Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump several MetaMask dependencies #1964

Merged
merged 17 commits into from
Nov 16, 2023
Merged

Bump several MetaMask dependencies #1964

merged 17 commits into from
Nov 16, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 15, 2023
edited by Mrtenz
Loading

This bumps several MetaMask packages to the latest version.

Changelog

  • Bump @metamask/utils from ^8.1.0 to ^8.2.1.
  • Bump @metamask/json-rpc-engine from ^7.1.1 to ^7.3.0.
  • Bump @metamask/object-multiplex from ^1.2.0 to ^2.0.0.
  • Bump @metamask/permission-controller from ^5.0.0 to ^5.0.1.
  • Bump @metamask/providers from ^13.0.0 to ^14.0.1.

@dependabot dependabot bot requested a review from a team as a code owner November 15, 2023 06:23
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 15, 2023
@Mrtenz
Copy link
Member

Mrtenz commented Nov 15, 2023

@metamaskbot update-pr

@Mrtenz Mrtenz force-pushed the dependabot/npm_and_yarn/main/metamask/utils-8.2.1 branch from b3f294c to 8f76ec6 Compare November 15, 2023 13:26
@socket-security Socket Security
Copy link

socket-security bot commented Nov 15, 2023
edited
Loading

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@metamask/object-multiplex 1.2.0...2.0.0 None +0/-0 13.2 kB lgbot
@metamask/permission-controller 5.0.0...5.0.1 None +0/-0 404 kB metamaskbot
@metamask/providers 13.0.0...14.0.1 None +8/-12 313 kB metamaskbot

@Mrtenz Mrtenz changed the title Bump @metamask/utils from 8.1.0 to 8.2.1 Bump @metamask/utils, @metamask/json-rpc-engine, @metamask/permission-controller Nov 15, 2023
@Mrtenz Mrtenz changed the title Bump @metamask/utils, @metamask/json-rpc-engine, @metamask/permission-controller Bump @metamask/utils, @metamask/json-rpc-engine, @metamask/permission-controller, @metamask/providers Nov 16, 2023
@Mrtenz Mrtenz force-pushed the dependabot/npm_and_yarn/main/metamask/utils-8.2.1 branch from 3c39910 to c8f729c Compare November 16, 2023 09:28
@socket-security Socket Security
Copy link

socket-security bot commented Nov 16, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: [email protected]

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@codecov Codecov
Copy link

codecov bot commented Nov 16, 2023
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (5fac99c) 96.03% compared to head (5a19bdb) 95.98%.

Files Patch % Lines
...s/snaps-simulator/src/features/simulation/sagas.ts 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1964      +/-   ##
==========================================
- Coverage   96.03%   95.98%   -0.05%     
==========================================
  Files         263      263              
  Lines        6127     6127              
  Branches      989      989              
==========================================
- Hits         5884     5881       -3     
- Misses        243      246       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Mrtenz Mrtenz changed the title Bump @metamask/utils, @metamask/json-rpc-engine, @metamask/permission-controller, @metamask/providers Bump several MetaMask dependencies Nov 16, 2023
@Mrtenz
Copy link
Member

Mrtenz commented Nov 16, 2023

@SocketSecurity ignore [email protected]
@SocketSecurity ignore @metamask/[email protected]

These are ours.

dependabot bot and others added 12 commits November 16, 2023 13:30
@dependabot @Mrtenz
Bump @metamask/utils from 8.1.0 to 8.2.1
b4ebe44 
Bumps [@metamask/utils](https://github.com/MetaMask/utils) from 8.1.0 to 8.2.1.
- [Release notes](https://github.com/MetaMask/utils/releases)
- [Changelog](https://github.com/MetaMask/utils/blob/main/CHANGELOG.md)
- [Commits](MetaMask/utils@v8.1.0...v8.2.1)

---
updated-dependencies:
- dependency-name: "@metamask/utils"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Mrtenz
Bump @metamask/permission-controller, @metamask/json-rpc-engine, and …
b27101e 
…resolve type issues
@metamaskbot @Mrtenz
Update LavaMoat policies
4b4e197
@Mrtenz
Fix JsonRpcRequestWithoutIdStruct type
d081695
@Mrtenz
Bump @metamask/providers
2862de0
@Mrtenz
Update LavaMoat policies
c6c9f07
@Mrtenz
Fix type issue
2c299ae
@Mrtenz
Bump @metamask/object-multiplex
67b5f3e
@Mrtenz
Update LavaMoat policies
cc1f53d
@Mrtenz
Add missing dependency
ca7d5b8
@Mrtenz
Fix dependency and LavaMoat policies again
f93e5db
@Mrtenz
Use readable-stream and disable error handling tests
b8f37b8
@Mrtenz Mrtenz force-pushed the dependabot/npm_and_yarn/main/metamask/utils-8.2.1 branch from e0b2495 to b8f37b8 Compare November 16, 2023 12:30
FrederikBolding
FrederikBolding reviewed Nov 16, 2023
View reviewed changes
Copy link
Member

@FrederikBolding FrederikBolding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we remove @types/readable-stream?

@Mrtenz
Copy link
Member

Mrtenz commented Nov 16, 2023

Can we remove @types/readable-stream?

Doing that results in type errors.

@Mrtenz Mrtenz merged commit 56c733d into main Nov 16, 2023
136 of 138 checks passed
@Mrtenz Mrtenz deleted the dependabot/npm_and_yarn/main/metamask/utils-8.2.1 branch November 16, 2023 15:37
@FrederikBolding FrederikBolding mentioned this pull request Nov 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrederikBolding FrederikBolding FrederikBolding approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mrtenz @FrederikBolding @metamaskbot