Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: replace legacy eth-json-rpc deps #11952

Draft
wants to merge 26 commits into
base: main
Choose a base branch
from
Draft

fix: replace legacy eth-json-rpc deps #11952

wants to merge 26 commits into from
+250 −494

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented Oct 22, 2024
edited
Loading

Description

Related issues

Blocked by

Manual testing steps

  1. Go to in-app browser
  2. Test connect with multiple dapps
  3. Perform transaciton on test dapp
  4. Go to this page...

Screenshots/Recordings

Screen.Recording.2024-06-24.at.22.46.41.mov

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@socket-security Socket Security
Copy link

socket-security bot commented Oct 22, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@metamask/eth-json-rpc-filters@9.0.0 None +1 736 kB lgbot
npm/@metamask/eth-json-rpc-provider@4.1.5 None +2 405 kB danfinlay, gudahtt, kumavis, ...8 more
npm/detox-copilot@0.0.23 eval, filesystem 0 32.5 kB asafkorem
npm/detox@20.27.5 Transitive: filesystem, network +5 13.4 MB wix.mobile
npm/ethereumjs-abi@0.6.6 None +1 128 kB holgerd77

🚮 Removed packages: npm/@metamask/eth-json-rpc-provider@4.1.4, npm/btoa@1.2.1, npm/checkpoint-store@1.1.0, npm/clone@2.1.2, npm/deferred-leveldown@1.2.2, npm/detox-copilot@0.0.9, npm/detox@20.27.2, npm/eth-json-rpc-errors@1.1.1, npm/eth-json-rpc-filters@5.1.0, npm/eth-json-rpc-middleware@4.3.0, npm/eth-query@2.1.2, npm/eth-sig-util@1.4.2, npm/ethereum-common@0.2.0, npm/ethereumjs-abi@0.6.8, npm/ethereumjs-account@2.0.5, npm/ethereumjs-block@1.7.1, npm/ethereumjs-common@1.5.2, npm/ethereumjs-vm@2.6.0, npm/fake-merkle-patricia-tree@1.0.1, npm/fetch-ponyfill@4.1.0, npm/json-stable-stringify@1.0.1, npm/jsonify@0.0.0, npm/level-codec@7.0.1, npm/level-errors@1.0.5, npm/level-iterator-stream@1.3.1, npm/level-ws@0.0.0, npm/levelup@1.3.9, npm/memdown@1.4.1, npm/rustbn.js@0.2.0, npm/safe-event-emitter@1.0.1, npm/semaphore@1.1.0

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Oct 22, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
New author npm/ethereumjs-abi@0.6.6 🚫

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/ethereumjs-abi@0.6.6

@legobeat legobeat added dependencies Pull requests that update a dependency file team-mobile-platform Run Smoke E2E Triggers smoke e2e on Bitrise labels Oct 22, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@legobeat legobeat added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Oct 22, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@legobeat legobeat force-pushed the chore/provider-middleware-filters-2 branch 2 times, most recently from 45873d6 to f68a6cf Compare October 22, 2024 12:56
@legobeat legobeat added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Oct 22, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@legobeat legobeat mentioned this pull request Oct 22, 2024
Open
7 tasks
@legobeat legobeat marked this pull request as ready for review October 22, 2024 13:32
@legobeat legobeat requested review from a team as code owners October 22, 2024 13:32
@legobeat legobeat force-pushed the chore/provider-middleware-filters-2 branch from f68a6cf to 8dbb040 Compare October 22, 2024 13:36
@legobeat legobeat added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Oct 22, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@legobeat legobeat added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Oct 22, 2024
legobeat and others added 26 commits October 25, 2024 01:07
@legobeat
chore: nodejs 20.18.0
06e7509
@legobeat
fix(deps): eth-json-rpc-filters@4.2.2 -> @metamask/eth-json-rpc-filte…
aa03368 
…rs@^8.0.0
@legobeat
deps: json-rpc-engine@^6.1.0 -> @metamask/json-rpc-engine@^7.1.0
d94d528
@legobeat
Update JsonRpcRequest typings
2ef5484 
test: type adjustments
@legobeat
chainId is now hex string, not number
a6678cf 
chore: update walletconect2 tests
@legobeat
chore(test): eth_sendTransaction test type workarounds
e9ceb96
@legobeat
fixup: console.error in test
c228119
@legobeat
fix(test): test for error cause message in RPCMethodMIddleware
15a7349
@legobeat
deps: @metamask/eth-json-rpc-filters@^8.0.0->^9.0.0
41c81b3
@MarioAslau @legobeat
fix(deps): metamask-rpc-middleware -> `@metamask/eth-json-rpc-middl…
1154628 
…eware`

fix: SnapsBridge update
@legobeat
chore: update .iyarc
1adf47a
@tommasini @legobeat
background bridge cleanup fix
6c3d6db
@tommasini @legobeat
fix depcheck issues
d9fd3fc
@tommasini @legobeat
fix lint issues
36146c6
@tommasini @legobeat
fix lint and fix ts error
8b466e5
@tommasini @legobeat
fix on snap bridge
5560ca9
@MarioAslau @legobeat
feat: update createLegacyMethodMiddleware tests
c34e372
@MarioAslau @legobeat
feat: remove type
cc0e3fd
@MarioAslau @legobeat
feat: removed unused imports
01cc288
@legobeat
fix: revert Internal JSON-RPC error message change
d4b0a60
@legobeat
deps: @metamask/rpc-errors@^6.2.1->^7.0.0
7b79089
@legobeat
chore: fixup test for @metamask/rpc-errors 7.0.0+
ea495a6
@legobeat
chore: migrate patch for @metamask/post-message-stream
20ee0d0
@legobeat
chore: migrate patch for @metamask/rpc-errors
a700f66
@legobeat
fix: revert changing chainId from number to Hex
c56d862
@legobeat
chore(devDeps): detox@20.27.2->^20.27.5
1fd66c3 
- chore: migrate detox patch
@legobeat legobeat force-pushed the chore/provider-middleware-filters-2 branch from 5b4c136 to 1fd66c3 Compare October 25, 2024 01:07
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 25, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
82.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

github-merge-queue bot pushed a commit that referenced this pull request Oct 25, 2024
@legobeat
fix: eth-json-rpc-filters@^5.1.0->^6.0.1 (#11980)
18a4e45 
## **Description**

- Bump legacy `eth-json-rpc-filters` from v5 to v6

## **Related issues**

Follow-up to: #11975

### Blocking
- #12008
  -  #11952

## **Manual testing steps**


## **Screenshots/Recordings**

### **Before**

### **After**

## **Pre-merge author checklist**

- [x] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
github-merge-queue bot pushed a commit that referenced this pull request Oct 25, 2024
@legobeat
fix: json-rpc-middleware-stream@3.0.0->^4.2.3 (#11978)
e0cbf75 
## **Description**

- Bump `json-rpc-middleware-stream` from `3.0.0` (2020-12-08) to
`^4.2.3` (2023-09-27)
- Hold at v4 to prevent breaking upgrade from `readable-stream` v2 to v3


## **Related issues**

- #11952 
- #11972 
  - #11932 

## **Manual testing steps**


## **Screenshots/Recordings**

### **Before**

### **After**

## **Pre-merge author checklist**

- [x] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tommasini tommasini tommasini left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file DO-NOT-MERGE Pull requests that should not be merged Run Smoke E2E Triggers smoke e2e on Bitrise team-lavamoat team-mobile-platform
Projects
PR review queue
Status: Needs dev review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@legobeat @tommasini @MarioAslau