master -> staging-pocketsell #2874
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.14.5 to 1.14.6. - [Release notes](https://github.com/ethereum/go-ethereum/releases) - [Commits](ethereum/go-ethereum@v1.14.5...v1.14.6) --- updated-dependencies: - dependency-name: github.com/ethereum/go-ethereum dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.25.0. - [Commits](golang/crypto@v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0. - [Commits](golang/net@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.14.6 to 1.14.7. - [Release notes](https://github.com/ethereum/go-ethereum/releases) - [Commits](ethereum/go-ethereum@v1.14.6...v1.14.7) --- updated-dependencies: - dependency-name: github.com/ethereum/go-ethereum dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.23.0...0.24.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This is supposed to prevent external sites from loading within the app, but we allowed all of them anyway when on the buy page to make MoonPay work (we can't know the list of third party domains to whitelist as it involves various third party credit card processors and banks). It's unlikely if this prevents any potential attacks, as frontend code that is compromised can probably still call to external sites by moving to the buy page and executing there. The reason to remove this now is that webview.goBack() (history back) does not work in combination with `loadDataWithBaseURL()` (it always goes back to the first page). with `loadUrl()` history back works, but onPageFinished() is not called for subsequent url changes. Generally, this whitelisting has caused us a lot of pain and engineering time, while being very fragile.
When loading with the latter, webview.goBack() (or history.back() in JS) go back to the index page instead of the latest entry. Not sure why, but loadUrl is simpler anyway. We still use BASE_URL so that it is used as the referer in Moonpay, which is required for MoonPay to be able to load. The reason the app still loads even though it looks like we are loading shiftcrypto.ch is that we intercept it in shouldInterceptRequest() and load from local assets instead.
Several dependencies are marked as "deprecated": ``` WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6 WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6 WARN deprecated @babel/plugin-proposal-class-properties@7.18.6 WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11 WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0 ``` These come from `babel-preset-react-app`, that's used by `eslint-config-react-app`. Another unmaintained dep is `@babel/plugin-proposal-private-property-in-object"`. These pkgs are needed for our eslint `"extends": ["react-app"]` that's most likely added by CRA (create-react-app) which we don't use. This commit removes those unmaintained pkgs, as well as the usage of `react-app` in our eslint. Doing all of the above gets rid of the mentioned deprecation warnings and usage of those deps from the project. To keep linting rules in place, we added new deps for eslint plugins & rules to replace the outdated `react-app` eslint extension. We need at least node version 18.18.x (recommended: 20.x) to be able to install the new deps.
The dialog shows address types not an address.
Untangle the big receive component.
Rename sDate to shortDate in the transaction component, for a more descriptive, easier to understand name.
Use template literals for JSX element classes instead of joining a list for a more concice and cleaner style in the transaction.tsx component.
Define the parseTimeShort helper function outside of the transaction.tsx component so that it is not re-defined on every render. This improves performance and makes the component cleaner.
Create TxDetail component in transactions/components that provides the default html structure/layout which is used by most details in the transaction details dialog. This makes the dialog more concise and easier to understand.
Extract reusable sub-components from the transaction.tsx component to make the transaction component cleaner and easier to understand. Extracted subcomponents: - tx. direction arrow - tx. date - tx. status - tx. show details button - tx. address and copyable values
Changed to make the key in conversion object optional as it may be empty sometimes.
account-summary BE handler was returning an error in case of rates not available. Returning an error from the handler is currently deprecated in the app, and caused a frontend crash when the rates server wasn't reachable. This refactors the endpoint and fixes the issue.
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.27.0 to 0.28.0. - [Commits](golang/net@v0.27.0...v0.28.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
created the new component `GlobalBanners`, extracting it out from `app.tsx`. We use this component in `account.tsx`, `accountsummary.tsx`, and all of the settings pages. The reason for this is because we'd like to move them out of `app.tsx` so they're in the document flow of the page instead of living separately in `app.tsx` (visually placed above the page view).
also minor CSS fix on the active currencies dropdown. These are done to improve the UX. The standardised Intl is being used to follow best practices.
Using Taproot extended public keys in raw xpub format is not widely supported and can lead to dangerous misuse. This hides the Taproot extended public key and displays an info message instead. Most wallets will default to P2PKH when scanning a raw P2TR xpub, resulting in a non-standard combination of script type and derivation path. Recovering funds sent to addresses like this is difficult and potentially unsafe for users, as the BitBox02 does not support spending from P2PKH outputs. As long as the BitBoxApp does not support output descriptors, expert users should instead connect their device to other wallet software to view detailed account information.
The Send component interacts with one account per transaction which is why it makes sense to refactor the component to only take one account instead of a list of all accounts and the code of the relevant account. This has several benefits: - reduce code size - remove non-null assertions that should not be used (getAccount()!.coinCode for example) - makes intention clear: Send can only take a valid account, if there is no account there is no Send. - makes Send cleaner/easier to understand by removing prop, helper function, null/undefined checks.
Simplify nodejs setup, use GH actions instead of homebrew and nvm https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs
https://www.appveyor.com/docs/windows-images-software/#golang lists > Go 1.22.1 x64 (C:\go - default in PATH) But the image or docs are buggy, C:\go is a symlink of C:\go121 and Go 1.22 does not seem to exist. We switch to choco to install the desired Go version. The benefit is that choco receives new updates faster too and has more granular version control.
|
Closing, I think we merge staging to master now. See #2873 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.