The `elliptic` package has been updated to v6.5.4 to address a security
advisory regarding a vulnerability in v6.5.3. We are not affected by
this vulnerability to the best of our knowledge. This is just to stay
on the safe side, and fix our audit check.
* Add warning system for 'confusable' ENS names (#9129)
Uses unicode.org's TR39 confusables.txt to display a warning when
'confusable' unicode points are detected.
Currently only the `AddRecipient` component has been updated, but the new
`Confusable` component could be used elsewhere
The new `unicode-confusables` dependency adds close to 100KB to the
bundle size, and around 30KB when gzipped.
Adds 'tag' prop to the tooltop-v2 component
Use $Red-500 for confusable ens warning
Lint Tooltip component
Update copy for confusing ENS domain warning.
* Fix prop type
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
This script was accidentally broken in #10499, which added the `.sh`
file extension to all Bash scripts. I forgot to update the
`ganache:start` script to use the new file extension.
A CI job has been added to ensure the `allow-scripts` config and the
LavaMoat auto-generated policy is up-to-date. This will only run on
release branches and the `master` branch, because it's too difficult a
requirement to meet for each PR for contributors on macOS, due to
differences in the dependency graph caused by optional dependencies.
The `allow-scripts` and LavaMoat policy have both been updated using
`yarn allow-scripts auto` and `yarn lavamoat:auto`.
This package hasn't been used since #8140, which dropped it for being
too slow and of minimal benefit.
We should consider re-adding this as a CI check to ensure images are
optimized, but I don't think it should be re-added to the build process
itself.
This dependency was added to get Storybook working, but since then it
has been made a direct dependency of Storybook. We no longer use it
directly, and we don't need it in our dependencies.
This package was added as a devDependency to address a peerDependency
warning when installing Storybook v5.3.14. We're now using Storybook
v6, which doesn't list this as a peerDependency.
The `start:dev` script relies upon `electron` and `sqlite`, both of
which had their install scripts disabled by `allow-scripts`. Without
those two packages, `start:dev` crashes immediately.
The manifest has been updated to ensure install scripts run for both
packages. `start:dev` now works.
Fixes#10356
There was a bug in the inpage provider that would mistakenly report
usage of our injected `web3` instance when the `web3.currentProvider`
property was accessed. This was fixed in v8.0.4 of
`@metamask/inpage-provider`.
* ci - run storybook and add to build-artifacts
* ci/storybook - rename storybook build path and fix artifact upload
* ci/storybook - rename link text
* clean - remove accidently committed storybook build dir
* storybook - fix image path to relative (#10364)
* use @lavamoat/allow-scripts for package postinstall allow list
* dnode: set "weak" to false
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
The changes made between v1.3.2 and v1.5.0 of `@reduxjs/toolkit` don't
appear to affect us at all. They mostly consist of feature additions
and bug fixes for edge cases we haven't encountered.[1]
The one change that is technically breaking is that v8 of `immer` now
freezes state objects in production rather than just in development.
That would only be breaking if we were mutating Redux state though,
which we aren't doing in the few Redux slices in which we use
`@reduxjs/toolkit`. Even if we were, we would have noticed that it
broke in development already.
[1]: https://github.com/reduxjs/redux-toolkit/releases