Merge branch 'develop' into master-sync

MetaMask · Jul 26, 2023 · 2c763a4 · 2c763a4
2 parents ddac73b + 98279b6
commit 2c763a4
Show file tree

Hide file tree

Showing 747 changed files with 17,689 additions and 13,648 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -353,18 +353,15 @@ jobs:
               echo "Not a PR; skipping"
             fi
       - run:
-          name: Setup registry config for using package previews on draft PRs
+          name: Install dependencies
           command: |
             if [[ $IS_DRAFT == 'true' ]]
             then
-              printf '%s\n\n%s' '@metamask:registry=https://npm.pkg.github.com' "//npm.pkg.github.com/:_authToken=${GITHUB_PACKAGE_READ_TOKEN}" > .npmrc
+              # Use GitHub registry on draft PRs, allowing the use of preview builds
+              METAMASK_NPM_REGISTRY=https://npm.pkg.github.com yarn --immutable
             else
-              echo "Not draft; skipping GitHub registry setup"
+              yarn --immutable
             fi
-      - run:
-          name: Install deps
-          command: |
-            .circleci/scripts/deps-install.sh
       - save_cache:
           key: dependency-cache-v1-{{ checksum "yarn.lock" }}
           paths:

diff --git a/.circleci/scripts/deps-install.sh b/.circleci/scripts/deps-install.sh
diff --git a/.eslintrc.base.js b/.eslintrc.base.js
@@ -72,5 +72,8 @@ module.exports = {
     // upgrading eslint and dependencies. This rule should be evaluated and
     // if agreeable turned on upstream in @metamask/eslint-config
     'import/no-named-as-default-member': 'off',
+
+    // This is necessary to run eslint on Windows and not get a thousand CRLF errors
+    'prettier/prettier': ['error', { endOfLine: 'auto' }],
   },
 };
diff --git a/.github/workflows/stale-issues-pr.yml b/.github/workflows/stale-issues-pr.yml
@@ -0,0 +1,29 @@
+name: 'Close stale issues and PRs'
+
+# run every 2 hours
+on:
+  schedule:
+    - cron: '0 */2 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@72afbce2b0dbd1d903bb142cebe2d15dc307ae57
+        with:
+          stale-issue-label: 'stale'
+          only-issue-labels: 'type-bug'
+          exempt-issue-labels: 'type-security'
+          days-before-issue-stale: 90
+          stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 45 days if there is no further activity. The MetaMask team intends on reviewing this issue before close, and removing the stale label if it is still a bug. We welcome new comments on this issue. We do not intend on closing issues if they report bugs that are still reproducible. Thank you for your contributions.'
+          days-before-issue-close: 45
+          close-issue-message: 'This issue was closed because there has been no follow up activity in the last 45 days. If you feel this was closed in error, please reopen and provide evidence on the latest release of the extension. Thank you for your contributions.'
+          stale-pr-label: 'stale'
+          days-before-pr-stale: 60
+          stale-pr-message: 'This PR has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 14 days. Thank you for your contributions.'
+          days-before-pr-close: 14
+          close-pr-message: 'This PR was closed because there has been no follow up activity in the last 14 days. Thank you for your contributions.'
+          operations-per-run: 600
diff --git a/.github/workflows/update-lavamoat-policies.yml b/.github/workflows/update-lavamoat-policies.yml
@@ -48,6 +48,8 @@ jobs:
     needs: is-fork-pull-request
     # Early exit if this is a fork, since later steps are skipped for forks
     if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }}
+    outputs:
+      COMMIT_SHA: ${{ steps.commit-sha.outputs.COMMIT_SHA }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -63,6 +65,9 @@ jobs:
           cache: 'yarn'
       - name: Install Yarn dependencies
         run: yarn --immutable
+      - name: Get commit SHA
+        id: commit-sha
+        run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
 
   update-lavamoat-build-policy:
     name: Update LavaMoat build policy
@@ -90,7 +95,7 @@ jobs:
         uses: actions/cache/save@v3
         with:
           path: lavamoat/build-system
-          key: cache-build-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-build-${{ needs.prepare.outputs.COMMIT_SHA }}
 
   update-lavamoat-webapp-policy:
     strategy:
@@ -125,12 +130,13 @@ jobs:
         uses: actions/cache/save@v3
         with:
           path: lavamoat/browserify/${{ matrix.build-type }}
-          key: cache-${{ matrix.build-type }}-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-${{ matrix.build-type }}-${{ needs.prepare.outputs.COMMIT_SHA }}
 
   commit-updated-policies:
     name: Commit the updated LavaMoat policies
     runs-on: ubuntu-latest
     needs:
+      - prepare
       - is-fork-pull-request
       - update-lavamoat-build-policy
       - update-lavamoat-webapp-policy
@@ -147,11 +153,14 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
           PR_NUMBER: ${{ github.event.issue.number }}
+      - name: Get commit SHA
+        id: commit-sha
+        run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
       - name: Restore build policy
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/build-system
-          key: cache-build-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-build-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       # One restore step per build type: [main, beta, flask, mmi, desktop]
       # Ensure this is synchronized with the list above in the "update-lavamoat-webapp-policy" job
@@ -160,31 +169,31 @@ jobs:
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/browserify/main
-          key: cache-main-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-main-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       - name: Restore beta application policy
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/browserify/beta
-          key: cache-beta-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-beta-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       - name: Restore flask application policy
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/browserify/flask
-          key: cache-flask-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-flask-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       - name: Restore mmi application policy
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/browserify/mmi
-          key: cache-mmi-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-mmi-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       - name: Restore desktop application policy
         uses: actions/cache/restore@v3
         with:
           path: lavamoat/browserify/desktop
-          key: cache-desktop-${{ github.run_id }}-${{ github.run_attempt }}
+          key: cache-desktop-${{ needs.prepare.outputs.COMMIT_SHA }}
           fail-on-cache-miss: true
       - name: Check whether there are policy changes
         id: policy-changes
@@ -214,3 +223,37 @@ jobs:
           HAS_CHANGES: ${{ steps.policy-changes.outputs.HAS_CHANGES }}
           GITHUB_TOKEN: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
           PR_NUMBER: ${{ github.event.issue.number }}
+
+  check-status:
+    name: Check whether the policy update succeeded
+    runs-on: ubuntu-latest
+    needs:
+      - commit-updated-policies
+    outputs:
+      PASSED: ${{ steps.set-output.outputs.PASSED }}
+    steps:
+      - name: Set PASSED output
+        id: set-output
+        run: echo "PASSED=true" >> "$GITHUB_OUTPUT"
+
+  failure-comment:
+    name: Comment about the policy update failure
+    if: ${{ always() && needs.is-fork-pull-request.outputs.IS_FORK == 'false' }}
+    runs-on: ubuntu-latest
+    needs:
+      - is-fork-pull-request
+      - check-status
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
+      - name: Post comment if the update failed
+        run: |
+          passed="${{ needs.check-status.outputs.PASSED }}"
+          if [[ $passed != "true" ]]; then
+            gh pr comment "${PR_NUMBER}" --body "Policy update failed. You can [review the logs or retry the policy update here](${ACTION_RUN_URL})"
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
+          PR_NUMBER: ${{ github.event.issue.number }}
+          ACTION_RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
diff --git a/.iyarc b/.iyarc
@@ -1,10 +1,6 @@
 # improved-yarn-audit advisory exclusions
 GHSA-257v-vj4p-3w2h
 
-# request library is subject to SSRF.
-# addressed by temporary patch in .yarn/patches/request-npm-2.88.2-f4a57c72c4.patch
-GHSA-p8p7-x288-28g6
-
 # Prototype pollution
 # Not easily patched
 # Minimal risk to us because we're using lockdown which also prevents this case of prototype pollution

diff --git a/.metamaskrc.dist b/.metamaskrc.dist
@@ -12,3 +12,4 @@ INFURA_PROJECT_ID=00000000000
 
 ; Set this to test changes to the phishing warning page.
 ;PHISHING_WARNING_PAGE_URL=
+BLOCKAID_FILE_CDN=
diff --git a/.prettierrc.yml b/.prettierrc.yml
@@ -1,2 +1,5 @@
+# All of these are defaults except singleQuote and endOfLine, but we specify them
+# for explicitness
+endOfLine: auto
 singleQuote: true
 trailingComma: all
diff --git a/.storybook/3.COLORS.stories.mdx b/.storybook/3.COLORS.stories.mdx
@@ -50,7 +50,13 @@ Theme colors are color agnostic, semantically neutral and theme compatible desig
 ```css
 /** Backgrounds */
 var(--color-background-default)
+var(--color-background-default-hover)
+var(--color-background-default-pressed)
 var(--color-background-alternative)
+var(--color-background-alternative-hover)
+var(--color-background-alternative-pressed)
+var(--color-background-hover)
+var(--color-background-pressed)
 
 /** Text */
 var(--color-text-default)

diff --git a/.yarn/patches/@metamask-keyring-controller-npm-7.0.0-962008b200.patch b/.yarn/patches/@metamask-keyring-controller-npm-7.0.0-962008b200.patch
@@ -0,0 +1,46 @@
+diff --git a/dist/KeyringController.d.ts b/dist/KeyringController.d.ts
+index 82de83a7bb1ad14bb23f3b6274e0c4d5bb773382..86a09b3f604f6feb26e2c7edbdcb0abebd4bae20 100644
+--- a/dist/KeyringController.d.ts
++++ b/dist/KeyringController.d.ts
+@@ -1,10 +1,11 @@
+ import type { TxData, TypedTransaction } from '@ethereumjs/tx';
+-import { type MetaMaskKeyring as QRKeyring, type IKeyringState as IQRKeyringState } from '@keystonehq/metamask-airgapped-keyring';
++import type { MetaMaskKeyring as QRKeyring, IKeyringState as IQRKeyringState } from '@keystonehq/metamask-airgapped-keyring';
+ import type { RestrictedControllerMessenger } from '@metamask/base-controller';
+ import { BaseControllerV2 } from '@metamask/base-controller';
+ import type { PersonalMessageParams, TypedMessageParams } from '@metamask/message-manager';
+ import type { PreferencesController } from '@metamask/preferences-controller';
+-import { type Hex, type Keyring, type Json } from '@metamask/utils';
++import type { Hex, Keyring, Json } from '@metamask/utils';
++import type { KeyringController as EthKeyringController } from '@metamask/eth-keyring-controller';
+ import type { Patch } from 'immer';
+ declare const name = "KeyringController";
+ /**
+@@ -135,6 +136,10 @@ export declare class KeyringController extends BaseControllerV2<typeof name, Key
+      * @param opts.state - Initial state to set on this controller.
+      */
+     constructor({ removeIdentity, syncIdentities, updateIdentities, setSelectedAddress, setAccountLabel, encryptor, keyringBuilders, cacheEncryptionKey, messenger, state, }: KeyringControllerOptions);
++    /**
++     * Gets the internal keyring controller.
++     */
++    getEthKeyringController(): EthKeyringController;
+     /**
+      * Adds a new account to the default (first) HD seed phrase keyring.
+      *
+diff --git a/dist/KeyringController.js b/dist/KeyringController.js
+index 54d39d266425b45ed1008cecb16e78cf831c75d7..0ddded415bf71716c27ed3bf7bd1c5a79b11be13 100644
+--- a/dist/KeyringController.js
++++ b/dist/KeyringController.js
+@@ -153,6 +153,12 @@ class KeyringController extends base_controller_1.BaseControllerV2 {
+         this.setSelectedAddress = setSelectedAddress;
+         this.setAccountLabel = setAccountLabel;
+     }
++    /**
++     * Gets the internal keyring controller.
++     */
++    getEthKeyringController() {
++        return __classPrivateFieldGet(this, _KeyringController_keyring, "f");
++    }
+     /**
+      * Adds a new account to the default (first) HD seed phrase keyring.
+      *
diff --git a/.yarn/patches/@metamask-signature-controller-npm-4.0.1-013e64c9fd.patch b/.yarn/patches/@metamask-signature-controller-npm-4.0.1-013e64c9fd.patch
diff --git a/.yarn/patches/@metamask-signature-controller-npm-5.3.0-225628460b.patch b/.yarn/patches/@metamask-signature-controller-npm-5.3.0-225628460b.patch
@@ -0,0 +1,26 @@
+diff --git a/dist/SignatureController.js b/dist/SignatureController.js
+index a2f064efa2a2700db00767daa4ce6bd22b1932c4..17edb51b6c526f27fb4c19f2d2fda3d7140c66b4 100644
+--- a/dist/SignatureController.js
++++ b/dist/SignatureController.js
+@@ -283,8 +283,11 @@ _SignatureController_keyringController = new WeakMap(), _SignatureController_isE
+                 resultCallbacks = acceptResult.resultCallbacks;
+             }
+             catch (_a) {
++                signaturePromise.catch(() => {
++                    // Expecting reject error but throwing manually rather than waiting
++                });
+                 __classPrivateFieldGet(this, _SignatureController_instances, "m", _SignatureController_cancelAbstractMessage).call(this, messageManager, messageId);
+-                throw eth_rpc_errors_1.ethErrors.provider.userRejectedRequest('User rejected the request.');
++                throw eth_rpc_errors_1.ethErrors.provider.userRejectedRequest(`MetaMask ${messageName} Signature: User denied message signature.`);
+             }
+             yield signMessage(messageParamsWithId, signingOpts);
+             const signatureResult = yield signaturePromise;
+@@ -305,7 +308,7 @@ _SignatureController_keyringController = new WeakMap(), _SignatureController_isE
+     return __awaiter(this, void 0, void 0, function* () {
+         return yield __classPrivateFieldGet(this, _SignatureController_instances, "m", _SignatureController_signAbstractMessage).call(this, __classPrivateFieldGet(this, _SignatureController_personalMessageManager, "f"), controller_utils_1.ApprovalType.PersonalSign, msgParams, (cleanMsgParams) => __awaiter(this, void 0, void 0, function* () { return yield __classPrivateFieldGet(this, _SignatureController_keyringController, "f").signPersonalMessage(cleanMsgParams); }));
+     });
+-}, _SignatureController_signTypedMessage = function _SignatureController_signTypedMessage(msgParams,
++}, _SignatureController_signTypedMessage = function _SignatureController_signTypedMessage(msgParams,
+ /* istanbul ignore next */
+ opts = { parseJsonData: true }) {
+     return __awaiter(this, void 0, void 0, function* () {
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,3 +12,4 @@ INFURA_PROJECT_ID=00000000000

		; Set this to test changes to the phishing warning page.
		;PHISHING_WARNING_PAGE_URL=
		BLOCKAID_FILE_CDN=