Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update snap and keyring api dependencies and fix tests #4090

Merged
merged 11 commits into from
Apr 10, 2024
Merged

Update snap and keyring api dependencies and fix tests #4090

merged 11 commits into from
Apr 10, 2024

Conversation

montelaidev
Copy link
Contributor

@montelaidev montelaidev commented Mar 20, 2024
edited by AlexJupiter
Loading

This pull request updates the dependencies in the project, including bumping snap dependencies, keyring-api, and eth-snap-keyring. It also fixes the failing tests.

Closes: https://github.com/MetaMask/accounts-planning/issues/307

@montelaidev montelaidev requested a review from a team as a code owner March 20, 2024 12:43
@socket-security Socket Security
Copy link

socket-security bot commented Mar 20, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@metamask/eth-snap-keyring@3.0.0 None 0 156 kB metamaskbot
npm/@metamask/keyring-api@5.1.0 None 0 193 kB metamaskbot
npm/@metamask/post-message-stream@8.0.0 None 0 71 kB lgbot
npm/@metamask/snaps-controllers@6.0.4 None 0 1.21 MB metamaskbot
npm/@metamask/snaps-rpc-methods@7.0.2 None 0 891 kB metamaskbot
npm/@metamask/snaps-utils@7.0.4 network 0 927 kB metamaskbot
npm/typedoc-plugin-missing-exports@2.2.0 None 0 11.4 kB gerrit0

🚮 Removed packages: npm/@metamask/approval-controller@0.0.0-use.local, npm/@metamask/controller-utils@0.0.0-use.local, npm/@metamask/eth-snap-keyring@2.1.1, npm/@metamask/keyring-api@2.0.0, npm/@metamask/snaps-controllers@3.6.0, npm/@metamask/snaps-rpc-methods@4.1.0, npm/typedoc-plugin-missing-exports@2.1.0

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Mar 20, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@metamask/eth-snap-keyring@3.0.0, npm/@metamask/post-message-stream@8.0.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@montelaidev
Copy link
Contributor Author

@SocketSecurity ignore npm/@metamask/post-message-stream@8.0.0
@SocketSecurity ignore npm/@metamask/eth-snap-keyring@3.0.0

matthewwalsh0
matthewwalsh0 reviewed Mar 20, 2024
View reviewed changes
packages/user-operation-controller/src/UserOperationController.ts Outdated
@@ -532,6 +532,7 @@ export class UserOperationController extends BaseController<

const response = await smartContractAccount.updateUserOperation({
userOperation,
chainId: metadata.chainId,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use destructuring to get this on line 529?

packages/user-operation-controller/src/helpers/SnapSmartContractAccount.ts Outdated
@@ -92,6 +98,9 @@ export class SnapSmartContractAccount implements SmartContractAccount {
'KeyringController:signUserOperation',
sender,
userOperation,
{
chainId: request.chainId,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for these three, can we destructure them when we first access request at the start of the method?

matthewwalsh0
matthewwalsh0 previously approved these changes Apr 9, 2024
View reviewed changes
@ccharly
Copy link
Contributor

ccharly commented Apr 9, 2024

I'm gonna drop this branch in favor of this PR (I've backported everything here).

@montelaidev montelaidev merged commit e86b84e into main Apr 10, 2024
139 checks passed
@montelaidev montelaidev deleted the bump-dependencies-13-03-2024 branch April 10, 2024 14:29
@montelaidev montelaidev mentioned this pull request Apr 17, 2024
Merged
3 tasks
montelaidev added a commit that referenced this pull request Apr 17, 2024
@montelaidev
Release/140.0.0 (#4177)
ad25a2a 
## Explanation

## References

## Changelog

## [13.0.0] Accounts Controller

### Changed

- Fix update setSelectedAccount to throw if the id is not found
([#4167](#4167))
- Fix normal account indexing naming with index gap
([#4089](#4089))
- **BREAKING** Bump peer dependency `@metamask/snaps-controllers` to
`^6.0.3` and dependencies `@metamask/snaps-sdk` to `^3.1.1`,
`@metamask/eth-snap-keyring` to
`^3.0.0`([#4090](#4090))

## [28.0.0] Assets Controller

### Added

- Add reservoir migration
([#4030](#4030))

### Changed

- Fix getting nft tokenURI
([#4136](#4136))
- **BREAKING** Bump peer dependency on `@metamask/keyring-controller`
([#4090](#4090))
- Fix token detection during account change
([#4133](#4133))
- Fix update nft metadata when toggles off
([#4096](#4096))
- Adds `tokenMethodIncreaseAllowance`
([#4069](#4069))
- Fix mantle token mispriced
([#4045](#4045))

## [15.0.0] Keyring Controller

### Changed

- **BREAKING** use getAccounts on HD Keyring when calling addNewAccount
([#4158](#4158))
- Pass CAIP-2 scope to execution context
([#4090](#4090))
- Allow gas limits to be changed during #addPaymasterData
([#3942](#3942))

## [10.0.0] Preferences Controller

### Changed

- **BREAKING** Bump peer dependency on `@metamask/keyring-controller` to
`^15.0.0` ([#4090](#4090))
- Restore previous behavior of toChecksumHexAddress
([#4046](#4046))

## [15.0.0] Signature Controller

### Changed

- **BREAKING** Bump peer dependency on `@metamask/keyring-controller` to
`^15.0.0` ([#4090](#4090))

## [8.0.0] User Operation Controller 

### Changed

- **BREAKING** Bump peer dependency on `@metamask/keyring-controller` to
`^15.0.0` and Pass CAIP-2 scope to execution context
([#4090](#4090))
- Allow gas limits to be changed during #addPaymasterData
([#3942](#3942))


## Checklist

- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewwalsh0 matthewwalsh0 matthewwalsh0 approved these changes

Assignees
No one assigned
Labels
team-accounts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@montelaidev @ccharly @matthewwalsh0