globals from being shadowed as well.

Most of these changes were applied with `yarn lint:fix`. Only the
shadowing changes required manual fixing (shadowing variable names were
either replaced with destructuring or renamed).

The dependency `globalThis` was added to the list of dynamic
dependencies in the build system, where it should have been already.
This was causing `depcheck` to fail because the new lint rules required
removing the one place where `globalThis` had been erroneously imported
previously.

A rule requiring a newline between multiline blocks and expressions has
been disabled temporarily to make this PR smaller and to avoid
introducing conflicts with other PRs.
2021-12-09 15:36:24 -03:30
Mark Stacey
d4ebf98cc4
Update electron from 11.4.12 to 11.5.0 (#13037)
This should include no functional changes. We only use `electron` for
`react-devtools`, which appears to still work after this update.

This replaces PR #12338.
2021-12-09 15:24:39 -03:30
Mark Stacey
670bed4c61
Add @metamask/rpc-methods package (#13027)
The `selectHooks` function has been replaced with the equivalent
function from the `@metamask/rpc-methods` package, which is
functionally equivalent.

The function was included in that package so that it could be used
elsewhere in the `snaps-skunkworks` repo. Eventually the goal is to
migrate much of our RPC logic into this package so that it can be
shared across products, and by our libraries as needed.
2021-12-09 11:22:53 -03:30
Dan J Miller
e45560859c
Support EIP-1559 on Trezor Model One (#13023)
* Support EIP-1559 on Trezor Model One

* Update unit tests

* Fix unit test

* Run yarn lavamoat:auto
2021-12-08 23:16:54 -03:30
Dan J Miller
c9768df149
Dispose the trezor connect iframe upon lock (#13018)
* Dispose the trezor connect iframe upon lock

* Use KEYRING_TYPES.TREZOR

* Update eth-trezor-keyring version
2021-12-08 13:55:27 -03:30
Thomas Huang
4d9a2a8b2f
Bump eth-json-rpc-middlware from 8.0.0 to 8.0.1 (#13005) 2021-12-07 13:13:30 -06:00
Erik Marks
31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00
ruleking
7c59fd035e
Update package.json + yarn.lock with contract-metadata version 1.31.0 (#12947)
* Update package.json: contract-metadata to newest release 1.31.0

* update lock file

* Fix: yarn-deduplicate lock file
2021-12-06 11:24:00 -03:30
kumavis
3fb5fcdb23
Lavamoat Devx - update lavamoat-browserify for policy reload on change (#12940)
* deps - update lavamoat-browserify for policy reload

* lavamoat/build-system - add missing policy for lavamoat-browserify
2021-12-02 14:04:02 -10:00
PeterYinusa
bb312c2818
update selenium-webdriver to v4.1.0 (#12922)
* update selenium-webdriver to v4.1.0

* fix tests
2021-12-02 18:28:24 +00:00
Alex Donesky
9e2935dd55
Revert "Feat/collectibles display (#12873)" (#12934)
This reverts commit 81ea24f08a.
2021-12-01 17:46:26 -06:00
George Marshall
eb4f051b23
Adding SnapSettingsCard ui component (#12655)
* parent d89e5336a6
author georgewrmarshall <george.marshall@consensys.net> 1636692862 -0800
committer hmalik88 <hassan.malik@consensys.net> 1637342043 -0500

Initial SnapSettingsCard component

Updates to styles but having specificity issues so increased specificity

Updates to styles but having specificity issues so increased specificity

added overflow fix and added tests

lockfile update

prettier fix

added stylelint ignore

yarn.lock fixed

* merge conflict fix

* package/yarn fix

* fixed package.json

* updated lockfile...

* removed comment

* removed unnecessary key/val for chip status indicator color

* bumped lattice to 0.4.0 in package json, fixed yarn lock

* removed dupe entry in yarn lock

* ran yarn setup to update lock file

* updated chip label prop

* parent d89e5336a6
author georgewrmarshall <george.marshall@consensys.net> 1636692862 -0800
committer hmalik88 <hassan.malik@consensys.net> 1637342043 -0500

Initial SnapSettingsCard component

Updates to styles but having specificity issues so increased specificity

Updates to styles but having specificity issues so increased specificity

added overflow fix and added tests

lockfile update

prettier fix

added stylelint ignore

yarn.lock fixed

* merge conflict fix

* package/yarn fix

* fixed package.json

* updated lockfile...

* removed comment

* bumped lattice to 0.4.0 in package json, fixed yarn lock

* removed dupe entry in yarn lock

* ran yarn setup to update lock file

* Using IconWithFallback instead of SiteIcon, fixing icon prop, and adding status story and docs page

* Updating to follow storybook folder convention

* Updates to styles

* Adding localization

* added todo comment

Co-authored-by: hmalik88 <hassan.malik@consensys.net>
2021-12-01 16:10:51 -05:00
PeterYinusa
9babc8b804
update chromedriver to v96 (#12921) 2021-12-01 18:21:29 +00:00
Alaa Hadad
e056c88ba7
Feature: Transaction Insights (#12881)
* integration for tx decoding confirmation and history view

* upgrading @truffle/decoder to latest release 5.1.0

* Update acorn and colors patches

* feat: remove redundant styling

* feat: basic integration for nickname components

* feat: wiring functionality of adding new nickname

* feat: wire functionality of showing nickname modal

* feat: link the nickname popover with add/update popover

* feat: moving forward with address nicknames integration

* feat: fixing a bug related to passing chainId in addressBook

* feat: populating memo prop in addressbook entry

* feat: add explorer link

* feat: bug fixing update nickname component

* feat: fix proptypes

* feat: adding tooltip for copying nickname address

* featL fix styling for tx-details page

* feat: optimize code for error handling

* feat: limiting transaction decoding to tx with data

* feat: remove tree UI component

* feat: adding request to check for tx decoding supported networks

* feat: showing data hex component

* feat: fix react warnings

* feat: remove extra margin in tx decoding

* Remove unused package @truffle/source-map-utils

* Ensure messages get translated

* feat: link tx-decoding addresses with nicknames

* Omit value for boolean attributes

* Fix props reading in CopyRawData

* fix: fixing issue with transaltion

* Fix lint errors in TransactionDecoding

- Remove unused import
- Reorder imports
- Address conflict between caught `error` and error state flag by
  renaming state flag to `hasError`
- Fix requestUrl identifier casing and use of template string
- Ensure `useEffect` gets passed the deps it needs
- Add scope braces around case statement where it's needed
- Omit literal `true` for boolean jsx attribute
- Refactor nested ternary as `if` statements

* fix: revert fetchWithCache modifications

* Fix linting for TransactionListItemDetails

- Remove unused import
- Fix import spacing
- Remove unused prop dereference
- Fix string interpolation for translated From/To

* Moving to popover pattern

* fix: sass color variable

* Omit value for boolean attribute

* Remove changes from modal.js

* fix: refactor nickname popovers

* Ensure const gets declared before it's used

* Fix linting for ConfirmTransactionBase

- Remove unused prop chainId
- Stop destructuring an unused field

* fix: refactor usage of nicknames popovers in send-content-container

* fix: remove extra prop updateAccountNicknameModal

* fix: refactor code for address.component

* fix: remove extra tooltip

* Ensure NicknamePopovers always returns component

* Fix linting for NicknamePopover component

- Fix useCallback deps
- Switch ternary to logical-or

* Fix linting for SenderToRecipient

... by fixing import order

* Remove unused addressCopied state

* Delete empty file

* fix: remove sender-to-recipient.container

* fix: refactor usage of nickname popovers in confirm-page-container

* fix: bug related to state variable

* Stylelint fix

* Lint fix

* Change "Total Amount" to "Total"

* Lint fix locales

* Update address-book.spec.js

* e2e test update

* Update e2e tests

* Fix issue where absence of function params in data hex tab would result in rendering a  string

* Fix border radius, and width and height in small notification windows, of the update-nickname-popover

* Remove fake await

* Clean up

* Clean up

Co-authored-by: Alaa Hadad <alaahd@Alaas-MacBook-M1-Pro-14-inch.local>
Co-authored-by: Dan Miller <danjm.com@gmail.com>
Co-authored-by: g. nicholas d'andrea <gnidan@trufflesuite.com>
2021-12-01 13:52:08 -03:30
Alex Donesky
81ea24f08a
Feat/collectibles display (#12873)
* Wiring up Collectibles lists/items

* wip

* more wip

* more more wip

* yet more wip

* wippp

* more wipppp

* closer

* wroking

* more wip

* cleanup

* cleanup

* add-collectible form validation

* update default ipfs-gateway

* update refresh button

* fix proptypes issue + add more padding to asset background

* css tweaking

* more cleanup

* more cleanup

* more cleanup

* add migration

* address feedback

* fix migration + cleanup

* bumping controllers version + adapting new collectiblesController shape

* fix yarn dedupe
2021-12-01 10:10:17 -06:00
kumavis
39d5afb3c1
deps - bump lavamoat for logging bug fix (#12915) 2021-11-30 18:23:30 -10:00
Dan J Miller
2856ea7606
Add support for eip-1559 on Trezor (#12627)
* Add support for eip-1559 on Trezor

* temp

* Lint fix

* Store trezor model type in background state instead attempting to get it in the frontend

* code simplification

* Temp update to eth-trezor-keyring version

* Tempory update to eth-trezor-keyring version

* Temp update to eth-trezor-keyring version

* Fix display of hdpath selector in connect hardware flow for trezor

* Updating the package version but we still need to run yarn setup and update the lockfile, once the package is updated

* Update yarn.lock

* Fix unit tests
2021-11-30 10:58:28 -03:30
Alex Donesky
5aa191fd2e
Feat/add collectible manually (#12834)
* hook up add collectible manually flow

* address feedback
2021-11-26 14:03:35 -06:00
Dan J Miller
fb27e170ac
Bump @metmamask/logo to v3.1.1 (#12822) 2021-11-24 12:46:01 -03:30
kumavis
d9d1a831a6
ci - enforce yarn lock deduplications (#12737)
* ci - test for yarn lock deduplications

* deps - update yarn.lock and patches

* lavamoat - update policy

* test - ui/helpers/utils/optimism/buildUnserializedTransaction - test against json obj

* lint fix

* patch-package - patch @babel/runtime for lavamoat support

* patch-package - fix additional @babel/runtime lockdown incompats

* patch-package - cleanup sass patch
2021-11-23 09:17:27 -10:00
Aaron Chen
a931316a53
Introduce QR based signer into MetaMask (#12065)
* support qr based signer

* add CSP for fire fox

* get QR Hardware wallet name from device

* fix qrHardware state missing in runtime

* support qr based signer sign transaction

* refine Request Signature modal ui

* remove feature toggle

* refine ui

* fix notification is closing even there is a pending qr hardware transaction

* add chinese translation, refine ui, fix qr process was breaking in some case

* support import accounts by pubkeys

* refine qr-based wallet ui and fix bugs

* update @keystonehq/metamask-airgapped-keyring to fix that the signing hd path was inconsistent in some edge case

* fix: avoid unnecessay navigation, fix ci

* refactor qr-hardware-popover with @zxing/browser

* update lavamoat policy, remove firefox CSP

* refine qr reader ui, ignore unnecessary warning display

* code refactor, use async functions insteads promise

Co-authored-by: Soralit <soralitria@gmail.com>
2021-11-23 13:58:39 -03:30
Dan J Miller
994a7d5458
Add fixed json-schema to resolutions file to resolve security issue (#12787) 2021-11-22 21:05:05 +05:30
Alex Donesky
b119b7744d
Add CollectiblesController & CollectibleDetectionController (#12443)
* Add CollectiblesController

* bump controllers version

* add CollectibleDetectionController

* adapt to ERC1155 support changes in CollectiblesController

* update @metamask/controllers to v20.0.0

* update lavamoat policy files

* put collectibleDetectionController instantiation behind feature flag
2021-11-19 10:16:41 -06:00
Mark Stacey
fb6375472e
Update improved-yarn-audit and ignore 2 advisories (#12765)
`improved-yarn-audit` has been updated so that it supports GitHub
advisories. Two new GitHub advisories have been ignored, as they are
both moderate RegExp DoS vulnerabilities that don't affect us, and they
are embedded deep within our dependency graph and are difficult to
update.
2021-11-19 11:53:19 -03:30
kumavis
d2617e9bf5
deps - bump @lavamoat/lavapack for bug fix (#12751) 2021-11-18 14:56:23 -10:00
Alex Miller
d810e7f0c6
GridPlus: Updates eth-lattice-keyring to v0.4.0 for UX improvements (#12649)
Most notably this adds the ability to manage multiple Lattice/SafeCard
wallets simultaneously. If a user makes a request from an address not
associated with the device's active wallet, an error will display.
See: https://github.com/GridPlus/eth-lattice-keyring/pull/19
2021-11-15 14:45:01 -03:30
Erik Marks
b3963daaab
eth-json-rpc-middleware@8.0.0 (#10738)
We're bumping from `^6` to `^8`. All imports are now named, and they have been updated. This is a breaking change, in that support for `eth_signTransaction` is added in `^8.0.0`. We do not support this method in our UI, so our middleware stack has been instrumented to reject.

In addition, there are some non-breaking behavioral changes in this version that reviewers should be aware of, see the [7.0.0 release](https://github.com/MetaMask/eth-json-rpc-middleware/releases).
2021-11-11 12:26:49 -08:00
Dan J Miller
9fa15dda6f
Support for Layer 2 networks with transaction fees on both layers (#12658)
* Support for Layer 2 networks with transaction fees on both layers

* Use  variable name in transaction-breakdown

* Add comment on code source to ui/helpers/utils/optimism/fetchEstimatedL1Fee.js

* Fix unit tests

* Ensure values passed to  are defined

* Fix activity log
2021-11-11 13:16:45 -03:30
Alex Miller
722c4e5b63
Support for GridPlus Lattice1 hardware wallet (#12053)
* GridPlus: Adds support for GridPlus Lattice1 hardware wallet

* Fixes issue with switching hardware HD path
The main `Select HD Path` piece of the account selection component was not
properly hooked up to the state manager (`onPathChange`) and the extra
`Popover` component was being used instead.
I'm not sure what the origin of this is, but I don't see why the Popover
is needed at all. I have remove it and hooked `onPathChange` directly into
the HD path selector dropdown.
This was an issue that nearly every Lattice user who had come from Ledger
has contacted us about.

* GridPlus: Addresses QA issues
* Adds Lattice tutorial + image
* Cleans up connectivity issues (see: https://github.com/GridPlus/eth-lattice-keyring/pull/16)

* GridPlus: Adds Firefox support
To connect to the Lattice you need to open a new tab/window and get
login data from it. We were not able to do this for Firefox because
we relied on the `window` API. This is now fixed.
See corresponding changes:
* `eth-lattice-keyring`: https://github.com/GridPlus/eth-lattice-keyring/pull/17
* Lattice connector: https://github.com/GridPlus/wallet-web/pull/152

* GridPlus: Adds missing error path for Firefox
See: 242a93f559
2021-11-08 11:18:41 -03:30
PeterYinusa
c0f0e1cfc4
update chromedriver to v95 (#12603) 2021-11-05 15:52:24 +00:00
dependabot[bot]
e3e6da1a75
Bump vm2 from 3.9.3 to 3.9.5 (#12582)
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.3 to 3.9.5.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/patriksimek/vm2/compare/3.9.3...3.9.5)

---
updated-dependencies:
- dependency-name: vm2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-04 17:01:35 -02:30
dependabot[bot]
65e5902200
Bump tmpl from 1.0.4 to 1.0.5 (#12581)
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases)
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-04 12:19:39 -07:00
dependabot[bot]
8d1c342c2e
Bump keypair from 1.0.1 to 1.0.4 (#12583)
Bumps [keypair](https://github.com/juliangruber/keypair) from 1.0.1 to 1.0.4.
- [Release notes](https://github.com/juliangruber/keypair/releases)
- [Commits](https://github.com/juliangruber/keypair/compare/v1.0.1...v1.0.4)

---
updated-dependencies:
- dependency-name: keypair
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-04 16:46:46 -02:30
Dan J Miller
843bb6e047
Check if ledger was successfully able to establish transport on confirm screen mount (#12535)
* Check if ledger was successfully able to establish transport on mount of confirm screens

* Update ledger message/action if transport creation was blocked by existing connection

* TEMP: point eth-ledger-bridge-keyring to commite, REMOVE BEFORE MERGE

* Update eth-ledger-bridge-keyring to v0.10.0
2021-11-04 15:49:53 -02:30
kumavis
1298a8cdc6
deps - update sentry (#12561) 2021-11-02 13:41:33 -10:00
Erik Marks
a2d3d942ec
Exclude files from builds by build type (#12521)
This PR enables the exclusion of JavaScript and JSON source by `buildType`, and enables the running of `eslint` under LavaMoat. 80-90% of the changes in this PR are `.patch` files and LavaMoat policy additions.

The file exclusion is designed to work in conjunction with our code fencing. If you forget to fence an import statement of an excluded file, the application will now error on boot. **This PR commits us to a particular naming convention for files intended only for certain builds.** Continue reading for details.

### Code Fencing and ESLint

When a file is modified by the code fencing transform, we run ESLint on it to ensure that we fail early for syntax-related issues. This PR adds the first code fences that will be actually be removed in production builds. As a consequence, this was also the first time we attempted to run ESLint under LavaMoat. Making that work required a lot of manual labor because of ESLint's use of dynamic imports, but the manual changes necessary were ultimately quite minor.

### File Exclusion

For all builds, any file in `app/`, `shared/` or `ui/` in a sub-directory matching `**/${otherBuildType}/**` (where `otherBuildType` is any build type except `main`) will be added to the list of excluded files, regardless of its file extension. For example, if we want to add one or more pages to the UI settings in Flask, we'd create the folder `ui/pages/settings/flask`, add any necessary files or sub-folders there, and fence the import statements for anything in that folder. If we wanted the same thing for Beta, we would name the directory `ui/pages/settings/beta`.

As it happens, we already organize some of our source files in this way, namely the logo JSON for Beta and Flask builds. See `ui/helpers/utils/build-types.js` to see how this works in practice.

Because the list of ignored filed is only passed to `browserify.exclude()`, any files not bundled by `browserify` will be ignored. For our purposes, this is mostly relevant for `.scss`. Since we don't have anything like code fencing for SCSS, we'll have to consider how to handle our styles separately.
2021-11-01 20:20:31 -07:00
George Marshall
d72f7295a3
Docs/12367 Adding storybook essentials addons (#12393)
* Adding storybook essentials and documentation contribution guidelines

* Deprecation updates

* Update ui/2.DOCUMENTATION.stories.mdx

Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>

* Updating spelling and adding label to i18n-party plugin in toolbar

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
2021-10-29 07:22:07 -10:00
Mark Stacey
90e55a445e
Add static files for the Flask build (#12518)
Static files have been added for the Flask build. This includes logos
of each size and variety that we use, and it includes the 3D model JSON
file.

Closes #12427
2021-10-28 23:05:58 -02:30
Mark Stacey
681ab33537
Update @metamask/logo from v3.0.1 to v3.1.0 (#12490)
The new logo update includes the gradient feature.

The version of `jsdom` we're using via Jest has also been updated in
the lockfile. This was necessary to get unit tests to pass because the
version we were using previously didn't support `replaceChildren`,
which was added in `jsdom@6.6.0` [1].

[1]: 04f6c13f4a

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-27 11:15:02 -02:30
Elliot Winkler
e951fe6a64
Improve autorebuilding in dev to reduce CPU load (#11886)
On an M1 Mac, when running `yarn start`, CPU can spike to 100% CPU, and
sometimes a bunch of `mdworker` instances will get spawned. This seems
to be caused by the file-watching mechanism used in dev to automatically
regenerate the build when something is changed. More specifically, we
are using an older version of `watchify`, which uses an older version of
`chokidar`, which is the package that actually does the watching. v4.0.0
of `watchify` upgrades `chokidar` to v3.x ([1]), which comes with
"massive CPU & RAM consumption improvements" ([2]). After the upgrade,
CPU usage decreases to 20-40%.

[1]: https://github.com/browserify/watchify/blob/master/CHANGELOG.md#400
[2]: https://github.com/paulmillr/chokidar/releases/tag/3.0.0
2021-10-25 13:56:26 -06:00