Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync v12.7.1 with master and restore 12.7.0 #28550

Merged
merged 9 commits into from
Nov 20, 2024

Conversation

danjm
Copy link
Contributor

@danjm danjm commented Nov 19, 2024

This PR merges the latest master into the v12.7.1 RC branch, and then reverts the revert of the merge of v12.7.0 into master. That revert was added in #28507, because we had already merged v12.7.0, but we then had to do a hotfix on top of v12.6.1

So after the current PR is merged, v12.7.1 will be just like v12.7.0 was, plus the fix already on the v12.7.1 branch

danjm and others added 8 commits November 15, 2024 23:50
This reverts commit 5561096, reversing
changes made to aa32744.
Updates tje changelog for v12.6.2
This is a cherry-pick of #28522 for v12.6.2. Original description: 

## **Description**

The package `cross-spawn` has been updated to v7.0.6 to address a
security advisory. The advisory doesn't impact our usage of this
library, but it was easy to update.

We had two usages of an older major version of this library in our
dependency tree (v5), which were forced to v7 using a resolution. The
only breaking changes in v6 and v7 were dropping support for older
Node.js versions that are already below our minimum supported version.

`cross-spawn` changelog:
https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28522?quickstart=1)

## **Related issues**

Resolves GHSA-3xgq-45jj-v275

## **Manual testing steps**

N/A

## **Screenshots/Recordings**

N/A

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
This is a cherry-pick of #28521 for v12.6.2. Original description:

## **Description**

The QR scanner is now more strict about the contents it allows to be
scanned. If the scanned QR code deviates at all from the supported
formats, it will return "unknown" as the result (as it always has for
completely unrecognized QR codes).

Previously we would accept QR codes with a recognized prefix even if the
complete contents did not match our expectations, which has resulted in
unexpected behavior.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28521?quickstart=1)

## **Related issues**

Fixes #28527

## **Manual testing steps**

- Open the MetaMask extension and select 'Send'
- Click on the QR scanner icon in the "Send To" field and enable webcam
- Scan a ERC-20 wallet receive QR from a mobile app, which follows the
EIP-681 standard and contains a valid token contract and account address
- ERC-20 Token Contract Address, which is the first address in the
string, populates the "Send To" field instead of the intended recipient
address

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

We didn't record this, but multiple people on the team reproduced the
problem.

### **After**

https://www.loom.com/share/be8822e872a14ec98a47547cf6198603

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- We don't yet have any way to test QR scanning. We will follow up later
with tests, and rely on manual testing for now. Later test automation
work tracked in #28528
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [x] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
@danjm danjm requested a review from a team as a code owner November 19, 2024 20:05
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the INVALID-PR-TEMPLATE PR's body doesn't match template label Nov 19, 2024
Copy link

socket-security bot commented Nov 19, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None 0 16.1 kB satazor

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@metamaskbot
Copy link
Collaborator

Builds ready [2264779]
Page Load Metrics (1974 ± 147 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint40628371737572275
domContentLoaded166528291952308148
load167728361974306147
domInteractive23116572713
backgroundConnect75921157
firstReactRender562911164924
getState470232412
initialActions01000
loadScripts117422761457277133
setupStore1169272010
uiStartup188530852219321154

@danjm danjm merged commit eaac1a5 into Version-v12.7.1 Nov 20, 2024
72 checks passed
@danjm danjm deleted the sync-12.7.1-restore-12.7.0 branch November 20, 2024 19:04
@github-actions github-actions bot locked and limited conversation to collaborators Nov 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
INVALID-PR-TEMPLATE PR's body doesn't match template team-extension-platform
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants