Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

devDeps: mockttp@^2.6.0->^3.9.1 #19163

Closed
wants to merge 3 commits into from
Closed

devDeps: mockttp@^2.6.0->^3.9.1 #19163

wants to merge 3 commits into from

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented May 15, 2023
edited
Loading

v3 breaking changes: https://github.com/httptoolkit/mockttp/releases/tag/v3.0.0

This removes devDependency on broken, vulnerable and deprecated vm2.

@legobeat legobeat added type-security dependencies Pull requests that update a dependency file labels May 15, 2023
@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@legobeat legobeat marked this pull request as ready for review May 15, 2023 23:44
@legobeat legobeat requested a review from a team as a code owner May 15, 2023 23:44
@legobeat legobeat requested a review from digiwand May 15, 2023 23:44
@legobeat legobeat marked this pull request as draft May 15, 2023 23:44
@socket-security
Copy link

socket-security bot commented May 15, 2023
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Unmaintained parse-multipart-data 1.5.0
  • Last Publish: 9/15/2022, 11:27:05 AM

Ignoring: [email protected], [email protected], @tootallnate/[email protected], [email protected]

Next steps

What are unmaintained packages?

Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed.

Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@legobeat
Copy link
Contributor Author 

@SocketSecurity ignore [email protected]

@legobeat legobeat force-pushed the devdeps-mockttp branch 6 times, most recently from a9bfa84 to 6f774ed Compare May 21, 2023 00:10
digiwand
digiwand previously approved these changes May 24, 2023
View reviewed changes
@legobeat legobeat dismissed stale reviews from digiwand and ghost via 91563f2 June 5, 2023 16:10
@legobeat legobeat marked this pull request as ready for review June 5, 2023 16:10
@legobeat legobeat requested a review from digiwand June 5, 2023 16:11
@brad-decker brad-decker dismissed a stale review via 91563f2 June 5, 2023 16:34
@legobeat legobeat dismissed a stale review via d715263 June 5, 2023 17:43
@plasmacorral plasmacorral dismissed a stale review via d715263 June 5, 2023 18:20
@bergarces bergarces dismissed a stale review via d715263 June 5, 2023 20:13
@legobeat legobeat dismissed a stale review via 30a226b June 6, 2023 03:43
@legobeat legobeat changed the title devDeps: mockttp@^2.6.0->^3.9.0 devDeps: mockttp@^2.6.0->^3.9.1 Aug 23, 2023
@legobeat
Copy link
Contributor Author 

@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore @tootallnate/[email protected]
@SocketSecurity ignore [email protected]

network access ok

@legobeat legobeat requested review from brad-decker and digiwand and removed request for digiwand August 24, 2023 00:12
@legobeat
Copy link
Contributor Author

legobeat commented Aug 24, 2023
edited
Loading

The failing test-e2e-chrome circleci job seems intermittent and unrelated?

This version of µWS is not compatible with your Node.js build:

Error: Cannot find module './uws_linux_x64_108.node'
Falling back to a NodeJS implementation; performance may be degraded.


Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 43477
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
[1692835602.415][SEVERE]: bind() failed: Cannot assign requested address (99)

DevTools listening on ws://127.0.0.1:36333/devtools/browser/c969d427-551c-459a-8c98-cc92f38871cf
[driver] Called 'navigate' with arguments []
[driver] Called 'fill' with arguments ["#password","correct horse battery staple"]
[driver] Called 'press' with arguments ["#password",""]
[driver] Called 'clickElement' with arguments ["[data-testid=\"home__nfts-tab\"]"]
[driver] Called 'findVisibleElement' with arguments [".nft-item__container"]
[driver] Called 'findElement' with arguments [".asset-breadcrumb span:nth-of-type(2)"]
[driver] Called 'findElement' with arguments [".nft-details__info h4"]
[driver] Called 'findElement' with arguments [".nft-details__info h6:nth-of-type(2)"]
[driver] Called 'findElement' with arguments [".nft-item__container"]
[driver] Called 'findElement' with arguments [".nft-details__contract-wrapper"]
<testsuite name="Mocha Tests" tests="1" failures="0" errors="0" skipped="0" timestamp="Thu, 24 Aug 2023 00:06:50 GMT" time="16.565">
<testcase classname="View ERC1155 NFT details" name="user should be able to view ERC1155 NFT details" time="16.563"/>
</testsuite>
This version of µWS is not compatible with your Node.js build:

Error: Cannot find module './uws_linux_x64_108.node'
Falling back to a NodeJS implementation; performance may be degraded.


Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 36589
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
[1692835628.245][SEVERE]: bind() failed: Cannot assign requested address (99)
ChromeDriver was started successfully.

DevTools listening on ws://127.0.0.1:46513/devtools/browser/d8a24567-b6d7-4dd7-99f0-e291a8eb7b24
[driver] Called 'navigate' with arguments []
[driver] Called 'fill' with arguments ["#password","correct horse battery staple"]
[driver] Called 'press' with arguments ["#password",""]
[driver] Called 'clickElement' with arguments ["[data-testid=\"home__nfts-tab\"]"]
[driver] Called 'clickElement' with arguments [".nft-item__container"]
[driver] Called 'findElement' with arguments [".asset-breadcrumb"]
[driver] Called 'findElement' with arguments [".nft-details__info h4"]
[driver] Called 'findElement' with arguments [".nft-details__info h6:nth-of-type(2)"]
[driver] Called 'findElement' with arguments [".nft-item__container"]
[driver] Called 'findElement' with arguments [".nft-details__contract-wrapper"]
<testsuite name="Mocha Tests" tests="1" failures="0" errors="0" skipped="0" timestamp="Thu, 24 Aug 2023 00:07:15 GMT" time="16.153">
<testcase classname="View NFT details" name="user should be able to view ERC721 NFT details" time="16.152"/>
</testsuite>
This version of µWS is not compatible with your Node.js build:

Error: Cannot find module './uws_linux_x64_108.node'
Falling back to a NodeJS implementation; performance may be degraded.


Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 46511
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
[1692835644.962][SEVERE]: bind() failed: Cannot assign requested address (99)

DevTools listening on ws://127.0.0.1:36857/devtools/browser/8b555c16-7884-4db9-a860-7427122f4a93
[driver] Called 'navigate' with arguments []
[driver] Called 'fill' with arguments ["#password","correct horse battery staple"]
[driver] Called 'press' with arguments ["#password",""]
[driver] Called 'openNewPage' with arguments ["http://127.0.0.1:8080"]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'waitUntilXWindowHandles' with arguments [3]
[driver] Called 'getAllWindowHandles' with arguments []
[driver] Called 'switchToWindowWithTitle' with arguments ["MetaMask Notification",["34CE66C720DDA4EFA0D9E6B2502FA276","1CBBDC9C02AAB55C3F960BA7C9C93FB2","B32802F51B8F743C3F0A91D18BF80D23"]]
[driver] Called 'clickElement' with arguments [{"text":"Next","tag":"button"}]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'wait' with arguments [null,10000]
<testsuite name="Mocha Tests" tests="1" failures="0" errors="1" skipped="0" timestamp="Thu, 24 Aug 2023 00:07:35 GMT" time="10.771">
<testcase classname="Permissions Approved Event" name="Successfully tracked when connecting to dapp" time="10.764"><failure>Cannot read properties of undefined (reading &#x27;properties&#x27;)
TypeError: Cannot read properties of undefined (reading &#x27;properties&#x27;)
    at /home/circleci/project/test/e2e/metrics/permissions-approved.spec.js:67:35
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at type (test/e2e/helpers.js:105:9)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/metrics/permissions-approved.spec.js:37:19)</failure></testcase>
</testsuite>
Error: Exited with code '1'
    at runInShell (/home/circleci/project/development/lib/run-command.js:134:29)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /home/circleci/project/test/e2e/run-e2e-test.js:124:5
    at async retry (/home/circleci/project/development/lib/retry.js:36:7)
    at async main (/home/circleci/project/test/e2e/run-e2e-test.js:123:3)
This version of µWS is not compatible with your Node.js build:

Error: Cannot find module './uws_linux_x64_108.node'
Falling back to a NodeJS implementation; performance may be degraded.


Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 43123
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
[1692835664.868][SEVERE]: bind() failed: Cannot assign requested address (99)
ChromeDriver was started successfully.

DevTools listening on ws://127.0.0.1:33031/devtools/browser/4b946bea-a65d-4835-b7c4-5a0a37e9600c
[driver] Called 'navigate' with arguments []
[driver] Called 'fill' with arguments ["#password","correct horse battery staple"]
[driver] Called 'press' with arguments ["#password",""]
[driver] Called 'openNewPage' with arguments ["http://127.0.0.1:8080"]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'waitUntilXWindowHandles' with arguments [3]
[driver] Called 'getAllWindowHandles' with arguments []
[driver] Called 'switchToWindowWithTitle' with arguments ["MetaMask Notification",["5B54F416A6E94F7E581CB30EBEB75D9B","AAEDC13DFBC1044FFD74F0234814C56E","62B31A9EFE33F033AAA08FF711727B34"]]
[driver] Called 'clickElement' with arguments [{"text":"Next","tag":"button"}]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'wait' with arguments [null,10000]
<testsuite name="Mocha Tests" tests="1" failures="0" errors="1" skipped="0" timestamp="Thu, 24 Aug 2023 00:07:55 GMT" time="11.094">
<testcase classname="Permissions Approved Event" name="Successfully tracked when connecting to dapp" time="11.083"><failure>Cannot read properties of undefined (reading &#x27;properties&#x27;)
TypeError: Cannot read properties of undefined (reading &#x27;properties&#x27;)
    at /home/circleci/project/test/e2e/metrics/permissions-approved.spec.js:67:35
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at type (test/e2e/helpers.js:105:9)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/metrics/permissions-approved.spec.js:37:19)</failure></testcase>
</testsuite>
Error: Exited with code '1'
    at runInShell (/home/circleci/project/development/lib/run-command.js:134:29)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /home/circleci/project/test/e2e/run-e2e-test.js:124:5
    at async retry (/home/circleci/project/development/lib/retry.js:36:7)
    at async main (/home/circleci/project/test/e2e/run-e2e-test.js:123:3)
This version of µWS is not compatible with your Node.js build:

Error: Cannot find module './uws_linux_x64_108.node'
Falling back to a NodeJS implementation; performance may be degraded.


Starting ChromeDriver 114.0.5735.90 (386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}) on port 36919
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
[1692835686.953][SEVERE]: bind() failed: Cannot assign requested address (99)
ChromeDriver was started successfully.

DevTools listening on ws://127.0.0.1:34711/devtools/browser/56a2ff39-0d6d-49a6-8c29-fceddd98a94a
[driver] Called 'navigate' with arguments []
[driver] Called 'fill' with arguments ["#password","correct horse battery staple"]
[driver] Called 'press' with arguments ["#password",""]
[driver] Called 'openNewPage' with arguments ["http://127.0.0.1:8080"]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'waitUntilXWindowHandles' with arguments [3]
[driver] Called 'getAllWindowHandles' with arguments []
[driver] Called 'switchToWindowWithTitle' with arguments ["MetaMask Notification",["57C4944EC943FA516C1BBE457EFBCA56","2F04178A0AF8A1E9C5E0001AE2CF35EF","3BA5E8EF1A5D17B14DFB728E645C3C47"]]
[driver] Called 'clickElement' with arguments [{"text":"Next","tag":"button"}]
[driver] Called 'clickElement' with arguments [{"text":"Connect","tag":"button"}]
[driver] Called 'wait' with arguments [null,10000]
<testsuite name="Mocha Tests" tests="1" failures="0" errors="1" skipped="0" timestamp="Thu, 24 Aug 2023 00:08:17 GMT" time="11.962">
<testcase classname="Permissions Approved Event" name="Successfully tracked when connecting to dapp" time="11.955"><failure>Cannot read properties of undefined (reading &#x27;properties&#x27;)
TypeError: Cannot read properties of undefined (reading &#x27;properties&#x27;)
    at /home/circleci/project/test/e2e/metrics/permissions-approved.spec.js:67:35
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at type (test/e2e/helpers.js:105:9)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/metrics/permissions-approved.spec.js:37:19)</failure></testcase>
</testsuite>
Error: Exited with code '1'
    at runInShell (/home/circleci/project/development/lib/run-command.js:134:29)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /home/circleci/project/test/e2e/run-e2e-test.js:124:5
    at async retry (/home/circleci/project/development/lib/retry.js:36:7)
    at async main (/home/circleci/project/test/e2e/run-e2e-test.js:123:3)
Error: Retry limit reached
    at retry (/home/circleci/project/development/lib/retry.js:50:9)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async main (/home/circleci/project/test/e2e/run-e2e-test.js:123:3)
Error: Exited with code '1'
    at runInShell (/home/circleci/project/development/lib/run-command.js:134:29)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async main (/home/circleci/project/test/e2e/run-all.js:161:5)

Exited with code exit status 1

@legobeat
Copy link
Contributor Author

Hmm, no, lifting back to draft:

<testcase classname="Phishing Detection" name="should navigate the user to eth-phishing-detect to dispute a block from MetaMask" time="0.646"><failure>listen EADDRINUSE: address already in use :::9999
Error: listen EADDRINUSE: address already in use :::9999
    at Server.setupListenHandle [as _listen2] (node:net:1751:16)
    at listenInCluster (node:net:1799:12)
    at Server.listen (node:net:1887:7)
    at PhishingWarningPageServer.start (test/e2e/phishing-warning-page-server.js:19:15)
    at withFixtures (test/e2e/helpers.js:55:13)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/tests/phishing-controller/phishing-detection.spec.js:170:10)</failure></testcase>
<testcase classname="Phishing Detection" name="should navigate the user to PhishFort to dispute a Phishfort Block" time="0.209"><failure>listen EADDRINUSE: address already in use :::9999
Error: listen EADDRINUSE: address already in use :::9999
    at Server.setupListenHandle [as _listen2] (node:net:1751:16)
    at listenInCluster (node:net:1799:12)
    at Server.listen (node:net:1887:7)
    at PhishingWarningPageServer.start (test/e2e/phishing-warning-page-server.js:19:15)
    at withFixtures (test/e2e/helpers.js:55:13)
    at process.testSpecificMock (node:internal/process/task_queues:95:5)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/tests/phishing-controller/phishing-detection.spec.js:203:9)</failure></testcase>
<testcase classname="Phishing Detection" name="should open a new extension expanded view when clicking back to safety button" time="0.469"><failure>listen EADDRINUSE: address already in use :::9999
Error: listen EADDRINUSE: address already in use :::9999
    at Server.setupListenHandle [as _listen2] (node:net:1751:16)
    at listenInCluster (node:net:1799:12)
    at Server.listen (node:net:1887:7)
    at PhishingWarningPageServer.start (test/e2e/phishing-warning-page-server.js:19:15)
    at withFixtures (test/e2e/helpers.js:55:13)
    at process.fixtures (node:internal/process/task_queues:95:5)
    at Context.&#x3C;anonymous&#x3E; (test/e2e/tests/phishing-controller/phishing-detection.spec.js:237:9)</failure></testcase>

https://app.circleci.com/pipelines/github/MetaMask/metamask-extension/54826/workflows/94e88692-1d7b-4c85-8dc7-6e1d3e6f0730/jobs/1629727

@legobeat legobeat marked this pull request as draft August 24, 2023 06:42
@legobeat legobeat mentioned this pull request Sep 1, 2023
Merged
@legobeat legobeat force-pushed the devdeps-mockttp branch 2 times, most recently from e1563ea to 5d45f10 Compare September 4, 2023 11:32
@legobeat legobeat mentioned this pull request Sep 9, 2023
Open
@github-actions GitHub Actions
Copy link
Contributor

This PR has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 14 days. Thank you for your contributions.

@github-actions github-actions bot added the stale issues and PRs marked as stale label Nov 20, 2023
@legobeat legobeat removed the stale issues and PRs marked as stale label Nov 20, 2023
@legobeat legobeat mentioned this pull request Jan 18, 2024
Merged
8 tasks
@github-actions GitHub Actions
Copy link
Contributor

This PR has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 14 days. Thank you for your contributions.

@github-actions github-actions bot added the stale issues and PRs marked as stale label Jan 19, 2024
@legobeat
Copy link
Contributor Author

Included in #20578

@legobeat legobeat closed this Jan 19, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Jan 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@brad-decker brad-decker Awaiting requested review from brad-decker

@digiwand digiwand Awaiting requested review from digiwand

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file stale issues and PRs marked as stale team-security type-security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@legobeat @brad-decker @digiwand