1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-28 23:06:37 +01:00
Commit Graph

639 Commits

Author SHA1 Message Date
Dan J Miller
9d70c60c22
Connect Ledger via WebHID (#12411)
* Connect ledger via webhid if that option is available

* Explicitly setting preference for webhid

* Use ledgerTransportType enum instead of booleans for ledger live and webhid preferences

* Use single setLEdgerTransport preference methods and property

* Temp

* Lint fix

* Unit test fix

* Remove async keyword from setLedgerTransportPreference function definition in preferences controller

* Fix ledgelive setting toggle logic

* Migrate useLedgerLive preference property to ledgerTransportType

* Use shared constants for ledger transport type enums

* Use constant for ledger usb vendor id

* Use correct property to check if ledgerLive preference is set when deciding whether to ask for webhid connection

* Update eth-ledger-bridge-keyring to v0.9.0

* Only show ledger live transaction helper messages if using ledger live

* Only show ledger live part of tutorial if ledger live setting is on

* Fix ledger related prop type errors

* Explicitly use u2f enum instead of empty string as a transport type; default transport type to webhid if available; use constants for u2f and webhid

* Cleanup

* Wrap ledger webhid device request in try/catch

* Clean up

* Lint fix

* Ensure user can easily connect their ledger wallet when they need to.

* Fix locales

* Fix/improve locales changes

* Remove unused isFirefox property from confirm-transaction-base.container.js

* Disable transaction and message signing confirmation if ledger webhid requires connection

* Ensure translation keys for ledger connection options in settings dropdown can be properly detected by verify-locales

* Drop .component from ledger-instruction-field file name

* Move renderLedgerLiveStep to module scope

* Remove ledgerLive from function and message names in ledger-instruction-field

* Wrap ledger connection logic in ledger-instruction-field in try catch

* Clean up signature-request.component.js

* Check whether the signing address, and not the selected address, is a ledger account in singature-request.container

* Ensure ledger instructions and webhid connection button are shown on signature-request-original signatures

* Improve webhid selection handling in select-ledger-transport-type onChange handler

* Move metamask redux focused ledger selectors to metamask duck

* Lint fix

* Use async await in checkWebHidStatusRef.current

* Remove unnecessary use of ref in ledger-instruction-field.js

* Lint fix

* Remove unnecessary try/catch in ledger-instruction-field.js

* Check if from address, not selected address, is from a ledger account in confirm-approve

* Move findKeyringForAddress to metamask duck

* Fix typo in function name

* Ensure isEqualCaseInsensitive handles possible differences in address casing

* Fix Learn More link size in advanced settings tab

* Update app/scripts/migrations/066.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update ui/pages/settings/advanced-tab/advanced-tab.component.test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Add jsdoc comments for new selectors

* Use jest.spyOn for mocking navigator in ledger webhid migration tests

* Use LEDGER_TRANSPORT_TYPES values to set proptype of ledgerTransportType

* Use LEDGER_TRANSPORT_TYPES values to set proptype of ledgerTransportType

* Fix font size of link in ledger connection description in advanced settings

* Fix return type in setLedgerTransportPreference comment

* Clean up connectHardware code for webhid connection in actions.js

* Update app/scripts/migrations/066.test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update ui/ducks/metamask/metamask.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Add migration test for when useLedgerLive is true in a browser that supports webhid

* Lint fix

* Fix inline-link size

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-10-21 16:47:03 -02:30
David Walsh
77f8ec4d3a
Fix 12265 - Update onboarding welcome screen (#12275) 2021-10-13 09:22:51 -05:00
Mark Stacey
b07354af52
Update yazl to fix Buffer warning (#12328)
We were using an outdated version of the package `yazl` in our build
system, resulting in a Buffer warning during the production and test
builds about the use of the deprecated Buffer constructor.

`yazl` has been updated to the latest version, and no longer uses the
deprecated Buffer constructor that caused this warning.

The warning looked like this:
```
(node:52293) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
```
2021-10-12 10:09:51 -02:30
Mark Stacey
9da60c7a42
Update caniuse-lite (#12312)
`caniuse-lite` has been updated to the latest published version. This
update prevents various console warnings that appear during the build.
2021-10-08 22:47:41 -02:30
Alex Donesky
3b5e33bc4c
use improved-yarn-audit and exclude 1002401 and 1002581 (#12310)
* use improved-yarn-audit and exclude 1002401
2021-10-08 12:18:38 -05:00
Mark Stacey
7a5b48e018
Update immer from v8 to v9 (#12303)
`immer` has been updated to v9. This didn't require any changes on our
part; the only breaking changes are to the TypeScript types [1].

The `@reduxjs/toolkit` library has been updated as well, to ensure that
it's using the updated version of Immer internally as well. This update
makes our patch of that package obsolete, as the problematic pattern
that were were patching out is no longer present.

[1]: https://github.com/immerjs/immer/releases/tag/v9.0.0
2021-10-08 11:50:07 -02:30
kumavis
cb174ff8e6
Lavamoat build system integration for WebApp (#12242)
* lavamoat - add lavamoat to webapp background

* test:e2e - add delay to resolve failure

* test:e2e - add delay to resolve failure

* build - add a switch for applying lavamoat, currently off for all

* test/e2e - remove delays added for lavamoat

* Revert "test/e2e - remove delays added for lavamoat"

This reverts commit 79c3479f15c072ed362ba1d4f1af41ea11a17d63.
2021-10-05 12:06:31 -10:00
Matthew Epps
53f2c84209
Add client id to GasFeeController (#12221)
* chore: Add client id to GasFeeController

* chore: change EXTENSION_CLIENT_ID to SWAPS_CLIENT_ID in constants file
2021-09-29 10:41:19 -02:30
kumavis
d9d20160d6
LavaMoat Node update and various small enhancements (#12239)
* lavamoat - update lavamoat-node and relevant policy + two handy patches

* test/e2e - add timeout known to be flaky

* lavamoat-viz - rename npm script
2021-09-28 20:56:08 -10:00
dependabot[bot]
92b075581c
Bump @metamask/contract-metadata from 1.29.0 to 1.30.0 (#12207)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: "@metamask/contract-metadata"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-28 13:38:31 -02:30
Mark Stacey
506fa2d744
Fix Buffer warnings during build (#10495)
The warnings about use of the unsafe Buffer constructor have been
addressed by package updates and patches.

The updates were:
 * `gulp-sourcemaps` was updated from v2 to v3, and was patched to
replace remaining uses of the `Buffer` constructor
   * Upstream PR: https://github.com/gulp-sourcemaps/gulp-sourcemaps/pull/388
 * The transitive dependency `yazl` was updated from v2.4.3 to v2.5.1
in the lockfile.
 * The abandoned packages `combine-source-map` and `inline-source-map`
were patched.
2021-09-27 19:05:35 -02:30
Mark Stacey
2a1d0cfd2c
Update caniuse-lite (#12203)
The dependency `caniuse-lite` has been updated using a Yarn resolution,
because it was pinned to a specific version by some dependencies. All
versions requested in our dependency tree are 1.x so this did not
introduce any breaking changes.

This resolves a frequent console warning that shows up during builds,
and when running tests and the linter.
2021-09-24 11:42:28 -02:30
Brad Decker
c35797453d
fix pubnub dep vulnerabiltiy (#12170) 2021-09-21 10:12:51 -05:00
Alex Donesky
a7561aaef3
bump @metamask/controllers to v16.0.0 (#12133) 2021-09-16 15:42:09 -05:00
kumavis
f472c2615a
CI - add metamaskbot comment "highlights" section for showing relevant storybook changes (#12095)
* ci/announce/highlight - add bot announcement section for "highlights" showing off important diffs + storybook highlights

* ci/announce/highlight - fix announcement message

* Update index.js

* xxx tmp xxx

* ci/announce/highlight - fix dirty file calculation

* ci/announce/highlight - try/catch wrap highlight generation for build stability

* ui - put fox emojis in the mascot component

* ci/announce/highlight - start storybook permalinks

* ci/announce/highlight - fix storybook permalink util

* ci/announce/highlight - fix storybook permalink util

* ci/announce/highlight - small styling fix

* storybook - use any easily predictable story id

* ci/announce/highlight - revert sample commit

* ci/announce/highlight - minimal documentation
2021-09-15 08:55:48 -10:00
dependabot[bot]
ad7d85b04e
Bump @metamask/controllers from 15.0.2 to 15.1.0 (#12054)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-10 09:51:13 -05:00
Elliot Winkler
bbe972ca46
Upgrade chromedriver to 93 (#11990)
This allows developers to run the Chrome e2e tests locally without
having to have a custom version of Chrome installed.
2021-09-08 14:54:31 -06:00
David Walsh
7b827ca5e7
Create MetaMask Beta build (#10985) 2021-09-08 15:08:23 -05:00
dependabot[bot]
b5b2c3fdb0
Bump tar from 4.4.15 to 4.4.19 (#11998)
Bumps [tar](https://github.com/npm/node-tar) from 4.4.15 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.15...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 12:48:30 -02:30
Alex Donesky
e8ab578ed0
bump @metamask/controllers to v15.0.2 and remove AbortController workaround in e2e tests (#11988)
* bump @metamask/controllers to v15.0.1 and remove AbortController workaround in e2e tests

* remove old abortcontroller polyfill

* bump @metamask/controllers to v15.0.2
2021-09-03 09:34:21 -05:00
Elliot Winkler
8ffebb294b
Fix 'yarn setup' on M1 Macs (#11887)
There are a few issues encountered when running `yarn setup` on new
Apple Silicon (aka M1, aka arm64) Macs:

* The script halts when attempting to run the install step for
  the `chromedriver` package with the message "Only Mac 64 bits
  supported". This is somewhat misleading as it seems to indicate that
  chromedriver can only be installed on a 64-bit Mac. However, what I
  think is happening is that the installation script for `chromedriver`
  is not able to detect that an arm64 CPU *is* a 64-bit CPU. After
  looking through the `chromedriver` repo, it appears that 87.0.1 is the
  first version that adds a proper check ([1]).

  Note that upgrading chromedriver caused the Chrome-specific tests to
  fail intermittently on CI. I was not able to 100% work out the reason
  for this, but ensuring that X (which provides a way for Chrome to run
  in a GUI setting from the command line) is available seems to fix
  these issues.

* The script also halts when attempting to run the install step for
  the `electron` package. This happens because for the version of
  `electron` we are using (9.4.2), there is no available binary for
  arm64. It appears that Electron 11.x was the first version to support
  arm64 Macs ([2]). This is a bit trickier to resolve because we don't
  explicitly rely on `electron` — that's brought in by `react-devtools`.
  The first version of `react-devtools` that relies on `electron` 11.x
  is 4.11.0 ([3]).

[1]: 469dd0a6ee
[2]: https://www.electronjs.org/blog/apple-silicon
[3]: https://github.com/facebook/react/blob/main/packages/react-devtools/CHANGELOG.md#4110-april-9-2021
2021-09-01 10:40:40 -06:00
Dan J Miller
a4c0133bc5
1559 ledger (#11951)
* EIP-1559 - Provide support for Ledger

* Update ui/selectors/selectors.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Add shared constants for hw types

* bump eth-ledger-bridge-keyring to v0.7.0

Co-authored-by: David Walsh <davidwalsh83@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Alex <adonesky@gmail.com>
2021-09-01 11:25:06 -05:00
Erik Marks
8a8ce3a0c0
@metamask/controllers@15.0.0 (#11975)
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.

This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.

As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
2021-08-31 12:27:13 -07:00
dependabot[bot]
b7009ac454
Bump @metamask/contract-metadata from 1.28.0 to 1.29.0 (#11914)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.28.0 to 1.29.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.28.0...v1.29.0)

---
updated-dependencies:
- dependency-name: "@metamask/contract-metadata"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-24 14:13:33 -07:00
dependabot[bot]
d1e264446d
Bump @metamask/controllers from 14.1.0 to 14.2.0 (#11825)
Bumps [@metamask/controllers](https://github.com/MetaMask/controllers) from 14.1.0 to 14.2.0.
- [Release notes](https://github.com/MetaMask/controllers/releases)
- [Changelog](https://github.com/MetaMask/controllers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/controllers/compare/v14.1.0...v14.2.0)

---
updated-dependencies:
- dependency-name: "@metamask/controllers"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-13 16:13:55 -02:30
dependabot[bot]
1bff9a1e23
Bump @metamask/controllers from 14.0.2 to 14.1.0 (#11793) 2021-08-11 14:58:39 -05:00
dependabot[bot]
5d785d36fb
Bump @metamask/auto-changelog from 2.4.0 to 2.5.0 (#11691) 2021-08-11 14:23:17 -05:00
Alex Donesky
6e9c683f3e
Update out of sync yarn.lock file (#11815) 2021-08-11 12:52:16 -05:00
Alex Donesky
6059f997f7
bump path-parse version to address security vulnerability (#11807) 2021-08-10 15:11:28 -05:00
dependabot[bot]
24d6456aaf
Bump tar from 4.4.11 to 4.4.15 (#11753)
Bumps [tar](https://github.com/npm/node-tar) from 4.4.11 to 4.4.15.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.11...v4.4.15)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-05 14:12:10 -02:30
Mark Stacey
d01b702b23
Update eth-phishing-detect to latest version (#11756)
This update includes just configuration updates. There are no
functional changes. The updated config is only used as a fallback in
case the config update fails for some reason.
2021-08-04 19:44:46 -02:30
Alex Donesky
a4dda7d79e
Fix ipfs dependency vulernability (#11745) 2021-08-03 17:04:10 -05:00
Alex Donesky
1135810699
Bump controllers version from 12.0.0 to 14.0.2 (#11674) 2021-07-29 19:47:35 -02:30
kumavis
984b78730f
CI - enforce dep usage with depcheck (#11518)
* deps - validate with depcheck

* ci - add depcheck + fixes for missing/extra deps

* ci - run depcheck after deps prep install

* deps - add yarn-deduplicate development tool

* Update .circleci/config.yml

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update .circleci/config.yml

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Removing @lavamoat/preinstall-always-fail

* [depcheck] removing unused dependencies

* Update .depcheckrc.yml

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: ryanml <ryanlanese@gmail.com>
2021-07-27 20:03:03 -07:00
sethkfman
d64d9050b8
bumped contract-metadata to v1.28.0 (#11625) 2021-07-26 12:03:21 -07:00
Peter-Jan Brone
3fada25dfc
Add Skylink support to ENS resolver (#11401)
* Add Skynet support to ENS to IPFS resolver

* Remove newline

* Fix lint

* Fix lint

* Remove mistakenly committed zip file

* Update
2021-07-16 10:22:04 -05:00
kumavis
9f4820ee98
Build - refactor for bundle factoring and swappable runtime (#11080)
* wip

* build - breakout sentry-install bundle

* deps - move new build sys deps to published versions

* chore: lint fix

* clean - remove unused file

* clean - remove unsused package script

* lavamoat - update build system policy

* build - render html to all platforms

* development - improve sourcemap debugger output

* deps - update lavapack

* lint - fix

* deps - update lavapack for bugfix

* deps - update lavapack for bugfix

* deps - bump lavapack for line ending normalization

* sourcemap explorer - disable boundary validation

* ci - reset normal ci flow

* build - re-enable minification on prod

* build - remove noisy log about html dest

* build - update terser and remove gulp wrapper for sourcemap fix

* Revert "sourcemap explorer - disable boundary validation"

This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162.

* build - reenable react-devtools in dev mode

* wip

* build - breakout sentry-install bundle

* deps - move new build sys deps to published versions

* chore: lint fix

* clean - remove unused file

* clean - remove unsused package script

* lavamoat - update build system policy

* build - render html to all platforms

* development - improve sourcemap debugger output

* deps - update lavapack

* lint - fix

* deps - update lavapack for bugfix

* deps - update lavapack for bugfix

* deps - bump lavapack for line ending normalization

* sourcemap explorer - disable boundary validation

* ci - reset normal ci flow

* build - re-enable minification on prod

* build - remove noisy log about html dest

* build - update terser and remove gulp wrapper for sourcemap fix

* Revert "sourcemap explorer - disable boundary validation"

This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162.

* build - reenable react-devtools in dev mode

* Updating lockfile

* lint fix

* build/dev - patch watchifys incompatible binary stats output

* ui - add comment about conditional import

* build - improve comment

* Update development/stream-flat-map.js

Co-authored-by: Brad Decker <git@braddecker.dev>

* Outputting all bundle file links (metamaskbot)

Co-authored-by: ryanml <ryanlanese@gmail.com>
Co-authored-by: Brad Decker <git@braddecker.dev>
2021-07-15 10:59:34 -07:00
Brad Decker
68dfc98f40
wire up gasFeeController (#11421) 2021-07-08 15:23:00 -05:00
Brad Decker
39906d6124
upgrade @metamask/controllers to v12.0.0 (#11472) 2021-07-07 15:08:00 -05:00
ryanml
9e86d417f9
Bumping contract-metadata -> 1.27.0 in package.json (#11458) 2021-07-06 10:44:34 -07:00
dependabot[bot]
9889d070cd
Bump @metamask/contract-metadata from 1.26.0 to 1.27.0 (#11430)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: "@metamask/contract-metadata"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-30 14:14:35 -07:00
dependabot[bot]
0037416251
Bump @metamask/auto-changelog from 2.3.0 to 2.4.0 (#11422)
Bumps [@metamask/auto-changelog](https://github.com/MetaMask/auto-changelog) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/MetaMask/auto-changelog/releases)
- [Changelog](https://github.com/MetaMask/auto-changelog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/auto-changelog/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: "@metamask/auto-changelog"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-30 16:51:54 -02:30
Alex Donesky
a4a5580785
Update controllers with conversionRate change with minimal required changes in extension (#11361)
* updating controllers with conversionRate change with minimal required changes in extension

* swapping showFiat selector in places where possible

* adding invalid conversion protection

* lint fixes

* adjusting list-item styling logic
2021-06-23 18:28:49 -05:00
Brad Decker
cf34e64f15
Support EIP-2718 transaction types, EIP-2930 and EIP-1559 support (#11288) 2021-06-16 15:40:17 -05:00
ryanml
341b090857
Upgrading eth-ledger-bridge-keyring -> 0.6.0, eth-trezor-keyring -> 0.7.0 (#11290) 2021-06-14 19:30:52 -07:00
Mark Stacey
108bd7987b
Update @metamask/contract-metadata from v1.25 to v1.26 (#11278)
This update includes various new tokens.
2021-06-11 11:04:09 -02:30
dependabot[bot]
ad7e64ad91
Bump trim-newlines from 3.0.0 to 3.0.1 (#11260)
Bumps [trim-newlines](https://github.com/sindresorhus/trim-newlines) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/sindresorhus/trim-newlines/releases)
- [Commits](https://github.com/sindresorhus/trim-newlines/commits)

---
updated-dependencies:
- dependency-name: trim-newlines
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-09 15:17:09 -02:30
ryanml
282665dd96
Fixing normalize-url audit vulnerability (#11258)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Brad Decker <git@braddecker.dev>
2021-06-09 12:26:04 -05:00
ricky
10c600589b
Feature/use zeroAddress (#11205)
* update ethereumjs-util

* Use zeroAddress
2021-06-03 20:56:04 -04:00
Dan J Miller
6040c6ebbb
Resolve ws dependency to version ^7.4.6 to fix security vulnerability (#11229) 2021-06-03 10:56:52 -02:30
dependabot[bot]
0dc459e073
Bump @metamask/auto-changelog from 2.2.0 to 2.3.0 (#11213)
Bumps [@metamask/auto-changelog](https://github.com/MetaMask/auto-changelog) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/MetaMask/auto-changelog/releases)
- [Changelog](https://github.com/MetaMask/auto-changelog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/auto-changelog/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-31 21:31:10 -02:30
dependabot[bot]
6f49ff6b64
Bump @metamask/auto-changelog from 2.1.0 to 2.2.0 (#11196)
Bumps [@metamask/auto-changelog](https://github.com/MetaMask/auto-changelog) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/MetaMask/auto-changelog/releases)
- [Changelog](https://github.com/MetaMask/auto-changelog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/auto-changelog/compare/v2.1.0...v2.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-28 11:37:12 -02:30
Etienne Dusseault
4c341d83ab
Add Approval Confirmation Screen component to Storybook (#10998)
* add metametrics wrapper

* add history dep

* provide test data and mock react router

* add first confirmaion screen

* figure out a way to mock match.params

* render token approval with data

* fix lockfile

* fix lint

* remove use effect

* lintfix

* add . for src paths

* litfix

* Add knobs to change redux store for confirm-approve component (Storybook) (#11135)

* add knob for domain

* knobify

* remove logs

* remove comment

* lintfix

* fix comments

* add background calls + metriccs event to storybook acctions

* lintfixxxx
2021-05-25 08:20:09 +08:00
ryanml
e1c8afc8c4
Upgrading dns-packet to ^5.2.2 to resolve vulnerability (#11172) 2021-05-24 16:07:06 -07:00
Mark Stacey
ff71005041
Update @metamask/auto-changelog from v9.0.1 to v9.1.0 (#11170)
This update includes a bug fix that made v9.0.1 incompatible with valid
entries for the `package.json` "repository" field. Specifically, that
field required that the repository be the GitHub repo URL, but the
field is meant to point at the _git_ repo URL (the difference between
the two on GitHub is the `.git` suffix).

Now that that bug as been fixed, we can update the `repository` field
to point at `https://github.com/MetaMask/metamask-extension.git`, which
is what it should be.
2021-05-24 17:17:31 -02:30
dependabot[bot]
2dae62fbbc
Bump @metamask/controllers from 9.0.0 to 9.1.0 (#11150)
Bumps [@metamask/controllers](https://github.com/MetaMask/controllers) from 9.0.0 to 9.1.0.
- [Release notes](https://github.com/MetaMask/controllers/releases)
- [Changelog](https://github.com/MetaMask/controllers/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/controllers/compare/v9.0.0...v9.1.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-21 09:46:37 -02:30
Erik Marks
978f11b89b
@metamask/auto-changelog@2.0.1 (#11140)
* @metamask/auto-changelog@2.0.1

* Update changelog

* Fix some changelog formatting edge cases
2021-05-19 21:40:22 -07:00
Mark Stacey
5009ceae53
Migrate to new CurrencyRateController (#11005)
The CurrencyRateController has been migrated to the BaseControllerV2
API, which includes various API changes. These changes include:
* The constructor now expects to be passed a
`RestrictedControllerMessenger`.
* State changes are subscribed to via the `ControllerMessenger` now,
rather than via a `subscribe` function.
* The state and configration are passed in as one "options" object,
rather than as two separate parameters
* The polling needs to be started explicitly by calling `start`. It
can be stopped and started on-demand now as well.
* Changing the current currency or native currency will now throw an
error if we fail to update the conversion rate.

The `ComposableObservableStore` has been updated to accomodate these
new types of controllers. The constructor has been updated to use an
options bag pattern as well, to make the addition of the new required
`controllerMessenger` parameter a bit less unweildly.
2021-05-20 00:27:51 -02:30
Etienne Dusseault
d381f70e56
bump allow scripts (#11134) 2021-05-20 00:26:42 -02:30
Niranjana Binoy
0e1181862f
Handling custom token decimal fetch failure due to network error (#10956) 2021-05-18 13:23:54 -04:00
David Walsh
da2e662675
Update eth-ledger-bridge-keyring to v0.5.0 (#11064) 2021-05-17 20:16:37 -05:00
Etienne Dusseault
b8177b22db
bump allow scripts (#10822) 2021-05-16 21:48:29 -07:00
dependabot[bot]
23db732f87
Bump ssri from 6.0.1 to 6.0.2 (#10959)
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-13 12:32:49 -02:30
Erik Marks
43c33b676f
@metamask/providers@8.1.1 (#11078)
* @metamask/providers@8.1.1

* Minimize import footprint
2021-05-12 19:51:14 -07:00
dependabot[bot]
5cbc71c963
Bump hosted-git-info from 2.5.0 to 2.8.9 (#11034)
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.5.0 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.5.0...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 15:56:51 -02:30
Mark Stacey
ed737cf073
Update @metamask/controllers to v8 (#11000)
Update `@metamask/controllers` from v6 to v8. The breaking changes were
all in controllers that aren't used by the extension, so no changes
were required.
2021-05-06 16:26:34 -02:30
Mark Stacey
8ce49d8e7c
Update lodash to ^4.17.21 (#11001)
A resolution was required to update the version of `lodash` used by
`ganache-core`, and a previous resolution required updating. All other
lodash instances in our dependency tree were within range, and could be
updated in the lockfile.
2021-05-06 16:02:22 -02:30
Mark Stacey
20b0346d8b
Replace auto-changelog script (#10993)
The `auto-changelog` script has been replaced with the package
`@metamask/auto-changelog`. This package includes a script that has
an `update` command that is roughly equivalent to the old
`auto-changelog.js` script, except better. The script also has a
`validate` command.

The `repository` field was added to `package.json` because it's
utilized by the `auto-changelog` script, and this was easier than
specifying the repository URL with a CLI argument.
2021-05-06 11:50:19 -02:30
Erik Marks
29fa00a97b
@metamask/post-message-stream@4.0.0 (#10989) 2021-05-05 16:07:48 -07:00
Dan J Miller
838fe95753
Fix dependency vulnerability by upgrading xmlhttprequest-ssl via yarn.lock (#10990) 2021-05-05 12:02:41 -02:30
Brad Decker
cbce07e983
upgrade eth-keyring-controller (#10933) 2021-04-27 12:03:58 -05:00
David Walsh
15b596ad15
Implement Ledger Live bridge (#10293) 2021-04-26 13:05:48 -05:00
dependabot[bot]
25d8880fb5
Bump @metamask/contract-metadata from 1.23.0 to 1.25.0 (#10899)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.23.0 to 1.25.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.23.0...v1.25.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-22 11:50:19 -05:00
Daniel
fbbdaf04ed
Increase Jest unit test coverage for the Swaps feature to ~25% (#10900)
* Swaps: Show a network name dynamically in a tooltip

* Replace “Ethereum” with “$1”, change “Test” to “Testnet”

* Replace 이더리움 with $1

* Translate network names, use ‘Ethereum’ by default if a translation is not available yet

* Reorder messages to resolve ESLint issues

* Add a snapshot test for the FeeCard component, increase Jest threshold

* Enable snapshot testing into external .snap files in ESLint

* Add the “networkNameEthereum” key in ko/messages.json, remove default “Ethereum” value

* Throw an error if chain ID is not supported by the Swaps feature

* Use string literals when calling the `t` fn,

* Watch Jest tests silently (no React warnings in terminal, only errors)

* Add @testing-library/jest-dom, import it before running Jest tests

* Add snapshot testing of Swaps’ React components for happy paths, increase minimum threshold for Jest

* Add the test/jest folder for Jest setup and shared functions, use it in Swaps Jest tests

* Fix ESLint issues, update linting config

* Enable ESLint for .snap files (Jest snapshots), throw an error if a snapshot is bigger than 50 lines

* Don’t run lint:fix for .snap files

* Move `createProps` outside of `describe` blocks, move store creation inside tests

* Use translations instead of keys, update a rendering function to load translations

* Make sure all Jest snapshots are shorter than 50 lines (default limit)

* Add / update props for Swaps tests

* Fix React warnings when running tests for Swaps
2021-04-21 12:34:35 -07:00
Etienne Dusseault
d01bc9bb51
Dep upgrades and patches (#10903)
* apply patches

* lavamoat dep upgrades

* remove lavamoat browserify
2021-04-20 13:39:49 +08:00
Etienne Dusseault
1baa94d1ab
Dep Upgrades for Lavamoat Patches (#10902)
* dep upgrades

* apply more patches
2021-04-20 11:37:21 +08:00
Brad Decker
d1f8171877
upgrade ethereumjs util (#10886) 2021-04-16 10:05:13 -05:00
Thomas Huang
253efc6f8c
Jest config (#10855)
* Setup jest config

* Adjust test for jest.

* Adjust lint config

* Omit swaps ui folder for unit testing

* Omit swaps from test:unit:lax

* Add jest.config.js to script files

* Restore mocks rather than clearing them.

* Update jest config and adjust lint to include subdirs

* Convert view-quote-price-difference test to jest

* Add jest ci and ci coverage scripts. Add jest unit test to general test command

* Add test coverage to ci

* Use --ignore flag

* Fixup

* Add @metamask/eslint-config-jest

* Update .eslintrc.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Adds jest-coverage/

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-04-09 10:20:32 -07:00
Erik Marks
e18deda0da
@metamask/eslint-config*@6.0.0 (#10858)
* @metamask/eslint-config*@6.0.0

* Minor eslintrc reorg
2021-04-08 14:34:55 -07:00
Mark Stacey
312f2afc41
Refactor changelog parsing and generation (#10847)
The `auto-changelog.js` script has been refactoring into various
different modules. This was done in preparation for migrating this to
a separate repository, where it can be used in our libraries as well.

Functionally this should act _mostly_ the same way, but there have been
some changes. It was difficult to make this a pure refactor because of
the strategy used to validate the changelog and ensure each addition
remained valid. Instead of being updated in-place, the changelog is now
parsed upfront and stored as a "Changelog" instance, which is a new
class that was written to allow only valid changes. The new changelog
is then stringified and completely overwrites the old one.

The parsing had to be much more strict, as any unanticipated content
would otherwise be erased unintentionally. This script now also
normalizes the formatting of the changelog (though the individual
change descriptions are still unformatted).

The changelog stringification now accommodates non-linear releases as
well. For example, you can now release v1.0.1 *after* v2.0.0, and it
will be listed in chronological order while also correctly constructing
the `compare` URLs for each release.
2021-04-08 16:14:30 -02:30
Thomas Huang
c339f28ce8
Adds jest dependency (#10845)
* Add Jest
2021-04-08 10:25:05 -07:00
Brad Decker
9079fb87ec
add abstraction for waitForSelector (#10844) 2021-04-08 10:41:23 -05:00
Brad Decker
f5c89843b1
remove node-sass dependency (#10797) 2021-04-02 11:57:05 -02:30
Brad Decker
1e44c34e1e
upgrade eslint deps (#10789) 2021-04-01 13:44:42 -05:00
Brad Decker
d5bfce3243
eslint perf improvement (#10775) 2021-03-31 10:19:20 -05:00
ryanml
e0b7d08ffb
Updating y18n and netmask to resolve dependency issues (#10765)
netmask@1.0.6 -> 2.0.1, y18n@3.2.1 -> 3.2.2, y18n@4.0.0 -> 4.0.1
2021-03-29 22:47:56 -07:00
Dan J Miller
254164aec4
update @metamask/etherscan-link to v2.0.0 (#10747) 2021-03-28 12:32:43 -02:30
Erik Marks
6d1add7afe
eth-block-tracker@5.0.1 (#10737) 2021-03-26 10:03:44 -07:00
Etienne Dusseault
8fc2c3272a
security - update SES lockdown (#10663)
* update ses

* build - reference ses directly

* deps - unify regenerator-runtime versions on 0.13.7

* patches - apply regenerator-runtime ses compat patch\nhttps://github.com/facebook/regenerator/pull/411

* patches - patch regenerator-runtime for latest ses fix

* reduc patch, new lockdown severe override taming

* updated redux patch

* update redux patch for production

* ignore lockdown in lint

* deps - bump patch-package just in case

* trailing comma

* remove ses as dep

* fix path for frozen promise

* remove js extension in lockdown require

* Revert "ignore lockdown in lint"

This reverts commit 8cefdc94dd25d7781bb09eed8af36441397676da.

* Revert "build - reference ses directly"

This reverts commit 30371a377dcdd781c1bf9abe55e9c8ae34da26b5.

* deps - update ses

* Revert "fix path for frozen promise"

This reverts commit 966e4c60921a25befe8ca8dea58313cc25852f72.

Co-authored-by: kumavis <aaron@kumavis.me>
2021-03-26 12:27:25 +08:00
kumavis
715f699ed9
build - refactor build system for easier configuration (#10718)
* build - refactor build system for easier configuration of before and after bundle

* build - fix dependenciesToBundle option

* build - fix bify external options and other config

* build - refactor for cleanliness

* build - fix minify argument

* build - fix sourcemaps setup

* scripts - refactor setupBundlerDefaults in anticipation of factor bundles

* build - scripts - remove unused pipeline label

* build - scripts - make filepath entry optional

* build - scripts - rename filepath and filename options to entryFilepath and destFilepath

* Update development/build/scripts.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-03-26 12:26:19 +08:00
Dan J Miller
9573aa7515
Update @metamask/controllers to v6.2.1 (#10701) 2021-03-25 17:37:52 -02:30
kumavis
ff86465a24
deps - remove "remotedev-server" (#10687)
* deps - remove remotedev-server

* Remove stale references from allow-scripts config

Any packages that are no longer in the dependency tree have been
removed from the `allow-scripts` config.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-03-22 15:32:25 -02:30
Shane
b50fe3184a
fix: replace dnode background with JSON-RPC (#10627)
fixes #10090
2021-03-18 11:23:46 -07:00
Erik Marks
a29fc51838
Ensure permission log will only store JSON-able data (#10524) 2021-03-10 11:50:06 -08:00
David Walsh
92680cf56f
Add support for multiple Ledger & Trezor hardware accounts (#10505) 2021-03-09 14:39:16 -06:00
Brad Decker
80266cf33c
update @metamask/etherscan-link to v1.5.0 (#10603) 2021-03-08 13:52:24 -06:00
Mark Stacey
a09dab4f6b
Update elliptic to v6.5.4 to address security advisory (#10602)
The `elliptic` package has been updated to v6.5.4 to address a security
advisory regarding a vulnerability in v6.5.3. We are not affected by
this vulnerability to the best of our knowledge. This is just to stay
on the safe side, and fix our audit check.
2021-03-08 14:25:06 -03:30
Mark Stacey
83371dff3e
Update @lavamoat/allow-scripts to v1.0.4 (#10599)
This patch update fixes an install issue encountered when trying to
update `eth-trezor-keyring` from v0.5.2 to v0.6.0.
2021-03-05 14:38:01 -03:30
ryanml
b74b70df2a
Resolving pull-ws to v3.3.2 (#10543) 2021-03-02 10:34:58 +08:00
ty
b04120dd0f
Warn users when an ENS name contains 'confusable' characters (#9187)
* Add warning system for 'confusable' ENS names (#9129)

Uses unicode.org's TR39 confusables.txt to display a warning when
'confusable' unicode points are detected.

Currently only the `AddRecipient` component has been updated, but the new
`Confusable` component could be used elsewhere

The new `unicode-confusables` dependency adds close to 100KB to the
bundle size, and around 30KB when gzipped.

Adds 'tag' prop to the tooltop-v2 component

Use $Red-500 for confusable ens warning

Lint Tooltip component

Update copy for confusing ENS domain warning.

* Fix prop type

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-02-27 01:56:04 -03:30
Brad Decker
aabe653240
Add Custom Network UI (#10310) 2021-02-22 10:20:42 -06:00
Etienne Dusseault
f196c9feb8
Add Lavamoat to build system (#9939)
* lavamoat - run build system in lavamoat

* lavamoat/allow-scripts - add missing policy entry

* update viz and lavvamoat

* trim policy file

* bump viz

* prue policy override

* regen policy file

* Update package.json

* Update package.json

* Apply suggestions from code review

Co-authored-by: kumavis <kumavis@users.noreply.github.com>

* update policy, remove redundant patches

* use yarn setup in CI

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-22 22:43:29 +08:00
David Walsh
3d579dfcef
Remove react-select and SimpleDropdown, use Dropdown (#10468) 2021-02-19 13:03:44 -06:00
Erik Marks
5996e84596
@metamask/contract-metadata@1.23.0 (#10475) 2021-02-18 12:01:35 -08:00
Austin Akers
2122b8cf16
Hide links to etherscan when no block explorer is specified for a custom network (#10455)
Conditionally render view on Etherscan text if it's a custom network

Fixes: #5631
2021-02-17 09:45:30 -03:30
Mark Stacey
2e9c66efc7
Deduplicate lockfile dependencies (#10452)
Dependencies in the lockfile have been deduplicated using the command:
`npx yarn-deduplicate`.
2021-02-16 11:11:45 -03:30
Mark Stacey
8a76dcc18a
Remove gulp-imagemin (#10435)
This package hasn't been used since #8140, which dropped it for being
too slow and of minimal benefit.

We should consider re-adding this as a CI check to ensure images are
optimized, but I don't think it should be re-added to the build process
itself.
2021-02-15 11:50:01 -03:30
Mark Stacey
932794a5dd
Remove gulp-babel package (#10437)
This has not been used in some time. The last import was removed in
the PR #4712
2021-02-15 11:03:51 -03:30
Mark Stacey
cbf375a6a2
Remove gulp-debug (#10436)
This dependency was added in #3781, but appears to have never actually
been used.
2021-02-13 17:05:34 -03:30
Mark Stacey
bc5a136af1
Remove unused react-test-renderer (#10431)
This package seems to have always been unused. I suspect it was added
years ago by mistake.
2021-02-13 17:03:13 -03:30
Mark Stacey
50c3b06563
Remove chai (#10440)
We don't seem to use chai assertions anywhere anymore. I'm unsure when
the last was removed.
2021-02-12 18:53:47 -03:30
Mark Stacey
eb879a7930
Remove deps-dump dependency (#10438)
This dependency was used in the Sesify bundle build task, which was
removed in #9514.
2021-02-12 18:11:37 -03:30
Mark Stacey
03562ff711
Remove file-loader package (#10439)
This dependency has not been used since #8249.
2021-02-12 17:50:31 -03:30
Mark Stacey
ff909d724e
Remove browserify-derequire (#10441)
This was used for the Sesify build, which was removed in #9514
2021-02-12 17:50:16 -03:30
Mark Stacey
036e1cf8ce
Remove regenerator-runtime (#10430)
This package was added as a devDependency to address a peerDependency
warning when installing Storybook v5.3.14. We're now using Storybook
v6, which doesn't list this as a peerDependency.
2021-02-12 14:20:12 -03:30
Mark Stacey
a9a6614290
Remove gulp-replace (#10432)
This package has not been used since #4712.
2021-02-12 14:19:43 -03:30
Mark Stacey
906324cb5e
Remove gulp-multi-process (#10434)
This package has not been used since #8140. We now spawn separate
processes directly in our build script rather than using this gulp
plugin to do so.
2021-02-12 14:16:25 -03:30
Mark Stacey
b9a3d3442f
Update react-devtools (#10429)
This update includes various improvements and bug fixes.
2021-02-12 14:06:43 -03:30
Mark Stacey
22f3e79bd8
Update eth-sig-util and ethashjs lockfile versions (#10383)
The packages `eth-sig-util` and `ethashjs` have been updated to their
latest in-range versions in the lockfile. This removes the last
instance of `ethereumjs-abi@0.6.5` from our dependency tree, as well as
the last non-optional instance of `sha3` (it's still present as a
transitive dependency of an optional development dependency via
`ganache`)
2021-02-08 17:50:04 -03:30
kumavis
1e086aeb06
storybook/i18n - add i18n party button (#10382) 2021-02-08 23:45:06 +08:00
Mark Stacey
9dc88397dc
Update @metamask/inpage-provider from v8.0.3 to v8.0.4 (#10378)
Fixes #10356

There was a bug in the inpage provider that would mistakenly report
usage of our injected `web3` instance when the `web3.currentProvider`
property was accessed. This was fixed in v8.0.4 of
`@metamask/inpage-provider`.
2021-02-08 20:41:39 +08:00
Mark Stacey
494c7da7dd
Update yarn.lock file (#10393)
The lockfile had extraneous packages that were removed upon install.
They must have been left behind as a result of a recent merge.
2021-02-08 20:35:42 +08:00
kumavis
b0215738a2
storybook - i18n toolbar (#10381)
* storybook - i18n toolbar

* lint fix
2021-02-06 10:28:54 +08:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
kumavis
b2d40f4e3a
deps - bump allow-scripts (#10370) 2021-02-04 09:39:45 -03:30
Etienne Dusseault
fc409a103b
Add .yarnrc to disable scripts (#10354)
* add yarn rc file to disable scripts

* remove ignore scripts in CI

* re-add entry

* add lavamoat preinstall always fail

* allow-scripts - add missing package to denylist

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-03 21:53:12 -03:30
kumavis
b98cef16af
Update to Node v14 (#9514)
* manual rebase against develop

* Update .nvmrc
2021-02-03 13:45:38 +08:00
Etienne Dusseault
6b34fb4184
Use @lavamoat/allow-scripts (#10009)
* use @lavamoat/allow-scripts for package postinstall allow list
* dnode: set "weak" to false

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2021-02-01 20:08:42 -08:00
dependabot[bot]
05f5deb701
Bump electron from 9.1.2 to 9.4.2 (#10308)
Bumps [electron](https://github.com/electron/electron) from 9.1.2 to 9.4.2.
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/master/docs/breaking-changes.md)
- [Commits](https://github.com/electron/electron/compare/v9.1.2...v9.4.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-01-28 17:47:18 -03:30
Erik Marks
bd57705b5f
@metamask/contract-metadata@1.22.0 (#10285) 2021-01-25 12:17:01 -08:00
Mark Stacey
183cc154fa
Update yarn.lock (#10241)
A recent change resulted in an outdated lockfile. These changes
resulted from running `yarn` with a clean working tree.
2021-01-21 17:03:57 -03:30
David Walsh
9b4715cc8f
Update postMessage structure for TrezorConnect 8 (#10192) 2021-01-21 11:12:54 -06:00
dependabot[bot]
cb8f82d171
Bump socket.io from 2.2.0 to 2.4.1 (#10232)
Bumps [socket.io](https://github.com/socketio/socket.io) from 2.2.0 to 2.4.1.
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/2.4.1/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/2.2.0...2.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-01-21 10:54:17 -03:30
Mark Stacey
6de41a1cf6
Update @reduxjs/toolkit from v1.3.2 to v1.5.0 (#10228)
The changes made between v1.3.2 and v1.5.0 of `@reduxjs/toolkit` don't
appear to affect us at all. They mostly consist of feature additions
and bug fixes for edge cases we haven't encountered.[1]

The one change that is technically breaking is that v8 of `immer` now
freezes state objects in production rather than just in development.
That would only be breaking if we were mutating Redux state though,
which we aren't doing in the few Redux slices in which we use
`@reduxjs/toolkit`. Even if we were, we would have noticed that it
broke in development already.

[1]: https://github.com/reduxjs/redux-toolkit/releases
2021-01-21 10:04:03 -03:30
Erik Marks
30ff153103
eth-rpc-errors@4.0.2 (#10226) 2021-01-20 22:06:41 -08:00
Erik Marks
118281b9a9
@metamask/inpage-provider@8.0.3 (#10219)
Restores the provider `data` event.
2021-01-20 10:42:59 -08:00
Brad Decker
acbe38c260
use dart sass, and update related modules (#10208) 2021-01-19 10:54:32 -06:00
Erik Marks
849a47afba
@metamask/inpage-provider@8.0.2 (#10178) 2021-01-12 14:22:22 -08:00
Erik Marks
d7c648db98
eth-method-registry@2.0.0 (#10169) 2021-01-11 08:27:51 -08:00
Erik Marks
6abb32f042
@metamask/contract-metadata@1.21.0 (#10142) 2021-01-05 11:08:23 -08:00
Brad Decker
7a65b33788
add module resolution for node-analytics/axios (#10139) 2021-01-04 17:44:16 -06:00
Erik Marks
2f6f8966bb
@metamask/contract-metadata@1.20.0 (#10116) 2020-12-21 12:07:32 -08:00
dependabot[bot]
5681634ba2
Bump @metamask/contract-metadata from 1.19.0 to 1.20.0 (#10104)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.19.0...v1.20.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-18 10:14:48 -06:00
Mark Stacey
bba2b9646d
Update @metamask/controllers to v5.1.0 (#10096)
This update comes with a breaking change to the Approval controller. It
now requires a `defaultApprovalType` parameter.

I don't think we have any use for a default approval type, but I've
added a "NO_TYPE" one for now because it's a strict requirement. We
should consider making this parameter optional in the future, for cases
like this where it's not needed.

This update will hopefully address some caching issues we've been
seeing with our phishing configuration. See here for more details:
https://github.com/MetaMask/controllers/pull/297
2020-12-17 12:06:29 -03:30
Erik Marks
e05be40d92
@metamask/obs-store@5.0.0 (#10092) 2020-12-16 13:14:49 -08:00
dependabot[bot]
45b737fca0
Bump ini from 1.3.5 to 1.3.7 (#10064)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-11 18:27:42 -03:30
Mark Stacey
da1aae772b
Remove coveralls (#10063)
We don't look at coveralls very much. We might occasionally consult it
to see a report on our code coverage, but that report is already
generated entirely locally, and has been added to the MetaMask bot
comment in #10061.
2020-12-11 16:20:45 -03:30
Mark Stacey
4a5a2881d0
Update selenium-webdriver and geckodriver (#10057)
Update `geckodriver` to the latest version, and `selenium-webdriver`
to the second-most-recent version. Updates include various dependency
updates, bug fixes, and minor features. None of the updates seem to
directly affect us, aside from one new feature of `selenium-webdriver`
that updates the `installAddon` function to support `.zip` files, which
will be used in a subsequent PR.

`selenium-webdriver` was pinned one version behind latest because the
latest version caused our Chrome e2e tests to fail with a mysterious
error whenever `getAttribute` was called on a WebElement.
2020-12-11 12:03:20 -03:30
Mark Stacey
8ab5230115
Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-09 15:40:33 -03:30
Erik Marks
3bf94164ac
@metamask/inpage-provider@^8.0.0 (#8640)
* @metamask/inpage-provider@^8.0.0
* Replace public config store with JSON-RPC notifications
* Encapsulate notification permissioning in permissions controller
* Update prefix of certain internal RPC methods and notifications
* Add accounts to getProviderState
* Send accounts with isUnlocked notification (#10007)
* Rename provider streams, notify provider of stream failures (#10006)
2020-12-08 11:48:47 -08:00
dependabot[bot]
e8cb565b48
Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.0 to 10.4.1.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.0...10.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-06 14:38:30 -08:00
Dan J Miller
97d268c8ee
Remove use of ethgasstation; use metaswap /gasPrices api for gas price estimates (#9867)
* Remove use of ethgassthat; use metaswap /gasPrices api for gas price estimates

* Remove references to ethgasstation

* Pass base to BigNumber constructor in fetchExternalBasicGasEstimates

* Update ui/app/hooks/useTokenTracker.js

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>

* Delete gas price chart

* Remove price chart css import

* Delete additional fee chart code

* Lint fix

* Delete more code no longer used after ethgasstation removal

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2020-12-02 19:55:19 -03:30
Erik Marks
1da9ad77a4
json-rpc-engine@6.1.0 (#9922) 2020-12-02 11:41:24 -08:00
Erik Marks
df209612d5
@metamask/etherscan-link@1.4.0 (#9970) 2020-12-02 08:59:04 -08:00
Erik Marks
9d4b8a4903
@metamask/contract-metadata (#9968) 2020-12-01 14:55:01 -08:00
Mark Stacey
429847a686
Update to @storybook/*@6 (#9956)
Our Storybook dependencies have been updated to v6.1.9, from v5. This
was done to address a security vulnerability in a transitive dependency
of these packages (`highlight.js`).

The primary changes required by this Storybook update were the change
in import path for the `withKnobs` hook, the change in background
config format, and the webpack configuration. Storybook seems to work
correctly.

The migration was guided by the Storybook changelog[1] and the
Storybook v6 migration guide[2].

There is one Storybook error remaining; it fails to load the Euclid
font. This is a pre-existing error though, so we can fix it in a later
PR.

The `yarn.lock` file was deduplicated in this PR as well, as it was
required to fix various install warnings that were introduced with this
update.

[1]: https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md
[2]: https://github.com/storybookjs/storybook/blob/next/MIGRATION.md
2020-11-30 16:40:46 -03:30
Niranjana Binoy
6a9c15d4a4
updating the version of extension-port-stream to latest (#9942) 2020-11-24 14:32:06 -05:00
David Walsh
bf65c979d2
Use async storage instead of localstorage (#9919) 2020-11-24 09:38:04 -06:00
Etienne Dusseault
9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00
Erik Marks
f8f3faf539
resolve-url-loader@3.1.2 (#9925) 2020-11-20 13:52:07 -08:00
Dan J Miller
a9fcf0ea86
Use getTokenTrackerLink for asset view etherscan link in token-asset.js (#9913) 2020-11-19 00:59:42 -03:30
dependabot[bot]
198b503f94
Bump @metamask/eth-token-tracker from 3.0.1 to 3.1.0 (#9901)
Bumps [@metamask/eth-token-tracker](https://github.com/MetaMask/eth-token-tracker) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/MetaMask/eth-token-tracker/releases)
- [Changelog](https://github.com/MetaMask/eth-token-tracker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/eth-token-tracker/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-18 01:55:57 -03:30
Erik Marks
74839831c0
@metamask/controllers@4.2.0 (#9849) 2020-11-13 11:04:48 -08:00
Erik Marks
aa85533368
@metamask/controllers@4.0.2 (#9839) 2020-11-09 18:19:42 -08:00
Erik Marks
80834b775d
@metamask/controllers@4.0.0 (#9838) 2020-11-09 14:00:10 -08:00
kumavis
5e61955d99
deps - yarn-deduplicate (#9519) 2020-11-09 18:10:46 -03:30
Erik Marks
6aa6052318 eth-sig-util@3.0.0 2020-11-09 08:57:18 -08:00
David Walsh
dcd2927f03
Update etherscan-link to 1.2.0 (#9789) 2020-11-04 17:05:38 -06:00
Erik Marks
a6f676764f @metamask/test-dapp@4.0.1 2020-11-04 10:17:10 -08:00
Erik Marks
d2dc4a62c4 @metamask/test-dapp@4.0.0 2020-11-03 21:35:03 -08:00
Brad Decker
3c171de44c
potential fix for METAMASK-GKCN (#9768) 2020-11-03 11:58:22 -06:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
dependabot[bot]
a8cb6fb4f6
Bump eth-contract-metadata from 1.16.0 to 1.17.0 (#9736)
Bumps [eth-contract-metadata](https://github.com/MetaMask/ethereum-contract-icons) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/MetaMask/ethereum-contract-icons/releases)
- [Commits](https://github.com/MetaMask/ethereum-contract-icons/compare/v1.16.0...v1.17.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 16:31:43 -02:30
Mark Stacey
d1b4d29219
Update ganache-core and ganache-cli (#9725)
`ganache-core` and `ganache-cli` have been updated to the latest
published versions.

Two Yarn resolutions have been made unnecessary by this update, so they
have been removed. They were added to update dependencies of
`ganache-core` to address security advisories. They have since been
updated in the latest `ganache-core` release.
2020-10-26 21:08:49 -02:30
Brad Decker
7d50357684
remove matomo and route to segment (#9646) 2020-10-26 14:05:57 -05:00
Erik Marks
bb2eed6a8d
@metamask/test-dapp@3.2.0 (#9707) 2020-10-23 20:59:49 -07:00
Etienne Dusseault
69d45ab46c
Add ses lockdown to build system (#9568)
* Add ses lockdown to build system using lavamoat-core

* use proper object.assign version

* disable lint rules for ses lockdown

* deps - update rtlcss

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-10-23 21:04:42 -02:30
dependabot[bot]
b0bbc2b366
Bump @metamask/controllers from 3.1.0 to 3.2.0 (#9692)
Bumps [@metamask/controllers](https://github.com/MetaMask/controllers) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/MetaMask/controllers/releases)
- [Changelog](https://github.com/MetaMask/controllers/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/controllers/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-23 14:35:53 -02:30
dependabot[bot]
343b982fe2
Bump @metamask/inpage-provider from 6.1.0 to 6.3.0 (#9691)
Bumps [@metamask/inpage-provider](https://github.com/MetaMask/inpage-provider) from 6.1.0 to 6.3.0.
- [Release notes](https://github.com/MetaMask/inpage-provider/releases)
- [Changelog](https://github.com/MetaMask/inpage-provider/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/inpage-provider/compare/v6.1.0...v6.3.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-23 13:53:36 -02:30
Mark Stacey
7d0a7ab301
Update @metamask/eslint-config to v4.1.0 (#9663)
`@metamask/eslint-config` has been updated to v4.1.0. This update
requires that we update `eslint` to v7 as well, which in turn requires
updating most `eslint`-related packages.

Most notably, `babel-eslint` was replaced with `@babel/eslint-parser`,
and `babel-eslint-plugin` was replaced by `@babel/eslint-plugin`. This
required renaming all the `babel/*` rules to `@babel/*`.

Most new or updated rules that resulted in lint errors have been
temporarily disabled. They will be fixed and re-enabled in subsequent
PRs.
2020-10-21 14:01:03 -02:30
Ari Lotter
c3fafe311e
Spawn yarn processes in a cmd subshell on Windows (#9628)
On Windows, spawn fails if the exact filename
of a binary isn't passed. e.g. `spawn('yarn')` fails
because the binary is named `yarn.cmd`.
Instead, we depend on `cross-spawn` which handles differences
in `spawn` across platforms.
2020-10-20 01:37:23 -02:30
Mark Stacey
aae176537f
Update Sentry to the latest version. (#9597)
All three of our Sentry packages have been updated to the latest
versions. There appear to have been no breaking changes - just bug
fixes and new features.
2020-10-14 13:30:28 -02:30
Whymarrh Whitby
3353c33981
Use eth-contract-metadata@1.16.0 (#9540) 2020-10-09 13:07:23 -02:30
Whymarrh Whitby
8f3b81f67a
Use node-forge@0.10.0 (#9473)
This change updates `node-forge` to the latest published version, 0.10.0. This
update resolves a security advisory [1] brought in via our `3box` dependency.

  [1]:https://www.npmjs.com/advisories/1561
2020-10-01 16:37:07 -02:30
Erik Marks
48e2880731
rpc-cap@3.2.0 (#9461) 2020-09-24 08:33:48 -07:00
Erik Marks
60d4b6aa41
@metamask/controllers@3.1.0 (#9460) 2020-09-23 13:24:24 -07:00
Mark Stacey
97b49b7614
Add prettier-plugin-sort-json (#9450)
JSON files are now sorted by key with `prettier`, using the plugin
`prettier-plugin-sort-json`. This does not affect `package.json`
because `prettier` uses a special parser for that file, as it has
a more restrictive format than JSON.
2020-09-23 12:21:42 -02:30
Erik Marks
3f2a7fd6ac
eth-json-rpc-filters@4.2.1 (#9452) 2020-09-22 21:55:59 -07:00
Erik Marks
242a5b3f23
eth-json-rpc-infura@5.1.0 (#9451) 2020-09-22 20:46:02 -07:00
Erik Marks
2eb8a9aca9
eth-json-rpc-middleware@6.0.0 (#9448) 2020-09-22 19:03:12 -07:00
Whymarrh Whitby
b83bca7223
Use eth-phishing-detect@1.1.14 (#9423) 2020-09-16 16:24:56 -02:30
Whymarrh Whitby
3b70cf64ec
Use @metamask/controllers@3.0.1 (#9416) 2020-09-16 14:34:28 -02:30
Whymarrh Whitby
34b3953815
Use eth-json-rpc-middleware@5.0.3 (#9405) 2020-09-14 19:17:29 -02:30
dependabot[bot]
b1665dedc6
Bump node-fetch from 2.6.0 to 2.6.1 (#9399)
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-14 15:45:42 -02:30
Brad Decker
8b24f624dd
add segment implementation of metametrics (#9382)
Co-authored-by: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-09-14 12:04:05 -05:00
Mark Stacey
9391eac670
Update @metamask/eth-token-tracker from v3.0.0 to v3.0.1 (#9398)
`v3.0.1` of `@metamask/eth-token-tracker` fixes how token balances are
displayed when they are between 1 and 0.1. See here for more details:
https://github.com/MetaMask/eth-token-tracker/pull/47
2020-09-11 19:03:24 -03:00
Mark Stacey
ce66ddcf0d
Use prettier for JSON linting (#9396)
Instead of using `eslint-plugin-json` for linting JSON files,
`prettier` is now used. `prettier` is capable of detecting and
correcting more problems than `eslint-plugin-json` can, such as
indentation.

All JSON files have been run through `prettier`. The changes are all
superficial.
2020-09-11 10:57:39 -03:00
Whymarrh Whitby
e2dedaacdb
Use Infura v3 API (#9368)
* Use eth-json-rpc-infura@5.0.0
* Use Infura v3 API
* Add example .metamaskrc file
2020-09-10 13:46:00 -02:30
Whymarrh Whitby
89eade97c5
Use bl@3.0.1, dedupe bl@1.x (#9375) 2020-09-08 18:23:44 -02:30
Whymarrh Whitby
253cd12bbb
Use yargs@7.1.1 (#9364)
This change updates the `yargs` dependency introduced by `gulp-cli` to the latest
`^7` version, addressing [`GHSA-p9pc-299p-vxgp`][1].

  [1]:https://github.com/advisories/GHSA-p9pc-299p-vxgp

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp > gulp-cli > yargs > yargs-parser                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-09-07 11:16:45 -02:30