Mark Stacey
c7db4c5a4d
Update `brfs` from v1.6.1 to v2.0.2 ( #9115 )
...
We were not affected by the breaking changes introduced with v2.0.0.
This was updated primarily to get a bugfix relating to source maps, and
to update some older transitive dependencies.
4 years ago
Mark Stacey
b19e048f58
Update `browserify` from v16.2.3 to v16.5.1 ( #9113 )
...
The changes between these two versions don't seen to affect us a great
deal. The browserify dependency updates do result in changes to our
production bundle, but the changes have no obvious functional impact.
4 years ago
Mark Stacey
081153a0df
Update `sesify-viz` from v3.0.9 to v3.0.10 ( #9111 )
...
The changes between v3.0.9 and v3.0.10 are minimial - just some minor
improvements to error handling.
4 years ago
Mark Stacey
ee291d48e9
Update `gulp-rename` from v1.4.0 to v2.0.0 ( #9112 )
...
The changes between these versions don't affect us. The breaking change
was related to passing in a function to `gulp-rename`, which we don't
do.
4 years ago
Mark Stacey
3f53db1846
Update `source-map-explorer` from v2.0.1 to v2.4.2 ( #9110 )
...
The output remains identical between these two versions, and none of
the changelog entries appear relevant to us (aside from maybe some of
the bug fixes).
4 years ago
Whymarrh Whitby
d990de4a0c
Update dependencies ( #9105 )
...
This change updates the following two dependencies to address high severity advisories in the production dependencies:
* Use elliptic@6.5.3
* Use dot-prop@5.2.0
The public advisories:
- `elliptic`: [npm](https://www.npmjs.com/advisories/1547 )
- `dot-prop`: [npm](https://www.npmjs.com/advisories/1213 ), [GHSA-ff7x-qrg7-qggm](https://github.com/advisories/GHSA-ff7x-qrg7-qggm )
I don't believe there to be any functional changes here:
- I don't think we hit any (important?) codepaths of the whole `ipld-zcash/zcash-bitcore-lib/elliptic` subtree of 3Box
- `dot-prop` doesn't have a changelog but;
- Looking through [`v3.0.0...v4.0.0`](https://github.com/sindresorhus/dot-prop/compare/v3.0.0...v4.0.0 ) it would seem that the breaking change was requiring Node.js 4 ([`88b6eb6`](88b6eb66cf
))
- The only breaking change listed for [v5.0.0](https://github.com/sindresorhus/dot-prop/releases/tag/v5.0.0 ) was requiring Node.js 8.
4 years ago
Mark Stacey
a69245d9ba
Improve source maps ( #9101 )
...
Our source maps were being corrupted during minification, because the
`gulp-terser-js` plugin we were using didn't account for the existence
of sourcemaps in the input. A configuration option to allow the input
of sourcemaps was added in v5.2.0. The plugin has been updated, and we
now use this option.
Previously the generated sourcemaps had an invalid entry in the
"sources" array, with the filename of the bundle itself. This was not a
real source. After this change, this invalid source is no longer
present.
4 years ago
Erik Marks
a3cad5d52e
rpc-cap@3.1.0 ( #9103 )
4 years ago
Erik Marks
99899b5df9
json-rpc-engine@5.2.0 ( #9091 )
4 years ago
ryanml
b4663eb78b
Fixes MetaMask/metamask-extension#8626 - verifies password on requesting seed phrase ( #9063 )
4 years ago
Brad Decker
21292a8ed1
update eth-token-tracker ( #9056 )
4 years ago
Whymarrh Whitby
33430f6dea
Use content-hash@2.5.2 ( #9051 )
4 years ago
Erik Marks
3c9a51d1af
@metamask/inpage-provider@6.1.0 ( #9046 )
4 years ago
Erik Marks
a51c518d09
@metamask/inpage-provider@6.0.1 ( #9003 )
4 years ago
Mark Stacey
49c46c9ed2
Update `stylelint` from `v9.10.1` to `v13.6.1` ( #9001 )
...
The changes made between v9.10.1 and v13.6.1 don't appear to be
relevant to us, aside from bug fixes that we'd benefit from.
`gulp-stylelint` also needed to be updated, as it's in-step with
`stylelint`. It went from v7 to v13.0.0. The changes aren't notable
here for us either.
4 years ago
Mark Stacey
c9dfc62123
Fix stylelint ( #8169 )
...
* Stylelint: Ignore only top-level directories
The `.stylelintignore` entries lacked leading slashes, so most of the
UI code was ignored (because it fell under the `ui/app` directory, and
`app/` was ignored.
The leading slashes ensure only the intended top-level directories are
ignored.
* Simplify stylelint rules
We use the `stylelint-config-standard` rule-set, so most commonly-used
stylelint rules are inherited from that.
Some of the removed rules were redundant, some of them were more strict
than the rules in `standard` and we hadn't been following them in
practice, and some were obsolete.
* Convert stylelint config to JavaScript
JavaScript is a bit easier than JSON to work with, as it allows
comments.
This was also done to make it easier to merge in the `stylelint-config-
standard`, which is also in JavaScript.
* Inline `stylelint-config-standard`
I intend to go through each of these rules one-by-one, which is easier
with all of these rules inlined. Selectively overriding/disabling them
would have been messy.
* Comment out rules that aren't current working
These rules have been temporarily disabled. They will be re-renabled
one-by-one as they are fixed. This was done to make it easier to split
these changes among separate PRs, as many of the rules require
extensive functional changes.
* Add `stylelint` to `lint` script
`stylelint` is now run as part of the `lint` script. There is also a
separate `lint:styles` script for running just `stylelint`.
4 years ago
Whymarrh Whitby
e713dd7698
Fix sort order of ethereumjs-block in yarn.lock ( #8985 )
...
Refs a2d0d6209
(#8979 )
This fixes the sort order of the yarn.lock file
4 years ago
Whymarrh Whitby
4e7d999875
Dedupe fs-extras versions ( #8980 )
4 years ago
Whymarrh Whitby
6b97cb8c5c
Use eslint-plugin-mocha@6.3.0 ( #8984 )
4 years ago
Whymarrh Whitby
82f7b448d9
Dedupe find-cache-dir versions ( #8981 )
4 years ago
Whymarrh Whitby
14c952b15c
Use eslint-plugin-import@2.22.0 ( #8983 )
4 years ago
Whymarrh Whitby
a2d0d6209d
Dedupe ethereumjs-block versions ( #8979 )
4 years ago
Whymarrh Whitby
4f0a205369
Use eslint@6.8.0 ( #8978 )
...
* Use eslint@6.8.0
* yarn lint:fix
4 years ago
Whymarrh Whitby
07237e3dbf
Use extract-zip@1.7.0 ( #8977 )
4 years ago
Whymarrh Whitby
6b9a3fb9a6
Use abortcontroller-polyfill@1.4.0 ( #8970 )
4 years ago
Whymarrh Whitby
956dea91fb
Use gonzales-pe@4.3.0 ( #8971 )
4 years ago
Whymarrh Whitby
0d8b399609
Use lodash@4.17.19 ( #8969 )
4 years ago
Mark Stacey
2856af2336
Remove integration tests ( #8959 )
...
The remaining integration tests are all covered by e2e tests, so
they're no longer needed.
All associated scripts, fixtures, and dependencies have also been
removed.
4 years ago
Mark Stacey
111bef2baa
Update `@metamask/test-dapp` to v3.1.0 ( #8963 )
...
This updated test dapp has a new `personal_sign` button. It also fixes
the `Encrypt` button, which was broken in `v3.0.0`.
The `signature-request` e2e test needed to be updated to find the
'Sign' button by id rather than by text, since there are now two
buttons with the text 'Sign'.
4 years ago
Brad Decker
3cbcc913e9
update material-ui/core ( #8950 )
4 years ago
Brad Decker
cd4903f65e
remove ramda ( #8932 )
4 years ago
Whymarrh Whitby
88e33c8d79
Use lodash@4.17.17 ( #8940 )
4 years ago
Brad Decker
14416a796a
add support for nullish coalescing ( #8935 )
4 years ago
Erik Marks
f4c60df0c1
rpc-cap@3.0.1 ( #8929 )
4 years ago
Erik Marks
8bc02d4b5e
rpc-cap@3.0.0 ( #8924 )
...
* rpc-cap@3.0.0
* adapt use of rpc-cap for new major version
4 years ago
Erik Marks
2f2cf07ef5
eth-json-rpc-middleware@5.0.2 ( #8923 )
4 years ago
Erik Marks
916edc64f0
@metamask/inpage-provider@6.0.0 ( #8921 )
4 years ago
Erik Marks
b6504341bd
@metamask/test-dapp@3.0.0 ( #8902 )
4 years ago
Erik Marks
d3aa9f8620
eth-keyring-controller@6.0.1 ( #8897 )
4 years ago
Erik Marks
dd209c8fd2
@metamask/test-dapp@2.2.0 ( #8888 )
4 years ago
Erik Marks
04198ec30a
update inpage provider ( #8872 )
...
Update `@metamask/inpage-provider` to v5.2.1
4 years ago
Erik Marks
79e001b9ac
eth-contract-metadata@1.15.0 ( #8871 )
4 years ago
Erik Marks
242db43700
Update inpage provider, deprecation warnings ( #8854 )
4 years ago
Erik Marks
3bd4528d9d
Update test-dapp ( #8856 )
...
* update test-dapp
4 years ago
Erik Marks
be3ac50791
Update eth-json-rpc-middleware ( #8847 )
5 years ago
Erik Marks
04de9a92c5
Fix signing method bugs ( #8833 )
...
* update signTypedData validation
* update tests for new eth-json-rpc-middleware
* remove lowercasing of tx 'from' addresses
5 years ago
Whymarrh Whitby
3673d69816
Use gulp-cli@2.3.0 ( #8845 )
5 years ago
Whymarrh Whitby
2abbeadbfb
Use node-sass@4.14.1 ( #8844 )
...
This change updates our `node-sass` dependency to the latest version, 4.14.1.
This resolves two security advisories brought in by an outdated `yargs-parser`
subdependency.
See https://www.npmjs.com/advisories/1500 for more information.
The `yarn audit` output:
```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-sass │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ node-sass > sass-graph > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-sass │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-sass > node-sass > sass-graph > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
5 years ago
Whymarrh Whitby
dc398191e0
Use @metamask/controllers@2.0.1 ( #8832 )
5 years ago
Whymarrh Whitby
3f8fa161ca
Use markdown-to-jsx@6.11.4 ( #8809 )
...
This change updates the `markdown-to-jsx` dependency to the latest version,
resolving XSS security advisories.
See https://www.npmjs.com/advisories/1219 for more information.
The `yarn audit` output:
```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-actions │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/addon-actions > @storybook/components > │
│ │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-backgrounds │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/addon-backgrounds > @storybook/components > │
│ │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/addon-knobs │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/addon-knobs > @storybook/components > │
│ │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/core │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/core > @storybook/ui > @storybook/components > │
│ │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/react > @storybook/core > @storybook/ui > │
│ │ @storybook/components > markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/core │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/core > @storybook/ui > markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=6.11.4 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/react > @storybook/core > @storybook/ui > │
│ │ markdown-to-jsx │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1219 │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
5 years ago