1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-23 02:10:12 +01:00
Commit Graph

617 Commits

Author SHA1 Message Date
dependabot[bot]
25d8880fb5
Bump @metamask/contract-metadata from 1.23.0 to 1.25.0 (#10899)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.23.0 to 1.25.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.23.0...v1.25.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-22 11:50:19 -05:00
Daniel
fbbdaf04ed
Increase Jest unit test coverage for the Swaps feature to ~25% (#10900)
* Swaps: Show a network name dynamically in a tooltip

* Replace “Ethereum” with “$1”, change “Test” to “Testnet”

* Replace 이더리움 with $1

* Translate network names, use ‘Ethereum’ by default if a translation is not available yet

* Reorder messages to resolve ESLint issues

* Add a snapshot test for the FeeCard component, increase Jest threshold

* Enable snapshot testing into external .snap files in ESLint

* Add the “networkNameEthereum” key in ko/messages.json, remove default “Ethereum” value

* Throw an error if chain ID is not supported by the Swaps feature

* Use string literals when calling the `t` fn,

* Watch Jest tests silently (no React warnings in terminal, only errors)

* Add @testing-library/jest-dom, import it before running Jest tests

* Add snapshot testing of Swaps’ React components for happy paths, increase minimum threshold for Jest

* Add the test/jest folder for Jest setup and shared functions, use it in Swaps Jest tests

* Fix ESLint issues, update linting config

* Enable ESLint for .snap files (Jest snapshots), throw an error if a snapshot is bigger than 50 lines

* Don’t run lint:fix for .snap files

* Move `createProps` outside of `describe` blocks, move store creation inside tests

* Use translations instead of keys, update a rendering function to load translations

* Make sure all Jest snapshots are shorter than 50 lines (default limit)

* Add / update props for Swaps tests

* Fix React warnings when running tests for Swaps
2021-04-21 12:34:35 -07:00
Etienne Dusseault
d01bc9bb51
Dep upgrades and patches (#10903)
* apply patches

* lavamoat dep upgrades

* remove lavamoat browserify
2021-04-20 13:39:49 +08:00
Etienne Dusseault
1baa94d1ab
Dep Upgrades for Lavamoat Patches (#10902)
* dep upgrades

* apply more patches
2021-04-20 11:37:21 +08:00
Brad Decker
d1f8171877
upgrade ethereumjs util (#10886) 2021-04-16 10:05:13 -05:00
Thomas Huang
253efc6f8c
Jest config (#10855)
* Setup jest config

* Adjust test for jest.

* Adjust lint config

* Omit swaps ui folder for unit testing

* Omit swaps from test:unit:lax

* Add jest.config.js to script files

* Restore mocks rather than clearing them.

* Update jest config and adjust lint to include subdirs

* Convert view-quote-price-difference test to jest

* Add jest ci and ci coverage scripts. Add jest unit test to general test command

* Add test coverage to ci

* Use --ignore flag

* Fixup

* Add @metamask/eslint-config-jest

* Update .eslintrc.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Adds jest-coverage/

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-04-09 10:20:32 -07:00
Erik Marks
e18deda0da
@metamask/eslint-config*@6.0.0 (#10858)
* @metamask/eslint-config*@6.0.0

* Minor eslintrc reorg
2021-04-08 14:34:55 -07:00
Mark Stacey
312f2afc41
Refactor changelog parsing and generation (#10847)
The `auto-changelog.js` script has been refactoring into various
different modules. This was done in preparation for migrating this to
a separate repository, where it can be used in our libraries as well.

Functionally this should act _mostly_ the same way, but there have been
some changes. It was difficult to make this a pure refactor because of
the strategy used to validate the changelog and ensure each addition
remained valid. Instead of being updated in-place, the changelog is now
parsed upfront and stored as a "Changelog" instance, which is a new
class that was written to allow only valid changes. The new changelog
is then stringified and completely overwrites the old one.

The parsing had to be much more strict, as any unanticipated content
would otherwise be erased unintentionally. This script now also
normalizes the formatting of the changelog (though the individual
change descriptions are still unformatted).

The changelog stringification now accommodates non-linear releases as
well. For example, you can now release v1.0.1 *after* v2.0.0, and it
will be listed in chronological order while also correctly constructing
the `compare` URLs for each release.
2021-04-08 16:14:30 -02:30
Thomas Huang
c339f28ce8
Adds jest dependency (#10845)
* Add Jest
2021-04-08 10:25:05 -07:00
Brad Decker
9079fb87ec
add abstraction for waitForSelector (#10844) 2021-04-08 10:41:23 -05:00
Brad Decker
f5c89843b1
remove node-sass dependency (#10797) 2021-04-02 11:57:05 -02:30
Brad Decker
1e44c34e1e
upgrade eslint deps (#10789) 2021-04-01 13:44:42 -05:00
Brad Decker
d5bfce3243
eslint perf improvement (#10775) 2021-03-31 10:19:20 -05:00
ryanml
e0b7d08ffb
Updating y18n and netmask to resolve dependency issues (#10765)
netmask@1.0.6 -> 2.0.1, y18n@3.2.1 -> 3.2.2, y18n@4.0.0 -> 4.0.1
2021-03-29 22:47:56 -07:00
Dan J Miller
254164aec4
update @metamask/etherscan-link to v2.0.0 (#10747) 2021-03-28 12:32:43 -02:30
Erik Marks
6d1add7afe
eth-block-tracker@5.0.1 (#10737) 2021-03-26 10:03:44 -07:00
Etienne Dusseault
8fc2c3272a
security - update SES lockdown (#10663)
* update ses

* build - reference ses directly

* deps - unify regenerator-runtime versions on 0.13.7

* patches - apply regenerator-runtime ses compat patch\nhttps://github.com/facebook/regenerator/pull/411

* patches - patch regenerator-runtime for latest ses fix

* reduc patch, new lockdown severe override taming

* updated redux patch

* update redux patch for production

* ignore lockdown in lint

* deps - bump patch-package just in case

* trailing comma

* remove ses as dep

* fix path for frozen promise

* remove js extension in lockdown require

* Revert "ignore lockdown in lint"

This reverts commit 8cefdc94dd25d7781bb09eed8af36441397676da.

* Revert "build - reference ses directly"

This reverts commit 30371a377dcdd781c1bf9abe55e9c8ae34da26b5.

* deps - update ses

* Revert "fix path for frozen promise"

This reverts commit 966e4c60921a25befe8ca8dea58313cc25852f72.

Co-authored-by: kumavis <aaron@kumavis.me>
2021-03-26 12:27:25 +08:00
kumavis
715f699ed9
build - refactor build system for easier configuration (#10718)
* build - refactor build system for easier configuration of before and after bundle

* build - fix dependenciesToBundle option

* build - fix bify external options and other config

* build - refactor for cleanliness

* build - fix minify argument

* build - fix sourcemaps setup

* scripts - refactor setupBundlerDefaults in anticipation of factor bundles

* build - scripts - remove unused pipeline label

* build - scripts - make filepath entry optional

* build - scripts - rename filepath and filename options to entryFilepath and destFilepath

* Update development/build/scripts.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-03-26 12:26:19 +08:00
Dan J Miller
9573aa7515
Update @metamask/controllers to v6.2.1 (#10701) 2021-03-25 17:37:52 -02:30
kumavis
ff86465a24
deps - remove "remotedev-server" (#10687)
* deps - remove remotedev-server

* Remove stale references from allow-scripts config

Any packages that are no longer in the dependency tree have been
removed from the `allow-scripts` config.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-03-22 15:32:25 -02:30
Shane
b50fe3184a
fix: replace dnode background with JSON-RPC (#10627)
fixes #10090
2021-03-18 11:23:46 -07:00
Erik Marks
a29fc51838
Ensure permission log will only store JSON-able data (#10524) 2021-03-10 11:50:06 -08:00
David Walsh
92680cf56f
Add support for multiple Ledger & Trezor hardware accounts (#10505) 2021-03-09 14:39:16 -06:00
Brad Decker
80266cf33c
update @metamask/etherscan-link to v1.5.0 (#10603) 2021-03-08 13:52:24 -06:00
Mark Stacey
a09dab4f6b
Update elliptic to v6.5.4 to address security advisory (#10602)
The `elliptic` package has been updated to v6.5.4 to address a security
advisory regarding a vulnerability in v6.5.3. We are not affected by
this vulnerability to the best of our knowledge. This is just to stay
on the safe side, and fix our audit check.
2021-03-08 14:25:06 -03:30
Mark Stacey
83371dff3e
Update @lavamoat/allow-scripts to v1.0.4 (#10599)
This patch update fixes an install issue encountered when trying to
update `eth-trezor-keyring` from v0.5.2 to v0.6.0.
2021-03-05 14:38:01 -03:30
ryanml
b74b70df2a
Resolving pull-ws to v3.3.2 (#10543) 2021-03-02 10:34:58 +08:00
ty
b04120dd0f
Warn users when an ENS name contains 'confusable' characters (#9187)
* Add warning system for 'confusable' ENS names (#9129)

Uses unicode.org's TR39 confusables.txt to display a warning when
'confusable' unicode points are detected.

Currently only the `AddRecipient` component has been updated, but the new
`Confusable` component could be used elsewhere

The new `unicode-confusables` dependency adds close to 100KB to the
bundle size, and around 30KB when gzipped.

Adds 'tag' prop to the tooltop-v2 component

Use $Red-500 for confusable ens warning

Lint Tooltip component

Update copy for confusing ENS domain warning.

* Fix prop type

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-02-27 01:56:04 -03:30
Brad Decker
aabe653240
Add Custom Network UI (#10310) 2021-02-22 10:20:42 -06:00
Etienne Dusseault
f196c9feb8
Add Lavamoat to build system (#9939)
* lavamoat - run build system in lavamoat

* lavamoat/allow-scripts - add missing policy entry

* update viz and lavvamoat

* trim policy file

* bump viz

* prue policy override

* regen policy file

* Update package.json

* Update package.json

* Apply suggestions from code review

Co-authored-by: kumavis <kumavis@users.noreply.github.com>

* update policy, remove redundant patches

* use yarn setup in CI

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-22 22:43:29 +08:00
David Walsh
3d579dfcef
Remove react-select and SimpleDropdown, use Dropdown (#10468) 2021-02-19 13:03:44 -06:00
Erik Marks
5996e84596
@metamask/contract-metadata@1.23.0 (#10475) 2021-02-18 12:01:35 -08:00
Austin Akers
2122b8cf16
Hide links to etherscan when no block explorer is specified for a custom network (#10455)
Conditionally render view on Etherscan text if it's a custom network

Fixes: #5631
2021-02-17 09:45:30 -03:30
Mark Stacey
2e9c66efc7
Deduplicate lockfile dependencies (#10452)
Dependencies in the lockfile have been deduplicated using the command:
`npx yarn-deduplicate`.
2021-02-16 11:11:45 -03:30
Mark Stacey
8a76dcc18a
Remove gulp-imagemin (#10435)
This package hasn't been used since #8140, which dropped it for being
too slow and of minimal benefit.

We should consider re-adding this as a CI check to ensure images are
optimized, but I don't think it should be re-added to the build process
itself.
2021-02-15 11:50:01 -03:30
Mark Stacey
932794a5dd
Remove gulp-babel package (#10437)
This has not been used in some time. The last import was removed in
the PR #4712
2021-02-15 11:03:51 -03:30
Mark Stacey
cbf375a6a2
Remove gulp-debug (#10436)
This dependency was added in #3781, but appears to have never actually
been used.
2021-02-13 17:05:34 -03:30
Mark Stacey
bc5a136af1
Remove unused react-test-renderer (#10431)
This package seems to have always been unused. I suspect it was added
years ago by mistake.
2021-02-13 17:03:13 -03:30
Mark Stacey
50c3b06563
Remove chai (#10440)
We don't seem to use chai assertions anywhere anymore. I'm unsure when
the last was removed.
2021-02-12 18:53:47 -03:30
Mark Stacey
eb879a7930
Remove deps-dump dependency (#10438)
This dependency was used in the Sesify bundle build task, which was
removed in #9514.
2021-02-12 18:11:37 -03:30
Mark Stacey
03562ff711
Remove file-loader package (#10439)
This dependency has not been used since #8249.
2021-02-12 17:50:31 -03:30
Mark Stacey
ff909d724e
Remove browserify-derequire (#10441)
This was used for the Sesify build, which was removed in #9514
2021-02-12 17:50:16 -03:30
Mark Stacey
036e1cf8ce
Remove regenerator-runtime (#10430)
This package was added as a devDependency to address a peerDependency
warning when installing Storybook v5.3.14. We're now using Storybook
v6, which doesn't list this as a peerDependency.
2021-02-12 14:20:12 -03:30
Mark Stacey
a9a6614290
Remove gulp-replace (#10432)
This package has not been used since #4712.
2021-02-12 14:19:43 -03:30
Mark Stacey
906324cb5e
Remove gulp-multi-process (#10434)
This package has not been used since #8140. We now spawn separate
processes directly in our build script rather than using this gulp
plugin to do so.
2021-02-12 14:16:25 -03:30
Mark Stacey
b9a3d3442f
Update react-devtools (#10429)
This update includes various improvements and bug fixes.
2021-02-12 14:06:43 -03:30
Mark Stacey
22f3e79bd8
Update eth-sig-util and ethashjs lockfile versions (#10383)
The packages `eth-sig-util` and `ethashjs` have been updated to their
latest in-range versions in the lockfile. This removes the last
instance of `ethereumjs-abi@0.6.5` from our dependency tree, as well as
the last non-optional instance of `sha3` (it's still present as a
transitive dependency of an optional development dependency via
`ganache`)
2021-02-08 17:50:04 -03:30
kumavis
1e086aeb06
storybook/i18n - add i18n party button (#10382) 2021-02-08 23:45:06 +08:00
Mark Stacey
9dc88397dc
Update @metamask/inpage-provider from v8.0.3 to v8.0.4 (#10378)
Fixes #10356

There was a bug in the inpage provider that would mistakenly report
usage of our injected `web3` instance when the `web3.currentProvider`
property was accessed. This was fixed in v8.0.4 of
`@metamask/inpage-provider`.
2021-02-08 20:41:39 +08:00
Mark Stacey
494c7da7dd
Update yarn.lock file (#10393)
The lockfile had extraneous packages that were removed upon install.
They must have been left behind as a result of a recent merge.
2021-02-08 20:35:42 +08:00
kumavis
b0215738a2
storybook - i18n toolbar (#10381)
* storybook - i18n toolbar

* lint fix
2021-02-06 10:28:54 +08:00
Erik Marks
76a2a9bb8b
@metamask/eslint config@5.0.0 (#10358)
* @metamask/eslint-config@5.0.0
* Update eslintrc and prettierrc
* yarn lint:fix
2021-02-04 10:15:23 -08:00
kumavis
b2d40f4e3a
deps - bump allow-scripts (#10370) 2021-02-04 09:39:45 -03:30
Etienne Dusseault
fc409a103b
Add .yarnrc to disable scripts (#10354)
* add yarn rc file to disable scripts

* remove ignore scripts in CI

* re-add entry

* add lavamoat preinstall always fail

* allow-scripts - add missing package to denylist

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-03 21:53:12 -03:30
kumavis
b98cef16af
Update to Node v14 (#9514)
* manual rebase against develop

* Update .nvmrc
2021-02-03 13:45:38 +08:00
Etienne Dusseault
6b34fb4184
Use @lavamoat/allow-scripts (#10009)
* use @lavamoat/allow-scripts for package postinstall allow list
* dnode: set "weak" to false

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2021-02-01 20:08:42 -08:00
dependabot[bot]
05f5deb701
Bump electron from 9.1.2 to 9.4.2 (#10308)
Bumps [electron](https://github.com/electron/electron) from 9.1.2 to 9.4.2.
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/master/docs/breaking-changes.md)
- [Commits](https://github.com/electron/electron/compare/v9.1.2...v9.4.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-01-28 17:47:18 -03:30
Erik Marks
bd57705b5f
@metamask/contract-metadata@1.22.0 (#10285) 2021-01-25 12:17:01 -08:00
Mark Stacey
183cc154fa
Update yarn.lock (#10241)
A recent change resulted in an outdated lockfile. These changes
resulted from running `yarn` with a clean working tree.
2021-01-21 17:03:57 -03:30
David Walsh
9b4715cc8f
Update postMessage structure for TrezorConnect 8 (#10192) 2021-01-21 11:12:54 -06:00
dependabot[bot]
cb8f82d171
Bump socket.io from 2.2.0 to 2.4.1 (#10232)
Bumps [socket.io](https://github.com/socketio/socket.io) from 2.2.0 to 2.4.1.
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/2.4.1/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/2.2.0...2.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-01-21 10:54:17 -03:30
Mark Stacey
6de41a1cf6
Update @reduxjs/toolkit from v1.3.2 to v1.5.0 (#10228)
The changes made between v1.3.2 and v1.5.0 of `@reduxjs/toolkit` don't
appear to affect us at all. They mostly consist of feature additions
and bug fixes for edge cases we haven't encountered.[1]

The one change that is technically breaking is that v8 of `immer` now
freezes state objects in production rather than just in development.
That would only be breaking if we were mutating Redux state though,
which we aren't doing in the few Redux slices in which we use
`@reduxjs/toolkit`. Even if we were, we would have noticed that it
broke in development already.

[1]: https://github.com/reduxjs/redux-toolkit/releases
2021-01-21 10:04:03 -03:30
Erik Marks
30ff153103
eth-rpc-errors@4.0.2 (#10226) 2021-01-20 22:06:41 -08:00
Erik Marks
118281b9a9
@metamask/inpage-provider@8.0.3 (#10219)
Restores the provider `data` event.
2021-01-20 10:42:59 -08:00
Brad Decker
acbe38c260
use dart sass, and update related modules (#10208) 2021-01-19 10:54:32 -06:00
Erik Marks
849a47afba
@metamask/inpage-provider@8.0.2 (#10178) 2021-01-12 14:22:22 -08:00
Erik Marks
d7c648db98
eth-method-registry@2.0.0 (#10169) 2021-01-11 08:27:51 -08:00
Erik Marks
6abb32f042
@metamask/contract-metadata@1.21.0 (#10142) 2021-01-05 11:08:23 -08:00
Brad Decker
7a65b33788
add module resolution for node-analytics/axios (#10139) 2021-01-04 17:44:16 -06:00
Erik Marks
2f6f8966bb
@metamask/contract-metadata@1.20.0 (#10116) 2020-12-21 12:07:32 -08:00
dependabot[bot]
5681634ba2
Bump @metamask/contract-metadata from 1.19.0 to 1.20.0 (#10104)
Bumps [@metamask/contract-metadata](https://github.com/MetaMask/contract-metadata) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/MetaMask/contract-metadata/releases)
- [Commits](https://github.com/MetaMask/contract-metadata/compare/v1.19.0...v1.20.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-18 10:14:48 -06:00
Mark Stacey
bba2b9646d
Update @metamask/controllers to v5.1.0 (#10096)
This update comes with a breaking change to the Approval controller. It
now requires a `defaultApprovalType` parameter.

I don't think we have any use for a default approval type, but I've
added a "NO_TYPE" one for now because it's a strict requirement. We
should consider making this parameter optional in the future, for cases
like this where it's not needed.

This update will hopefully address some caching issues we've been
seeing with our phishing configuration. See here for more details:
https://github.com/MetaMask/controllers/pull/297
2020-12-17 12:06:29 -03:30
Erik Marks
e05be40d92
@metamask/obs-store@5.0.0 (#10092) 2020-12-16 13:14:49 -08:00
dependabot[bot]
45b737fca0
Bump ini from 1.3.5 to 1.3.7 (#10064)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-11 18:27:42 -03:30
Mark Stacey
da1aae772b
Remove coveralls (#10063)
We don't look at coveralls very much. We might occasionally consult it
to see a report on our code coverage, but that report is already
generated entirely locally, and has been added to the MetaMask bot
comment in #10061.
2020-12-11 16:20:45 -03:30
Mark Stacey
4a5a2881d0
Update selenium-webdriver and geckodriver (#10057)
Update `geckodriver` to the latest version, and `selenium-webdriver`
to the second-most-recent version. Updates include various dependency
updates, bug fixes, and minor features. None of the updates seem to
directly affect us, aside from one new feature of `selenium-webdriver`
that updates the `installAddon` function to support `.zip` files, which
will be used in a subsequent PR.

`selenium-webdriver` was pinned one version behind latest because the
latest version caused our Chrome e2e tests to fail with a mysterious
error whenever `getAttribute` was called on a WebElement.
2020-12-11 12:03:20 -03:30
Mark Stacey
8ab5230115
Update tweetnacl dependencies (#10028)
The `eth_decrypt` used to fail on Firefox with a recursion error.
Updating these `tweetnacl` dependencies seemed to have fixed the issue
the last time I tested this.

When I tried to reproduce the failure today, it failed due to a
different reason, both before and after this update.

But nonetheless, it still seems like a good idea to update. These newer
versions have no breaking changes and contain important bug fixes.
2020-12-09 15:40:33 -03:30
Erik Marks
3bf94164ac
@metamask/inpage-provider@^8.0.0 (#8640)
* @metamask/inpage-provider@^8.0.0
* Replace public config store with JSON-RPC notifications
* Encapsulate notification permissioning in permissions controller
* Update prefix of certain internal RPC methods and notifications
* Add accounts to getProviderState
* Send accounts with isUnlocked notification (#10007)
* Rename provider streams, notify provider of stream failures (#10006)
2020-12-08 11:48:47 -08:00
dependabot[bot]
e8cb565b48
Bump highlight.js from 10.4.0 to 10.4.1 (#10004)
Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.4.0 to 10.4.1.
- [Release notes](https://github.com/highlightjs/highlight.js/releases)
- [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md)
- [Commits](https://github.com/highlightjs/highlight.js/compare/10.4.0...10.4.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-06 14:38:30 -08:00
Dan J Miller
97d268c8ee
Remove use of ethgasstation; use metaswap /gasPrices api for gas price estimates (#9867)
* Remove use of ethgassthat; use metaswap /gasPrices api for gas price estimates

* Remove references to ethgasstation

* Pass base to BigNumber constructor in fetchExternalBasicGasEstimates

* Update ui/app/hooks/useTokenTracker.js

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>

* Delete gas price chart

* Remove price chart css import

* Delete additional fee chart code

* Lint fix

* Delete more code no longer used after ethgasstation removal

Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2020-12-02 19:55:19 -03:30
Erik Marks
1da9ad77a4
json-rpc-engine@6.1.0 (#9922) 2020-12-02 11:41:24 -08:00
Erik Marks
df209612d5
@metamask/etherscan-link@1.4.0 (#9970) 2020-12-02 08:59:04 -08:00
Erik Marks
9d4b8a4903
@metamask/contract-metadata (#9968) 2020-12-01 14:55:01 -08:00
Mark Stacey
429847a686
Update to @storybook/*@6 (#9956)
Our Storybook dependencies have been updated to v6.1.9, from v5. This
was done to address a security vulnerability in a transitive dependency
of these packages (`highlight.js`).

The primary changes required by this Storybook update were the change
in import path for the `withKnobs` hook, the change in background
config format, and the webpack configuration. Storybook seems to work
correctly.

The migration was guided by the Storybook changelog[1] and the
Storybook v6 migration guide[2].

There is one Storybook error remaining; it fails to load the Euclid
font. This is a pre-existing error though, so we can fix it in a later
PR.

The `yarn.lock` file was deduplicated in this PR as well, as it was
required to fix various install warnings that were introduced with this
update.

[1]: https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md
[2]: https://github.com/storybookjs/storybook/blob/next/MIGRATION.md
2020-11-30 16:40:46 -03:30
Niranjana Binoy
6a9c15d4a4
updating the version of extension-port-stream to latest (#9942) 2020-11-24 14:32:06 -05:00
David Walsh
bf65c979d2
Use async storage instead of localstorage (#9919) 2020-11-24 09:38:04 -06:00
Etienne Dusseault
9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00
Erik Marks
f8f3faf539
resolve-url-loader@3.1.2 (#9925) 2020-11-20 13:52:07 -08:00
Dan J Miller
a9fcf0ea86
Use getTokenTrackerLink for asset view etherscan link in token-asset.js (#9913) 2020-11-19 00:59:42 -03:30
dependabot[bot]
198b503f94
Bump @metamask/eth-token-tracker from 3.0.1 to 3.1.0 (#9901)
Bumps [@metamask/eth-token-tracker](https://github.com/MetaMask/eth-token-tracker) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/MetaMask/eth-token-tracker/releases)
- [Changelog](https://github.com/MetaMask/eth-token-tracker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/eth-token-tracker/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-11-18 01:55:57 -03:30
Erik Marks
74839831c0
@metamask/controllers@4.2.0 (#9849) 2020-11-13 11:04:48 -08:00
Erik Marks
aa85533368
@metamask/controllers@4.0.2 (#9839) 2020-11-09 18:19:42 -08:00
Erik Marks
80834b775d
@metamask/controllers@4.0.0 (#9838) 2020-11-09 14:00:10 -08:00
kumavis
5e61955d99
deps - yarn-deduplicate (#9519) 2020-11-09 18:10:46 -03:30
Erik Marks
6aa6052318 eth-sig-util@3.0.0 2020-11-09 08:57:18 -08:00
David Walsh
dcd2927f03
Update etherscan-link to 1.2.0 (#9789) 2020-11-04 17:05:38 -06:00
Erik Marks
a6f676764f @metamask/test-dapp@4.0.1 2020-11-04 10:17:10 -08:00
Erik Marks
d2dc4a62c4 @metamask/test-dapp@4.0.0 2020-11-03 21:35:03 -08:00
Brad Decker
3c171de44c
potential fix for METAMASK-GKCN (#9768) 2020-11-03 11:58:22 -06:00
Brad Decker
2ebf8756a4
[RFC] add prettier to eslint (#8595) 2020-11-02 17:41:28 -06:00
dependabot[bot]
a8cb6fb4f6
Bump eth-contract-metadata from 1.16.0 to 1.17.0 (#9736)
Bumps [eth-contract-metadata](https://github.com/MetaMask/ethereum-contract-icons) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/MetaMask/ethereum-contract-icons/releases)
- [Commits](https://github.com/MetaMask/ethereum-contract-icons/compare/v1.16.0...v1.17.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-27 16:31:43 -02:30
Mark Stacey
d1b4d29219
Update ganache-core and ganache-cli (#9725)
`ganache-core` and `ganache-cli` have been updated to the latest
published versions.

Two Yarn resolutions have been made unnecessary by this update, so they
have been removed. They were added to update dependencies of
`ganache-core` to address security advisories. They have since been
updated in the latest `ganache-core` release.
2020-10-26 21:08:49 -02:30
Brad Decker
7d50357684
remove matomo and route to segment (#9646) 2020-10-26 14:05:57 -05:00
Erik Marks
bb2eed6a8d
@metamask/test-dapp@3.2.0 (#9707) 2020-10-23 20:59:49 -07:00
Etienne Dusseault
69d45ab46c
Add ses lockdown to build system (#9568)
* Add ses lockdown to build system using lavamoat-core

* use proper object.assign version

* disable lint rules for ses lockdown

* deps - update rtlcss

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-10-23 21:04:42 -02:30
dependabot[bot]
b0bbc2b366
Bump @metamask/controllers from 3.1.0 to 3.2.0 (#9692)
Bumps [@metamask/controllers](https://github.com/MetaMask/controllers) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/MetaMask/controllers/releases)
- [Changelog](https://github.com/MetaMask/controllers/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/controllers/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-23 14:35:53 -02:30
dependabot[bot]
343b982fe2
Bump @metamask/inpage-provider from 6.1.0 to 6.3.0 (#9691)
Bumps [@metamask/inpage-provider](https://github.com/MetaMask/inpage-provider) from 6.1.0 to 6.3.0.
- [Release notes](https://github.com/MetaMask/inpage-provider/releases)
- [Changelog](https://github.com/MetaMask/inpage-provider/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MetaMask/inpage-provider/compare/v6.1.0...v6.3.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-10-23 13:53:36 -02:30
Mark Stacey
7d0a7ab301
Update @metamask/eslint-config to v4.1.0 (#9663)
`@metamask/eslint-config` has been updated to v4.1.0. This update
requires that we update `eslint` to v7 as well, which in turn requires
updating most `eslint`-related packages.

Most notably, `babel-eslint` was replaced with `@babel/eslint-parser`,
and `babel-eslint-plugin` was replaced by `@babel/eslint-plugin`. This
required renaming all the `babel/*` rules to `@babel/*`.

Most new or updated rules that resulted in lint errors have been
temporarily disabled. They will be fixed and re-enabled in subsequent
PRs.
2020-10-21 14:01:03 -02:30
Ari Lotter
c3fafe311e
Spawn yarn processes in a cmd subshell on Windows (#9628)
On Windows, spawn fails if the exact filename
of a binary isn't passed. e.g. `spawn('yarn')` fails
because the binary is named `yarn.cmd`.
Instead, we depend on `cross-spawn` which handles differences
in `spawn` across platforms.
2020-10-20 01:37:23 -02:30
Mark Stacey
aae176537f
Update Sentry to the latest version. (#9597)
All three of our Sentry packages have been updated to the latest
versions. There appear to have been no breaking changes - just bug
fixes and new features.
2020-10-14 13:30:28 -02:30
Whymarrh Whitby
3353c33981
Use eth-contract-metadata@1.16.0 (#9540) 2020-10-09 13:07:23 -02:30
Whymarrh Whitby
8f3b81f67a
Use node-forge@0.10.0 (#9473)
This change updates `node-forge` to the latest published version, 0.10.0. This
update resolves a security advisory [1] brought in via our `3box` dependency.

  [1]:https://www.npmjs.com/advisories/1561
2020-10-01 16:37:07 -02:30
Erik Marks
48e2880731
rpc-cap@3.2.0 (#9461) 2020-09-24 08:33:48 -07:00
Erik Marks
60d4b6aa41
@metamask/controllers@3.1.0 (#9460) 2020-09-23 13:24:24 -07:00
Mark Stacey
97b49b7614
Add prettier-plugin-sort-json (#9450)
JSON files are now sorted by key with `prettier`, using the plugin
`prettier-plugin-sort-json`. This does not affect `package.json`
because `prettier` uses a special parser for that file, as it has
a more restrictive format than JSON.
2020-09-23 12:21:42 -02:30
Erik Marks
3f2a7fd6ac
eth-json-rpc-filters@4.2.1 (#9452) 2020-09-22 21:55:59 -07:00
Erik Marks
242a5b3f23
eth-json-rpc-infura@5.1.0 (#9451) 2020-09-22 20:46:02 -07:00
Erik Marks
2eb8a9aca9
eth-json-rpc-middleware@6.0.0 (#9448) 2020-09-22 19:03:12 -07:00
Whymarrh Whitby
b83bca7223
Use eth-phishing-detect@1.1.14 (#9423) 2020-09-16 16:24:56 -02:30
Whymarrh Whitby
3b70cf64ec
Use @metamask/controllers@3.0.1 (#9416) 2020-09-16 14:34:28 -02:30
Whymarrh Whitby
34b3953815
Use eth-json-rpc-middleware@5.0.3 (#9405) 2020-09-14 19:17:29 -02:30
dependabot[bot]
b1665dedc6
Bump node-fetch from 2.6.0 to 2.6.1 (#9399)
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-14 15:45:42 -02:30
Brad Decker
8b24f624dd
add segment implementation of metametrics (#9382)
Co-authored-by: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-09-14 12:04:05 -05:00
Mark Stacey
9391eac670
Update @metamask/eth-token-tracker from v3.0.0 to v3.0.1 (#9398)
`v3.0.1` of `@metamask/eth-token-tracker` fixes how token balances are
displayed when they are between 1 and 0.1. See here for more details:
https://github.com/MetaMask/eth-token-tracker/pull/47
2020-09-11 19:03:24 -03:00
Mark Stacey
ce66ddcf0d
Use prettier for JSON linting (#9396)
Instead of using `eslint-plugin-json` for linting JSON files,
`prettier` is now used. `prettier` is capable of detecting and
correcting more problems than `eslint-plugin-json` can, such as
indentation.

All JSON files have been run through `prettier`. The changes are all
superficial.
2020-09-11 10:57:39 -03:00
Whymarrh Whitby
e2dedaacdb
Use Infura v3 API (#9368)
* Use eth-json-rpc-infura@5.0.0
* Use Infura v3 API
* Add example .metamaskrc file
2020-09-10 13:46:00 -02:30
Whymarrh Whitby
89eade97c5
Use bl@3.0.1, dedupe bl@1.x (#9375) 2020-09-08 18:23:44 -02:30
Whymarrh Whitby
253cd12bbb
Use yargs@7.1.1 (#9364)
This change updates the `yargs` dependency introduced by `gulp-cli` to the latest
`^7` version, addressing [`GHSA-p9pc-299p-vxgp`][1].

  [1]:https://github.com/advisories/GHSA-p9pc-299p-vxgp

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp > gulp-cli > yargs > yargs-parser                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-09-07 11:16:45 -02:30
Whymarrh Whitby
9c77f6add2
Use bl@1.2.3 (#9349) 2020-09-03 13:29:20 -02:30
Whymarrh Whitby
1e99a7b0c3
Migrate to scoped @metamask/jazzicon (#9341) 2020-09-02 12:37:56 -02:30
Whymarrh Whitby
a6e93a6344
Use ganache-core/websocket@1.0.32 (#9340)
This change updates `websocket` to address a low-severity security advisory
with `yargs-parser`.

See https://www.npmjs.com/advisories/1500 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ganache-core                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ganache-core > websocket > gulp > gulp-cli > yargs >         │
│               │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-09-02 12:36:12 -02:30
Whymarrh Whitby
72313f011d
Use derequire@2.1.1 (#9332)
This change updates `derequire` to address a low-severity security advisory
with `yargs-parser`.

See https://www.npmjs.com/advisories/1500 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ browserify-derequire                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ browserify-derequire > derequire > yargs > yargs-parser      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-08-31 21:54:06 -02:30
Whymarrh Whitby
ba9af7d7bf
Use react-inspector@4.0.1 (#9331)
This change addresses a low-severity security advisory for `yargs-parser`.

See https://www.npmjs.com/advisories/1500 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-actions                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/addon-actions > react-inspector >                 │
│               │ storybook-chromatic > @chromaui/localtunnel > yargs >        │
│               │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-08-31 13:11:25 -02:30
Whymarrh Whitby
1024f49275
Use @metamask/eslint-config@3.2.0 (#9330) 2020-08-31 13:11:15 -02:30
Erik Marks
3aaa41ef44
Replace abi-decoder with ethers (#9290)
* replace abi-decoder with ethers

* handle transaction parsing errors

* update token param getter function names

* add docstrings
2020-08-21 19:29:19 -07:00
Erik Marks
02d318d493
Add @metamask/logo (#9281)
* Remove metamask-logo
2020-08-20 10:48:43 -07:00
Dan J Miller
42f4c2e407
MetaMask mascot support for provided directions targets and toggling followMouse (#9166)
* MetaMask mascot support for provided directions targets and toggling followMouse

* Fixes for mascot.component.js

* Update metamask-logo version to 2.4.0

* Lint fix

* Fix mouse follow updating

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Improve mascot story name

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Update package.json

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* Lint fix

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-20 05:29:03 -02:30
Thomas Huang
5f11273550
Add react-testing-library/react (#9249)
* Add react-testing-library

Adds react-testing-library as a dependency, creates a wrapper function with Provider store/I18n context support, and implements it in unconnected-account-alert.

* Refactor renderWithProvider store to extra param, instead of component prop store
2020-08-19 21:13:59 -07:00
Whymarrh Whitby
2b7a692658
Use @metamask/eslint-config@3.1.0 (#9275)
This change updates the shared ESLint config to the latest published version,
v3.1.0.

From the config [`CHANGELOG.md`][1]: v3.0.1 has disabled `prefer-object-spread`
by default, so it has been enabled for this project.

  [1]:https://github.com/MetaMask/eslint-config/blob/master/CHANGELOG.md
2020-08-19 17:34:58 -02:30
Whymarrh Whitby
b6ccd22d6c
Update ESLint shared config to v3 (#9274)
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-08-19 13:57:05 -02:30
Whymarrh Whitby
5c74420850
Use @metamask/controllers@2.0.5 (#9266) 2020-08-18 21:37:02 -02:30
Whymarrh Whitby
c188121c3d
Dedupe glob-parent versions (#9220) 2020-08-14 09:16:24 -02:30
Whymarrh Whitby
e8b31a77b9
Use copy-webpack-plugin@6.0.3 (#9197)
This updates the `copy-webpack-plugin` to the latest published version, 6.0.3,
resolving [a high-severity security advisory][1] with its `serialize-javascript`
dependency.

  [1]: https://www.npmjs.com/advisories/1548

See https://www.npmjs.com/advisories/1548 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ copy-webpack-plugin                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ copy-webpack-plugin > serialize-javascript                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1548                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```

The relevant [`v6.0.0`][2] breaking changes:

- minimum supported Node.js version is 10.13
    -  We use 10.18.1 locally and on CI
- the plugin now accepts an object, you should change `new CopyPlugin(patterns, options)` to `new CopyPlugin({ patterns, options })`
    -  Updated `.storybook/webpack.config.js`

  [2]:https://github.com/webpack-contrib/copy-webpack-plugin/releases/tag/v6.0.0
2020-08-12 22:02:40 -02:30
Whymarrh Whitby
d4f65e16b4 Use terser-webpack-plugin@2.3.8 2020-08-12 14:59:00 -02:30
Whymarrh Whitby
ca544a65ae Use terser-webpack-plugin@1.4.5 2020-08-12 14:59:00 -02:30
Whymarrh Whitby
d0366ad8f2
Use luxon@1.24.1 (#9154) 2020-08-07 12:33:03 -02:30
Thomas Huang
9e1aed88c2
Update 'react-devtools' to ^4.8.0 (#9140)
* bump-react-devtools

* Completed yarn lock after version bump of react-devtools
2020-08-06 12:30:28 -07:00
Mark Stacey
c7db4c5a4d
Update brfs from v1.6.1 to v2.0.2 (#9115)
We were not affected by the breaking changes introduced with v2.0.0.
This was updated primarily to get a bugfix relating to source maps, and
to update some older transitive dependencies.
2020-07-30 17:44:13 -03:00
Mark Stacey
b19e048f58
Update browserify from v16.2.3 to v16.5.1 (#9113)
The changes between these two versions don't seen to affect us a great
deal. The browserify dependency updates do result in changes to our
production bundle, but the changes have no obvious functional impact.
2020-07-30 16:02:27 -03:00
Mark Stacey
081153a0df
Update sesify-viz from v3.0.9 to v3.0.10 (#9111)
The changes between v3.0.9 and v3.0.10 are minimial - just some minor
improvements to error handling.
2020-07-30 14:55:46 -03:00
Mark Stacey
ee291d48e9
Update gulp-rename from v1.4.0 to v2.0.0 (#9112)
The changes between these versions don't affect us. The breaking change
was related to passing in a function to `gulp-rename`, which we don't
do.
2020-07-30 14:55:26 -03:00
Mark Stacey
3f53db1846
Update source-map-explorer from v2.0.1 to v2.4.2 (#9110)
The output remains identical between these two versions, and none of
the changelog entries appear relevant to us (aside from maybe some of
the bug fixes).
2020-07-30 14:43:02 -03:00
Whymarrh Whitby
d990de4a0c
Update dependencies (#9105)
This change updates the following two dependencies to address high severity advisories in the production dependencies:

* Use elliptic@6.5.3
* Use dot-prop@5.2.0

The public advisories:

- `elliptic`: [npm](https://www.npmjs.com/advisories/1547)
- `dot-prop`: [npm](https://www.npmjs.com/advisories/1213), [GHSA-ff7x-qrg7-qggm](https://github.com/advisories/GHSA-ff7x-qrg7-qggm)

I don't believe there to be any functional changes here:

- I don't think we hit any (important?) codepaths of the whole `ipld-zcash/zcash-bitcore-lib/elliptic` subtree of 3Box
- `dot-prop` doesn't have a changelog but;
    - Looking through [`v3.0.0...v4.0.0`](https://github.com/sindresorhus/dot-prop/compare/v3.0.0...v4.0.0) it would seem that the breaking change was requiring Node.js 4 ([`88b6eb6`](88b6eb66cf))
    - The only breaking change listed for [v5.0.0](https://github.com/sindresorhus/dot-prop/releases/tag/v5.0.0) was requiring Node.js 8.
2020-07-29 19:39:47 -02:30
Mark Stacey
a69245d9ba
Improve source maps (#9101)
Our source maps were being corrupted during minification, because the
`gulp-terser-js` plugin we were using didn't account for the existence
of sourcemaps in the input. A configuration option to allow the input
of sourcemaps was added in v5.2.0. The plugin has been updated, and we
now use this option.

Previously the generated sourcemaps had an invalid entry in the
"sources" array, with the filename of the bundle itself. This was not a
real source. After this change, this invalid source is no longer
present.
2020-07-29 17:31:01 -03:00
Erik Marks
a3cad5d52e
rpc-cap@3.1.0 (#9103) 2020-07-29 12:56:24 -07:00
Erik Marks
99899b5df9
json-rpc-engine@5.2.0 (#9091) 2020-07-28 10:01:24 -07:00
ryanml
b4663eb78b
Fixes MetaMask/metamask-extension#8626 - verifies password on requesting seed phrase (#9063) 2020-07-24 19:47:40 -03:00
Brad Decker
21292a8ed1
update eth-token-tracker (#9056) 2020-07-22 15:31:22 -05:00
Whymarrh Whitby
33430f6dea
Use content-hash@2.5.2 (#9051) 2020-07-22 15:19:49 -02:30
Erik Marks
3c9a51d1af
@metamask/inpage-provider@6.1.0 (#9046) 2020-07-21 15:21:02 -07:00
Erik Marks
a51c518d09
@metamask/inpage-provider@6.0.1 (#9003) 2020-07-15 12:34:08 -07:00
Mark Stacey
49c46c9ed2
Update stylelint from v9.10.1 to v13.6.1 (#9001)
The changes made between v9.10.1 and v13.6.1 don't appear to be
relevant to us, aside from bug fixes that we'd benefit from.

`gulp-stylelint` also needed to be updated, as it's in-step with
`stylelint`. It went from v7 to v13.0.0. The changes aren't notable
here for us either.
2020-07-15 16:03:14 -03:00
Mark Stacey
c9dfc62123
Fix stylelint (#8169)
* Stylelint: Ignore only top-level directories

The `.stylelintignore` entries lacked leading slashes, so most of the
UI code was ignored (because it fell under the `ui/app` directory, and
`app/` was ignored.

The leading slashes ensure only the intended top-level directories are
ignored.

* Simplify stylelint rules

We use the `stylelint-config-standard` rule-set, so most commonly-used
stylelint rules are inherited from that.

Some of the removed rules were redundant, some of them were more strict
than the rules in `standard` and we hadn't been following them in
practice, and some were obsolete.

* Convert stylelint config to JavaScript

JavaScript is a bit easier than JSON to work with, as it allows
comments.

This was also done to make it easier to merge in the `stylelint-config-
standard`, which is also in JavaScript.

* Inline `stylelint-config-standard`

I intend to go through each of these rules one-by-one, which is easier
with all of these rules inlined. Selectively overriding/disabling them
would have been messy.

* Comment out rules that aren't current working

These rules have been temporarily disabled. They will be re-renabled
one-by-one as they are fixed. This was done to make it easier to split
these changes among separate PRs, as many of the rules require
extensive functional changes.

* Add `stylelint` to `lint` script

`stylelint` is now run as part of the `lint` script. There is also a
separate `lint:styles` script for running just `stylelint`.
2020-07-14 16:12:53 -03:00
Whymarrh Whitby
e713dd7698
Fix sort order of ethereumjs-block in yarn.lock (#8985)
Refs a2d0d6209 (#8979)

This fixes the sort order of the yarn.lock file
2020-07-14 16:32:53 -02:30
Whymarrh Whitby
4e7d999875
Dedupe fs-extras versions (#8980) 2020-07-14 15:50:54 -02:30
Whymarrh Whitby
6b97cb8c5c
Use eslint-plugin-mocha@6.3.0 (#8984) 2020-07-14 14:26:03 -02:30
Whymarrh Whitby
82f7b448d9
Dedupe find-cache-dir versions (#8981) 2020-07-14 14:03:06 -02:30
Whymarrh Whitby
14c952b15c
Use eslint-plugin-import@2.22.0 (#8983) 2020-07-14 13:43:19 -02:30
Whymarrh Whitby
a2d0d6209d
Dedupe ethereumjs-block versions (#8979) 2020-07-14 13:43:04 -02:30
Whymarrh Whitby
4f0a205369
Use eslint@6.8.0 (#8978)
* Use eslint@6.8.0
* yarn lint:fix
2020-07-14 12:50:41 -02:30
Whymarrh Whitby
07237e3dbf
Use extract-zip@1.7.0 (#8977) 2020-07-14 11:04:46 -02:30
Whymarrh Whitby
6b9a3fb9a6
Use abortcontroller-polyfill@1.4.0 (#8970) 2020-07-14 10:06:06 -02:30
Whymarrh Whitby
956dea91fb
Use gonzales-pe@4.3.0 (#8971) 2020-07-14 10:05:36 -02:30
Whymarrh Whitby
0d8b399609
Use lodash@4.17.19 (#8969) 2020-07-14 10:05:08 -02:30
Mark Stacey
2856af2336
Remove integration tests (#8959)
The remaining integration tests are all covered by e2e tests, so
they're no longer needed.

All associated scripts, fixtures, and dependencies have also been
removed.
2020-07-10 12:22:36 -03:00
Mark Stacey
111bef2baa
Update @metamask/test-dapp to v3.1.0 (#8963)
This updated test dapp has a new `personal_sign` button. It also fixes
the `Encrypt` button, which was broken in `v3.0.0`.

The `signature-request` e2e test needed to be updated to find the
'Sign' button by id rather than by text, since there are now two
buttons with the text 'Sign'.
2020-07-10 10:43:18 -03:00
Brad Decker
3cbcc913e9
update material-ui/core (#8950) 2020-07-09 16:05:44 -05:00
Brad Decker
cd4903f65e
remove ramda (#8932) 2020-07-08 15:17:53 -05:00
Whymarrh Whitby
88e33c8d79
Use lodash@4.17.17 (#8940) 2020-07-08 14:08:04 -02:30
Brad Decker
14416a796a
add support for nullish coalescing (#8935) 2020-07-07 15:15:04 -05:00
Erik Marks
f4c60df0c1
rpc-cap@3.0.1 (#8929) 2020-07-06 11:50:05 -07:00
Erik Marks
8bc02d4b5e
rpc-cap@3.0.0 (#8924)
* rpc-cap@3.0.0

* adapt use of rpc-cap for new major version
2020-07-05 12:49:22 -07:00
Erik Marks
2f2cf07ef5
eth-json-rpc-middleware@5.0.2 (#8923) 2020-07-04 17:04:55 -07:00
Erik Marks
916edc64f0
@metamask/inpage-provider@6.0.0 (#8921) 2020-07-04 10:13:00 -07:00
Erik Marks
b6504341bd
@metamask/test-dapp@3.0.0 (#8902) 2020-07-03 11:12:32 -07:00
Erik Marks
d3aa9f8620
eth-keyring-controller@6.0.1 (#8897) 2020-07-02 17:33:49 -07:00
Erik Marks
dd209c8fd2
@metamask/test-dapp@2.2.0 (#8888) 2020-07-02 11:05:16 -07:00
Erik Marks
04198ec30a
update inpage provider (#8872)
Update `@metamask/inpage-provider` to v5.2.1
2020-06-29 15:57:36 -03:00
Erik Marks
79e001b9ac
eth-contract-metadata@1.15.0 (#8871) 2020-06-29 15:56:58 -03:00
Erik Marks
242db43700
Update inpage provider, deprecation warnings (#8854) 2020-06-24 15:21:57 -07:00
Erik Marks
3bd4528d9d
Update test-dapp (#8856)
* update test-dapp
2020-06-24 14:16:51 -07:00
Erik Marks
be3ac50791
Update eth-json-rpc-middleware (#8847) 2020-06-23 13:08:41 -07:00
Erik Marks
04de9a92c5
Fix signing method bugs (#8833)
* update signTypedData validation

* update tests for new eth-json-rpc-middleware

* remove lowercasing of tx 'from' addresses
2020-06-23 09:12:11 -07:00
Whymarrh Whitby
3673d69816
Use gulp-cli@2.3.0 (#8845) 2020-06-23 05:51:55 -02:30
Whymarrh Whitby
2abbeadbfb
Use node-sass@4.14.1 (#8844)
This change updates our `node-sass` dependency to the latest version, 4.14.1.
This resolves two security advisories brought in by an outdated `yargs-parser`
subdependency.

See https://www.npmjs.com/advisories/1500 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-sass                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-sass > sass-graph > yargs > yargs-parser                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-sass                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp-sass > node-sass > sass-graph > yargs > yargs-parser    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-06-23 05:51:43 -02:30
Whymarrh Whitby
dc398191e0
Use @metamask/controllers@2.0.1 (#8832) 2020-06-18 12:10:01 -02:30
Whymarrh Whitby
3f8fa161ca
Use markdown-to-jsx@6.11.4 (#8809)
This change updates the `markdown-to-jsx` dependency to the latest version,
resolving XSS security advisories.

See https://www.npmjs.com/advisories/1219 for more information.

The `yarn audit` output:

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-actions                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/addon-actions > @storybook/components >           │
│               │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-backgrounds                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/addon-backgrounds > @storybook/components >       │
│               │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-knobs                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/addon-knobs > @storybook/components >             │
│               │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/core                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/core > @storybook/ui > @storybook/components >    │
│               │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/react > @storybook/core > @storybook/ui >         │
│               │ @storybook/components > markdown-to-jsx                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/core                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/core > @storybook/ui > markdown-to-jsx            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=6.11.4                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/react > @storybook/core > @storybook/ui >         │
│               │ markdown-to-jsx                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1219                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
2020-06-15 16:13:45 -02:30
Brad Decker
2f50e9fd72
Restore timing function (#8774)
* restore and enhance the time est feature

background: we had a feature for showing a time estimate on pending txs
that was accidently removed during the redesign implementation. This PR
restores that feature and also enhances it:
1. Displays the time estimate on all views instead of just fullscreen
2. Uses Intl.RelativeTimeFormat to format the time
3. Adds a way to toggle the feature flag.
4. Uses a hook to calculate the time remaining instead of a component

* Update app/_locales/en/messages.json

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* do not display on test nets

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-06-12 13:46:01 -05:00
Brad Decker
13d6803698
Adds the rule of hooks eslint rule (#8779) 2020-06-10 13:31:14 -05:00
dependabot[bot]
c30da94a41
Bump websocket-extensions from 0.1.3 to 0.1.4 (#8759)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-06-08 09:40:28 -02:30
Brad Decker
34fb525ce5
Limit Dapp permissions to primary account (#8653) 2020-05-27 22:35:09 -05:00
Mark Stacey
a0d64c7932
Implement new fullscreen design (#8657)
The fullscreen UI now shows roughly the same design as the popup UI.
A few additional changes depicted in the new fullscreen designs will
be implemented in subsequent PRs (e.g. the inline buttons on assets)

This was done now to make asset pages easier to implement. Implementing
asset pages solely for the popup UI would have been complicated by the
fact that we use viewport size to switch between the two layouts, so we
would have had to re-route upon resizing the window.
2020-05-27 17:28:33 -03:00
Whymarrh Whitby
c0e32b54eb
Use @storybook/storybook-deployer@2.8.6 (#8656) 2020-05-27 12:43:19 -02:30
Whymarrh Whitby
d989cbd8a6
Use concurrently@5.2.0 (#8655) 2020-05-26 22:41:51 -02:30
Whymarrh Whitby
e06fb2c9f6
Use mocha@7.2.0 (#8650) 2020-05-26 16:25:42 -02:30
Whymarrh Whitby
99ef101495
Use decompress@4.2.1 (#8649) 2020-05-26 03:42:38 -02:30
Whymarrh Whitby
71882d644f
Use http-proxy@1.18.1 (#8648) 2020-05-26 03:42:21 -02:30
Erik Marks
8d2c543ea5
Update eth-keyring-controller (#8611) 2020-05-18 13:05:37 -07:00
Mark Stacey
ce11fad81c
Improve account options menu (#8607)
The account options menu is now much faster, and it correctly closes
when 'Switch account' is selected.

A static width had to be set on the menu so that it could be positioned
reliably. Without this width set, it was rendered as a different size
before positioning than after, which resulted in it being positioned
incorrectly. A `z-index` had to be added (equal to the `z-index` used
by the popover component) to ensure it wasn't rendered beneath the
popover.

The menu is automatically positioned relative to the account options
button, appearing below the button by default but above it instead if
there isn't room below. It is positioned to be inside the bounds of the
popover as well.

The account options button is now a `<button>` rather than a `<i>`.
This required a few additional style rules to overrule the default
button styles. Additionally the size was increased so that it matches
the designs more closely.

The callbacks for connecting, disconnecting, and switching accounts
have been updated to use state and props to determine the correct
address to use, rather than being bound to the correct address
parameter in the render function. This means we aren't creating a new
function upon each render anymore.

The `showAccountOptions` method still needs to be bound once per
account, but this was switched to use more readable syntax (`.bind`,
instead of the double arrow function).

`react-popper` and `@popperjs/core` were both added as dependencies.
These should be used for any UI requiring relative positioning (e.g.
tooltips, menus, etc.). Older versions of these libraries are already
in our codebase as transitive dependencies of the tooltip library we're
using.
2020-05-18 14:51:29 -03:00
Erik Marks
0470386326
Delete recent blocks controller (#8575)
* delete recent blocks controller

* delete percentile from direct dependencies
2020-05-12 12:40:33 -07:00
Brad Decker
0aa41e397e
factor out containers for currency components (#8543) 2020-05-12 14:07:35 -05:00
Whymarrh Whitby
3b1794f77b
Switch to @metamask/controllers package (#8560) 2020-05-12 12:30:24 -02:30
Erik Marks
4a065cc8c8
Update ganache-cli, ganache-core (#8538) 2020-05-07 19:10:22 -07:00
Whymarrh Whitby
1629f1bbe9
Use gaba@1.11.0 (#8548) 2020-05-07 19:25:24 -02:30
Erik Marks
748d5e680c
Add @metamask/test-dapp (#8464)
* add @metamask/test-dapp; delete contract-test files

* dedupe @metamask/onboarding, remove from direct deps
2020-05-01 11:23:03 -07:00
Erik Marks
7419fa84ae
update eth-contract-metadata (#8466) 2020-04-30 09:50:25 -03:00
Mark Stacey
53feb20803
Alert user upon switching to unconnected account (#8312)
An alert is now shown when the user switches from an account that is
connected to the active tab to an account that is not connected. The
alert prompts the user to dismiss the alert or connect the account
they're switching to.

The "loading" state is handled by disabling the buttons, and the error
state is handled by displaying a generic error message and disabling
the connect button.

The new reducer for this alert has been created with `createSlice` from
the Redux Toolkit. This utility is recommended by the Redux team, and
represents a new style of writing reducers that I hope we will use more
in the future (or at least something similar). `createSlice` constructs
a reducer, actions, and action creators automatically. The reducer is
constructed using their `createReducer` helper, which uses Immer to
allow directly mutating the state in the reducer but exposing these
changes as immutable.
2020-04-29 14:10:51 -03:00
Erik Marks
c011c0406b
Add new inpage provider package (#8442)
* add @metamask/inpage-provider

* fix failing e2e tests

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-04-28 17:14:51 -07:00
Mark Stacey
d68f156ac7
Update pify to v5.0.0 (#8383)
`pify` v5.0.0 will preserve `this` references correctly, so explicit
binding of objects passed to `pify` is no longer needed.

There are no breaking changes that affect us; the only breaking change
in v4 and v5 is to update the minimum Node.js version to v10.
2020-04-22 17:46:25 -03:00
Mark Stacey
5ee1291662
Prevent accidental use of globals (#8340)
Previously all browser globals were allowed to be used anywhere by
ESLint because we had set the `env` property to `browser` in the ESLint
config. This has made it easy to accidentally use browser globals
(e.g. #8338), so it has been removed. Instead we now have a short list
of allowed globals.

All browser globals are now accessed as properties on `window`.

Unfortunately this change resulted in a few different confusing unit
test errors, as some of our unit tests setup assumed that a particular
global would be used via `window` or `global`. In particular,
`window.fetch` didn't work correctly because it wasn't patched by the
AbortController polyfill (only `global.fetch` was being patched).
The `jsdom-global` package we were using complicated matters by setting
all of the JSDOM `window` properties directly on `global`, overwriting
the `AbortController` for example.

The `helpers.js` test setup module has been simplified somewhat by
removing `jsdom-global` and constructing the JSDOM instance manually.
The JSDOM window is set on `window`, and a few properties are set on
`global` as well as needed by various dependencies. `node-fetch` and
the AbortController polyfill/patch now work as expected as well,
though `fetch` is only available on `window` now.
2020-04-15 14:23:27 -03:00
Mark Stacey
3735f0bf8c
Replace fetch-mock with stub (#8339)
The `fetch-mock` package has been removed, and replaced with a simple
stub in the one place it was used.
2020-04-15 13:01:02 -03:00
Whymarrh Whitby
e60cac8535
Dedupe eth-phishing-detect versions, use 1.1.13 (#8323) 2020-04-10 17:05:35 -02:30
Mark Stacey
f1c9f1ab68
Fix Font Awesome in Storybook build (#8304)
The Font Awesome font wasn't loaded correctly in the Storybook build.
Unlike our other fonts, Font Awesome is copied from `node_modules` at
build-time rather than being saved directly in `app/fonts`.

The `copy-webpack-plugin` plugin is now used in the Storybook webpack
build to copy the fonts explicitly from `node_modules` into the build
output directory. The font now seems to load correctly in Storybook.
2020-04-08 10:22:20 -03:00
Whymarrh Whitby
d41d4489d9
Use luxon@1.23.0 (#8302) 2020-04-07 19:54:34 -02:30
Whymarrh Whitby
d8e0c9edd9
Use @metamask/etherscan-link@1.1.0 (#8294) 2020-04-06 13:38:44 -02:30
Whymarrh Whitby
9901a39961
Remove http-server dependency (#8272) 2020-04-01 15:43:25 -02:30
Mark Stacey
b30a352acb
Use @fortawesome/fontawesome-free npm package (#8256)
The official npm package for Font Awesome Free is now used instead of
the vendored styles. Previously we had been using v4.4.0, now we're
using v5.13.0.

We're now importing the Font Awesome SCSS modules instead of using the
minified CSS bundle. This integrates more cleanly into our build
system, and it lets us use their mixins directly in the future if we
need to.

The variable `fa-font-path` has been set to reference our font
directory, as instructed here:
https://fontawesome.com/how-to-use/on-the-web/using-with/sass#compile
2020-03-30 20:05:51 -03:00
Mark Stacey
4b59d6099a
Fix token list when balance is zero (#8250)
The token list would be stuck on "Loading" when there was at least one
token, but the balance of all tokens was zero. This bug was only
present on `develop`, and has not affected any published version of the
extension.

This was introduced in #8223, which removed what at the time seemed to
be an unnecessary update step. It turns out that the step was required
as a workaround to this bug with the token tracker.

The bug was fixed in https://github.com/MetaMask/eth-token-tracker/pull/33
and published in v2.0.0 of `@metamask/eth-token-tracker`.
2020-03-30 15:37:51 -03:00
Mark Stacey
2965eba1dd
Update lockfile to remove redundant requirement (#8236)
This redundancy is removed automatically by `yarn` upon each install.
This was accidentally left in the lockfile in #8228
2020-03-25 14:58:42 -03:00
Whymarrh Whitby
e729add61d
Use caniuse-lite@1.0.30001036 (#8228) 2020-03-23 21:54:00 -02:30
Erik Marks
2301d9980e
Wait for extension unlock before processing eth_requestAccounts (#8149)
* eth_requestAccounts: wait on unlock

return error on duplicate eth_requestAccounts
add getUnlockPromise mock to permissions unit tests

* only await unlock if already permitted

* add notification badge for wait on unlock

* fixup

* more fixup

* cleanup

* update keyring controller, us its unlock event

* move keyring update unlock logic to unlock event handler

* fix unit tests

* delete onUnlock handler

* fix eth-keyring-controller resolution

* update eth-keyring-controller
2020-03-23 09:25:55 -07:00
Whymarrh Whitby
f7d906b489
Use acorn@7.1.1 (#8215) 2020-03-19 12:48:16 -02:30
Whymarrh Whitby
4d38a59182
Use acorn@5.7.4 and acorn@6.4.1 (#8203) 2020-03-17 15:25:35 -02:30
Whymarrh Whitby
8b1bde9ae3
Use kind-of@6.0.3 (#8202) 2020-03-17 15:25:11 -02:30
Whymarrh Whitby
5c158ed11d
Force resolve all minimist versions to minimist@1.2.5 (#8206) 2020-03-17 14:15:09 -03:00
Erik Marks
b1d090ac4d
Add permissions controller unit tests (#7969)
* add permissions controller, log, middleware, and restricted method unit tests

* fix permissions-related bugs

* convert permissions log to controller-like class

* add permissions unit test coverage requirements

* update rpc-cap

Co-Authored-By: Whymarrh Whitby <whymarrh.whitby@gmail.com>
Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2020-03-16 10:13:22 -07:00
kumavis
7686edadb0
Build system refactor (#8140)
* build - start static asset task cleanup

* build - simplify manifest tasks

* build - refactor + rename some tasks

* build - various cleanups

* manifest - fix ref from controller

* build - drop gulp for simple async tasks

* build - breakout gulpfile into multiple files

* build - rename some tasks

* build - use task fn refs instead of string names

* build - bundle all scripts first, except for contentscript

* build - improve task timeline

* deps - update lock

* build - improve task time printout

* build/scripts - remove intermediate named task

* build - use 'yarn build' for task entry points

* build - properly run tasks via runTask for timeline display

* development/announcer - fix manifest path + clean

* build - lint fix

* build - make all defined tasks possible entry points

* build/task - properly report errors during task

* ci - fix sesify/lavamoat-viz build command

* build/scripts - run each bundle in separate processes

* lint fix

* build - forward childProcess logs to console

* build/task - fix parallel/series stream end event

* build/scripts refactor contentscript+inpage into a single task

* build/static - use the fs for 150x speedup zomg

* lint fix

* build/static - fix css copy

* Update development/build/scripts.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/scripts.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/index.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* deps - remove redundant mkdirp

* deps - remove unused pumpify

* deps - remove redundant merge-deep

* deps - prefer is-stream of isstream

* deps - remove clone for lodash.cloneDeep

* clean - remove commented code

* build/static - use fs.copy + fast-glob instead of linux cp for better platform support

* build/manifest - standardize task naming

* build/display - clean - remove unused code

* bugfix - fix fs.promises import

* build - create "clean" as named task for use as entrypoint

* build/static - fix for copying dirs

* Update development/build/task.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* build - use task refs, tasks only return promises not streams, etc

* lint fi bad merge + lint

* build - one last cleanup + refactor

* build - add comments introducing file

* build/manifest - fix bug + subtasks dont beed to be named

* Update package.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* build/task - remove unused fn

* Update package.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/styles.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/styles.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-03-09 08:55:02 +08:00
Mark Stacey
293741766f
Update @metamask/eth-ledger-bridge-keyring (#8164)
This updates the package to match the version used on `master`

See #8162 and #8163 for details
2020-03-05 18:00:12 -04:00
Whymarrh Whitby
21c1c2a14e
Use @metamask/eth-ledger-bridge-keyring@0.2.2 (#8155)
* Use @metamask/eth-ledger-bridge-keyring@0.2.2

* Update usages of eth-ledger-bridge-keyring
2020-03-02 20:32:45 -04:00
Mark Stacey
c905fb0817 Update lockfile to remove unnecessary dependency
An update to the manifest in #8124 made this dependency unnecessary,
but it was accidentally left in the lockfile.
2020-02-27 01:44:13 -04:00
Whymarrh Whitby
cf85f56989
Use sinon@9.0.0 (#8123) 2020-02-27 00:33:50 -03:30
Whymarrh Whitby
f5317e5ab6
Use json-rpc-engine@5.1.8 (#8124) 2020-02-27 00:33:33 -03:30
Mark Stacey
b6487f08b7
Allow changing Storybook preview backgrounds (#8111)
The `@storybook/addon-backgrounds' addon has been added, which allows
changing the component preview background. By default no background
colors are defined, though there is a helpful grid button. A "light"
and "dark" background option has been added globally. Additional
story-specific backgrounds or global backgrounds can be added later if
necessary.
2020-02-26 13:40:53 -04:00
Mark Stacey
2d74fbc75c
Fix superagent peer dependency warning (#8116)
This warning was resolved by updating `pubnub`, which is the dependency
that uses `superagent-proxy` which is causing this warning. The
resolution we added to address a security advisory is also no longer
required.
2020-02-26 13:40:29 -04:00
Mark Stacey
cf8875c57b
Update Storybook dependencies to v5.3.14 (#8115)
This was primarily done to make explicit that we're using v5.3.x. Our
manifest listed `^5.2.x` but we had already updated to `v5.3.9` in the
lockfile. v5.3.0 lays much of the groundwork for the planned v6.0
release, and includes many changes.

The changes between v5.3.9 and v5.3.14 include various bug fixes, none
of which affect us as far as I know.

Peer dependencies required by Storybook have also been added. These
were already in our dependencies indirectly either way.
2020-02-26 10:40:34 -04:00
Whymarrh Whitby
8d0a757ab5
Use end-of-stream@1.4.4 (#8098) 2020-02-25 09:12:09 -03:30
Whymarrh Whitby
5eb95625ca
Remove react-tooltip-component (#8099) 2020-02-25 09:11:56 -03:30
Whymarrh Whitby
169ab8adc9
Remove recompose (#8097) 2020-02-24 19:28:26 -03:30
Whymarrh Whitby
fcd404015b
Use gulp-replace@1.0.0 (#8095) 2020-02-24 15:58:49 -03:30
Whymarrh Whitby
81d8237654
Use eslint-plugin-react@7.18.3 (#8085) 2020-02-24 15:24:35 -03:30