Merge branch 'develop' of github.com:MetaMask/metamask-extension into…

… NOTIFY-415-user-storage-user-storage-controller

.circleci/config.yml

@@ -1344,7 +1344,7 @@ jobs:
             - test-artifacts
 
   job-publish-prerelease:
-    executor: node-browsers-small
+    executor: node-browsers-medium
     steps:
       - checkout
       - attach_workspace:
@@ -1384,13 +1384,9 @@ jobs:
           path: test-artifacts
           destination: test-artifacts
       # important: generate lavamoat viz AFTER uploading builds as artifacts
-      # Temporarily disabled until we can update to a version of `sesify` with
-      # this fix included: https://github.com/LavaMoat/LavaMoat/pull/121
-      # Disabled 2024-03-25 due to flakiness.
-      #   - see: https://github.com/MetaMask/metamask-extension/issues/23704
-      #- run:
-      #    name: build:lavamoat-viz
-      #    command: ./.circleci/scripts/create-lavamoat-viz.sh
+      - run:
+          name: build:lavamoat-viz
+          command: ./.circleci/scripts/create-lavamoat-viz.sh
       - store_artifacts:
           path: build-artifacts
           destination: build-artifacts

.circleci/scripts/create-lavamoat-viz.sh

@@ -10,8 +10,33 @@ BUILD_DEST="./build-artifacts/build-viz/"
 # prepare artifacts dir
 mkdir -p "${BUILD_DEST}"
 
-# generate lavamoat debug config
+# generate lavamoat debug configs
 yarn lavamoat:debug:build
+yarn lavamoat:debug:webapp --parallel=false
 
+# generate entries for all present policy dirs under lavamoat/browserify
+# static entry for build-system
+POLICY_DIR_NAMES=$(find lavamoat/browserify -maxdepth 1 -mindepth 1 -type d -printf '%f ')
+
+POLICY_FILE_PATHS_JSON=$(echo -n "${POLICY_DIR_NAMES}" \
+  | jq --raw-input --slurp --indent 0 '
+    rtrimstr(" ")
+    | split(" ")
+    | map({
+        "key": .,
+        "value": {
+          "debug":  ("lavamoat/browserify/"+.+"/policy-debug.json"),
+          "override":"lavamoat/browserify/policy-override.json",
+          "primary":("lavamoat/browserify/"+.+"/policy.json")
+        }
+      })
+    | from_entries
+    |."build-system"= {
+        "debug":   "lavamoat/build-system/policy-debug.json",
+        "override":"lavamoat/build-system/policy-override.json",
+        "primary": "lavamoat/build-system/policy.json"
+      }'
+)
 # generate viz
-npx lavamoat-viz --dest "${BUILD_DEST}"
+# shellcheck disable=SC2086
+yarn lavamoat-viz --dest "${BUILD_DEST}" --policyNames build-system ${POLICY_DIR_NAMES} --policyFilePathsJson "${POLICY_FILE_PATHS_JSON}"

.github/guidelines/LABELING_GUIDELINES.md

@@ -12,7 +12,8 @@ It's essential to ensure that PRs have the appropriate labels before they are co
 - **release-x.y.z**: This label is automatically added to a PR and its linked issues upon the PR's merge. The `x.y.z` in the label represents the version in which the changes from the PR will be included. This label is auto-generated by a [GitHub action](../workflows/add-release-label.yml), which determines the version by incrementing the minor version number from the most recent release. Manual intervention is only required in specific cases. For instance, if a merged PR is cherry-picked into a release branch, typically done to address Release Candidate (RC) bugs, the label would need to be manually updated to reflect the correct version.
 - **regression-prod-x.y.z**: This label is automatically added to a bug report issue at the time of its creation. The `x.y.z` in the label represents the version in which the bug first appeared. This label is auto-generated by a [GitHub action](../workflows/check-template-and-add-labels.yml), which determines the `x.y.z` value based on the version information provided in the bug report issue form. Manual intervention is only necessary under certain circumstances. For example, if a user submits a bug report and specifies the version they are currently using, but the bug was actually introduced in a prior version, the label would need to be manually updated to accurately reflect the version where the bug originated.
 
-### Optional QA labels:
+### Optional labels:
+- **regression-develop**: This label can manually be added to a bug report issue at the time of its creation if the bug is present on development branch (i.e. `develop`), but is not yet released in production.
 - **needs-qa**: If the PR includes a new features, complex testing steps, or large refactors, this label must be added to indicated PR requires a full manual QA prior being merged and added to a release.
 
 ### Labels prohibited when PR needs to be merged:

.github/workflows/add-release-label.yml

@@ -13,7 +13,7 @@ jobs:
     if: github.event.pull_request.merged == true
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 0 # This is needed to checkout all branches
 

.github/workflows/check-pr-labels.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/check-template-and-add-labels.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/close-bug-report.yml

@@ -13,7 +13,7 @@ jobs:
     if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'Version-v')
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/main.yml

@@ -10,7 +10,7 @@ jobs:
     name: Check workflows
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Download actionlint
         id: download-actionlint
         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23

.github/workflows/sonar.yml

@@ -19,7 +19,7 @@ jobs:
     name: SonarCloud
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for better relevancy of analysis
       - name: SonarCloud Scan

.github/workflows/update-lavamoat-policies.yml

@@ -12,7 +12,7 @@ jobs:
     outputs:
       IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Determine whether this PR is from a fork
         id: is-fork
         run: echo "IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "${PR_NUMBER}" )" >> "$GITHUB_OUTPUT"
@@ -28,7 +28,7 @@ jobs:
     if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: React to the comment
         run: |
           gh api \
@@ -52,7 +52,7 @@ jobs:
       COMMIT_SHA: ${{ steps.commit-sha.outputs.COMMIT_SHA }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Checkout pull request
         run: gh pr checkout "${PR_NUMBER}"
         env:
@@ -76,7 +76,7 @@ jobs:
       - prepare
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Checkout pull request
         run: gh pr checkout "${PR_NUMBER}"
         env:
@@ -110,7 +110,7 @@ jobs:
       - update-lavamoat-build-policy
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Checkout pull request
         run: gh pr checkout "${PR_NUMBER}"
         env:
@@ -151,7 +151,7 @@ jobs:
     if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Use PAT to ensure that the commit later can trigger status check workflows
           token: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
@@ -251,7 +251,7 @@ jobs:
       - is-fork-pull-request
       - check-status
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
       - name: Post comment if the update failed

.github/workflows/validate-conventional-commits.yml

@@ -9,7 +9,7 @@ jobs:
   pr-title-linter:
     runs-on: ubuntu-latest
     steps:
-    # this is a hash for amannn/action-semantic-pull-request@v5.2.0
-    - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54
+    # this is a hash for amannn/action-semantic-pull-request@v5.4.0
+    - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -70,3 +70,4 @@ test/e2e/mmi/playwright.config.ts
 test/e2e/mmi/specs/**/*-darwin.png
 test/e2e/mmi/dist/
 
+lavamoat/**/policy-debug.json

.metamaskrc.dist

@@ -21,4 +21,9 @@ BLOCKAID_PUBLIC_KEY=
 ; SELENIUM_HEADLESS=
 ; Set this to 1 to make chrome e2e tests disable DoH/DoT and use system DNS
 ; SELENIUM_USE_SYSTEM_DNS=
+
+
 ENABLE_CONFIRMATION_REDESIGN=
+
+; Enables the Settings Page - Developer Options
+; ENABLE_SETTINGS_PAGE_DEV_OPTIONS=true

.yarn/patches/@metamask-network-controller-npm-18.0.1-c4d0cfaecd.patch → .yarn/patches/@metamask-network-controller-npm-18.1.0-680908c29a.patch

@@ -1,23 +1,23 @@
-diff --git a/dist/chunk-VNCJZRDU.js b/dist/chunk-VNCJZRDU.js
-index 78251fc9517438d90261ed53172d2a4133d3a5fd..3ecc0c2838ac12c0ff5b5521a82b08955287956b 100644
---- a/dist/chunk-VNCJZRDU.js
-+++ b/dist/chunk-VNCJZRDU.js
-@@ -323,7 +323,6 @@ var NetworkController = class extends _basecontroller.BaseController {
+diff --git a/dist/chunk-AJED3H6M.mjs b/dist/chunk-AJED3H6M.mjs
+index c7f9903611ccf8f0bb01bea786177efc1a915f7f..26d559fe80f193288badd737cfb8f9d91eb3fa67 100644
+--- a/dist/chunk-AJED3H6M.mjs
++++ b/dist/chunk-AJED3H6M.mjs
+@@ -341,7 +341,6 @@ var NetworkController = class extends BaseController {
    async initializeProvider() {
-     _chunkZ4BLTVTBjs.__privateMethod.call(void 0, this, _ensureAutoManagedNetworkClientRegistryPopulated, ensureAutoManagedNetworkClientRegistryPopulated_fn).call(this);
-     _chunkZ4BLTVTBjs.__privateMethod.call(void 0, this, _applyNetworkSelection, applyNetworkSelection_fn).call(this);
+     __privateMethod(this, _ensureAutoManagedNetworkClientRegistryPopulated, ensureAutoManagedNetworkClientRegistryPopulated_fn).call(this);
+     __privateMethod(this, _applyNetworkSelection, applyNetworkSelection_fn).call(this);
 -    await this.lookupNetwork();
    }
    /**
     * Refreshes the network meta with EIP-1559 support and the network status
-diff --git a/dist/chunk-XWP6GXMK.mjs b/dist/chunk-XWP6GXMK.mjs
-index fb7e30d27367a38e8a357ff9e744894a4505b5a5..884bb1d124934a613847d7fd398fbc6cb02cade8 100644
---- a/dist/chunk-XWP6GXMK.mjs
-+++ b/dist/chunk-XWP6GXMK.mjs
-@@ -323,7 +323,6 @@ var NetworkController = class extends BaseController {
+diff --git a/dist/chunk-UEWIYOS6.js b/dist/chunk-UEWIYOS6.js
+index 05e09914e085ed2fb67106bc750b8bb46882c80e..16eb520b7658625e411c9c6e35f86bd49fcce52f 100644
+--- a/dist/chunk-UEWIYOS6.js
++++ b/dist/chunk-UEWIYOS6.js
+@@ -341,7 +341,6 @@ var NetworkController = class extends _basecontroller.BaseController {
    async initializeProvider() {
-     __privateMethod(this, _ensureAutoManagedNetworkClientRegistryPopulated, ensureAutoManagedNetworkClientRegistryPopulated_fn).call(this);
-     __privateMethod(this, _applyNetworkSelection, applyNetworkSelection_fn).call(this);
+     _chunkZ4BLTVTBjs.__privateMethod.call(void 0, this, _ensureAutoManagedNetworkClientRegistryPopulated, ensureAutoManagedNetworkClientRegistryPopulated_fn).call(this);
+     _chunkZ4BLTVTBjs.__privateMethod.call(void 0, this, _applyNetworkSelection, applyNetworkSelection_fn).call(this);
 -    await this.lookupNetwork();
    }
    /**