Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump ethereum-cryptography, @ethereumjs/util #302

Merged
merged 3 commits into from
Apr 24, 2023
Merged

chore: bump ethereum-cryptography, @ethereumjs/util #302

merged 3 commits into from
Apr 24, 2023

Conversation

legobeat
Copy link
Contributor

No description provided.

@legobeat legobeat requested a review from a team as a code owner March 17, 2023 05:57
@mcmire
Copy link

mcmire commented Mar 20, 2023

@legobeat Are there any consequences for bumping these packages? Is this just to make sure we're up to date, or is there an issue that this fixes?

@legobeat
Copy link
Contributor Author

legobeat commented Mar 21, 2023
edited
Loading

@mcmire intention with prefixing it as chore here is to indicate that it's a regular maintenance update :) should be no breaking changes.
Main motivation is pulling in bugfixes for cryptography libraries and consolidating dependency versions downstream.

@Mrtenz
Copy link
Member

Mrtenz commented Mar 21, 2023

should be no breaking changes.

@ethereumjs/util now uses @chainsafe/as-sha256 which uses WASM, so it doesn't work in all environments.

@socket-security
Copy link

socket-security bot commented Apr 21, 2023
edited
Loading

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

🚮 Removed packages: ethereum-cryptography@1.2.0

@legobeat
Copy link
Contributor Author

legobeat commented Apr 21, 2023
edited
Loading

should be no breaking changes.

@ethereumjs/util now uses @chainsafe/as-sha256 which uses WASM, so it doesn't work in all environments.

changed this PR to an smaller upgrade to 8.0.3, which does not depend on ssz.

For updates on getting in line with upstream and further context:
ChainSafe/ssz#318
ethereumjs/ethereumjs-monorepo#2648

@legobeat legobeat requested a review from Mrtenz April 21, 2023 03:09
@mcmire
Copy link

mcmire commented Apr 21, 2023

Good call @Mrtenz.

While we're on the subject, this looks to be the comparison between ethereum-cryptography 1.1.2 and 1.2.0: ethereum/js-ethereum-cryptography@c434a5f...0cf402c (no tags for these releases, unfortunately, and no changelog either). I'm not spotting anything that could cause any issues, but I'm also not an subject matter expert on this.

@FrederikBolding
Copy link
Member

FrederikBolding commented Apr 21, 2023
edited
Loading

@mcmire @legobeat I think we should just hold off for a second on this PR and bump to the versions released here: ethereumjs/ethereumjs-monorepo#2648

I have an open PR here that will most likely be included to fix any incompatibilities with the extension: ethereumjs/ethereumjs-monorepo#2656

Then we should probably also bump utils etc which is currently bringing in the WASM dependency.

@legobeat legobeat closed this Apr 21, 2023
@legobeat legobeat mentioned this pull request Apr 24, 2023
Closed
3 tasks
@legobeat legobeat reopened this Apr 24, 2023
@legobeat legobeat requested review from Mrtenz and removed request for Mrtenz April 24, 2023 10:06
@Mrtenz
Copy link
Member

Mrtenz commented Apr 24, 2023

@chainsafe/as-sha256 is still added in yarn.lock. Is this no longer used?

@legobeat
Copy link
Contributor Author

@chainsafe/as-sha256 is still added in yarn.lock. Is this no longer used?

The way I understand this is that yes, it's still pulled in, but WASM parts are now dead code depending on platform. rf https://github.com/MetaMask/utils/pull/100/files

@FrederikBolding
Copy link
Member

@chainsafe/as-sha256 is still added in yarn.lock. Is this no longer used?

It is available, but needs to be enabled to be used. By default it will use noble

@legobeat legobeat merged commit f33a032 into MetaMask:main Apr 24, 2023
@legobeat legobeat deleted the chore/bump-deps branch May 11, 2023 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mrtenz Mrtenz Mrtenz approved these changes

@FrederikBolding FrederikBolding FrederikBolding approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@legobeat @mcmire @Mrtenz @FrederikBolding