chore: Update lavamoat to a version with more diff-friendly policy ordering

[naugtur]

Description

This lavamoat update brings a different sorting comparator for policy.json files that will produce more readable diffs.
This PR has 2 commits - one that reorders the policy without making any changes and another that updates lavamoat packages on top of that.

For better clarity on the policy.json files, inspect each commit separately.

This is going to be hard to review and merge because conflict resolution requires a redo. Gonna have to schedule it carefully.

Related issues

Manual testing steps

1. run a local policy update and verify the diff is not ridiculously large (that would mean the update failed to apply properly after policy got reordered here)

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	environment	0	33.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	1.9 MB	nicolo-ribaudo
npm/@endo/[email protected]	None	0	28.2 kB	kriskowal
npm/@lavamoat/[email protected]	None	0	0 B
npm/@lavamoat/[email protected]	None	0	0 B
npm/@lavamoat/[email protected]	None	0	0 B
npm/@lavamoat/[email protected]	None	+2	236 kB	lgbot
npm/@npmcli/[email protected]	environment	0	18.3 kB	npm-cli-ops
npm/@types/[email protected]	None	0	84.1 kB	types
npm/[email protected]	None	0	20.4 kB	jrburke
npm/[email protected]	filesystem	+2	36.4 kB	npm-cli-ops
npm/[email protected]	None	0	1.01 MB	nodejs-foundation
npm/[email protected]	None	0	0 B
npm/[email protected]	Transitive: environment	+1	2.55 MB
npm/[email protected]	None	0	0 B
npm/[email protected]	None	0	0 B
npm/[email protected]	None	0	3.48 MB	kriskowal

🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected], npm/@endo/[email protected], npm/@lavamoat/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[naugtur]

@metamaskbot update-policies

[metamaskbot]

Policies updated.
👀 Please review the diff for suspicious new powers.

🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

[naugtur]

None of these browserify policies should have changed, so let's explore why these changes are trivial:

• the path to abort-controller changed because packages got rearranged in the tree and this is now the shortest path to it.
• readable-stream got deduplicated into a newer version that uses AbortSignal directly etc.

[naugtur]

This seems like we're detecting new globals we didn't detect before

[naugtur]

We could restrict these in overrides later as I don't think this shim has any work left to do.

[naugtur]

this is silly, but it comes with the ecosystem of streams reimplementations

[naugtur]

Policy review:
There should be no meningful changes to policy in the webapp as we didn't touch anything there. the changes present are due to changes in the shape of the dependency tree.

Changes to the build policy indicate the lavamoat update (the readable-stream is a new copy of readable-stream (lavamoat updated to v4 and it's the newest version in the dependencies here according to yarn why)

cc @MetaMask/policy-reviewers

[Mrtenz]

Looks good!

[weizman]

Lg

[metamaskbot]

Builds ready [5a46b93]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1808 ± 130 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	349	2270	1712	403	194
		domContentLoaded	1419	2227	1780	258	124
		load	1424	2266	1808	270	130
		domInteractive	26	154	51	31	15
		backgroundConnect	8	112	30	27	13
		firstReactRender	16	88	50	24	11
		getState	5	95	20	25	12
		initialActions	0	1	0	0	0
		loadScripts	1001	1778	1314	241	116
		setupStore	7	51	16	14	7
		uiStartup	1608	2957	2093	354	170

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 3.5 KiB (0.04%)

[naugtur]

Bundle size diffs [🚨 Warning! Bundle size has increased!]

same exact commits on main 3d ago said decreased 🤷

[metamaskbot]

Builds ready [e510fde]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1606 ± 86 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1371	2019	1614	188	90
		domContentLoaded	1365	1941	1588	173	83
		load	1373	1977	1606	180	86
		domInteractive	22	117	54	31	15
		backgroundConnect	8	82	22	18	9
		firstReactRender	15	79	44	25	12
		getState	4	51	12	12	6
		initialActions	0	1	0	0	0
		loadScripts	978	1485	1163	150	72
		setupStore	6	25	9	6	3
		uiStartup	1570	2277	1827	200	96

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 3.5 KiB (0.04%)

[naugtur]

@metamaskbot update-policies

[metamaskbot]

Policies updated.
👀 Please review the diff for suspicious new powers.

🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff

[metamaskbot]

Builds ready [215cc04]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 13, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1534 ± 36 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1424	1727	1538	75	36
		domContentLoaded	1419	1716	1517	74	36
		load	1423	1727	1534	76	36
		domInteractive	22	66	32	13	6
		backgroundConnect	7	53	18	15	7
		firstReactRender	15	99	42	31	15
		getState	5	64	16	18	9
		initialActions	0	1	0	0	0
		loadScripts	1035	1334	1123	67	32
		setupStore	6	62	15	19	9
		uiStartup	1609	2172	1818	175	84

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 3.5 KiB (0.04%)