Update lodash transitive dependencies in response to security advisory:
https://www.npmjs.com/advisories/1065
There are a few remaining instances of the vulnerable lodash dependency
in the lockfile, but those are only used by development dependencies.
They are pinned, so are more difficult to update.
These files were referencing npm scripts that no longer existed. Notices
appear to no longer exist, and the `ui-dev.js` module is no longer
actively used.
The `mock-dev.js` module is still used for certain integration tests, so
I've just removed the reference to the non-existent script.
We've been using the `eslint-plugin-json` plugin for some time, but we
haven't been visiting `.json` files in the lint script. The lint script
has now been updated to incude `.json` files, which means any invalid
JSON will result in a lint error.
Unfortunately this JSON plugin doesn't seem to apply the other eslint
rules (such as `key-spacing`) to the JSON files. I wasn't able to find a
way to get that to work. Instead I manually auto-formatted each of the
locale `message.json` files, which fixed many whitespace
inconsistencies.
The `states.json` file was deleted completely, as it appears to be
unused. It wasn't a valid JSON file anyway, it was JavaScript. It looks
like a `states.js` file is automatically generated, but an old copy was
accidentally saved as `states.json` and included in the repo.
Many duplicate key errors were found and fixed in the
`development/states/` JSON files.
`package-lock.json` was added to `.eslintignore` because it was very
slow to lint, and linting it doesn't provide much value.
We had forgotten to add `eslint` as a dependency, even though we use it
directly. It had always worked because we have dependencies that also
depend upon it.
`eslint` has also been updated to v6, which necessitated two minor
changes.
The AppVeyor configuration appears to be unused - this project is not
connected to AppVeyor.
After deleting the AppVeyor config, the JSDoc config was the last thing
in the `development/tools` directory. That felt a little silly, so I
moved it up to `development`.
Unused expressions are generally a mistake, as they don't do anything.
The exceptions to this rule (short-circuit expressions and ternary
expressions) have been allowed.
The `webrtc-adapter` was previously ignored by eslint because it has a
side-effect upon being imported. I removed the local variable instead,
which should preserve the same side-effect without making eslint
complain.
* Add React and Redux DevTools
* Conditionally load react-devtools
* Add start:dev npm script to run the app with devtools
Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
* Improve auto changelog script
The auto changelog script was creating empty or invalid entries in a
number of different cases, such as when the body of a commit spanned
multiple lines. This has been fixed, and the following additional
improvements have been made:
- Error handling (it will now crash upon encountering an error)
- Commits without a PR number in the subject are listed without the PR
prefix
- Invalid shellcheck warnings ignored
- Only the first line of the commit body is shown
- Carriage returns are stripped (some commits contain them)
This script should be more reliable for helping to manually update the
changelog. It's still not sufficiently robust to use as part of an
automated process - I don't think that's feasible without maintaining
stricter control over commit messages conventions and/or merge
strategies.
* Add loading spinner to pending tx status label.
* Add border around account icon in top right
* Change style of settings toggle buttons; wrap with local components
* Eliminate large space after settings labels when no description
* Remove network form from advanced tab of settings
* Keep new account container height to contents when in full screen
This package is deprecated, and is incompatible with React v16. It has
been replaced by `react-test-renderer`, which has a drop-in replacement
for `react-addons-css-transition-group`.
Strangely, `react-test-renderer` was already listed as a dependency
despite not being used. I had to downgrade it, as the version already
listed was for React v16, and we're still using React v15.
This must have been removed as a dependency at some point, but left in
the lockfile. I noticed it would install itself whenever I reinstalled
all packages.
The `stage-0` Babel preset has been replaced with the specific Babel
plugins that we depend upon. We don't use most of `stage-0`, so this
allowed us to remove many unnecessary transformations. We had to remove
this preset soon anyway, because all of the stage presets are
deprecated in Babel 7.
The `stage-0` preset consisted of these plugins:
```
"transform-do-expressions"
"transform-function-bind"
"transform-class-constructor-call"
"transform-export-extensions"
"transform-class-properties"
"transform-decorators"
"syntax-dynamic-import"
"syntax-trailing-function-commas"
"transform-async-generator-functions"
"transform-async-to-generator"
"transform-exponentiation-operator"
"transform-object-rest-spread"
```
Of that list, only 'transform-class-properties', 'transform-object-
rest-spread', and 'transform-async-to-generator' were being used.
While working on #6805, I noticed that many variables were being used
before they were declared. Technically this worked fine in practice
because we were using the `transform-es2015-block-scoping` Babel plugin,
which transforms `let` and `const` to `var`, which is hoisted. However,
after removing that Babel transformation, many things broke.
All instances of variables or classes being used before declared have
been fixed.
The `no-use-before-define` eslint rule has been added to catch these
cases going forward. The rule is disabled for function declarations for
the moment, because those are always hoisted. We could disable that too
if we want to, but it's purely stylistic and would require a lot more
changes.
* Added visual documentation of the menu bar component
* updated CHANGELOG.md
* renamed to account menu which is the component highlighted in the screenshot
* updated contributions document
* Remove unused state 'gas.basicPriceAndTimeEstimates'
* Check for invalid estimates from local storage
Gas estimates were being cached in local storage then later retrieved,
but the retrieved values were not being checked. If the data failed to
save, failed to load, or was cleared since being saved, it would result
in the gas estimates being set to undefined.
The estimates retrieved from local storage are now checked before they
are used. If they are falsy, the estimates are retrieved from the
network instead.
This should fix this Sentry issue:
[METAMASK-6W0T](https://sentry.io/share/issue/cfe470314a5741768b19050815322aa4/)
A few additional changes were made to the gas-duck tests to accommodate
the use of `sinon.restore`. `restore` is strongly recommended by the
`sinon` team, as neglecting to use it can result in memory leaks. It has
the additional benefit of ensuring you create fresh stubs/spies for each
test, which means they no longer need to be reset between tests.
* Introduce delay for eth_estimateGas calls with in test
* Add test that fails when gas estimates of contract method calls without gas are too high.
* Get transaction gas data from unApprovedTxs instead of confirmTransaction
* Fix selection of gas data in gas-modal-page-container.container
* Lint changes related to Version-6.7.2-gasLimitFix
* Fix e2e tests on Version-6.7.2-gasLimitFix
* Fix unit and integration tests for changes from Version-6.7.2-gasLimitFix
* more e2e fixes
* Add assertions for transaction values on confirm screen
* Fix display of transaction amount on confirm screen.
The `disc` gulp command no longer works. I wasn't able to fix this
easily, so instead it has been removed. We can probably find something
better to replace it with.
`addons-linter` will occasionally run out of heap space. This provides 3
GB of heap for that script rather than the default ~1.5 GB. The CircleCI
containers have 4GB of memory, so this should leave plenty of extra
space for non-heap memory.
The integration tests are slow, and rather inconvenient to run in
development on a regular basis (they break if you move the mouse). They
have been removed from the `test` script, to make running `test`
frequently during development less painful.
* Introduce delay for eth_estimateGas calls with in test
* Add test that fails when gas estimates of contract method calls without gas are too high.
* Get transaction gas data from unApprovedTxs instead of confirmTransaction
* Fix selection of gas data in gas-modal-page-container.container
* Lint changes related to Version-6.7.2-gasLimitFix
* Fix e2e tests on Version-6.7.2-gasLimitFix
* Fix unit and integration tests for changes from Version-6.7.2-gasLimitFix
* more e2e fixes
* Add assertions for transaction values on confirm screen
* Fix display of transaction amount on confirm screen.
This silences a warning message that was printed to the console whenever
this module was loaded during tests.
The API changes between these two versions were reviewed carefully for
differences. The only difference made was to `PBKDF2_HMAC_SHA256.bytes`,
which was replaced by `Pbkdf2HmacSha256`.
The length argument no longer has a default value, so it has been set
to match what the default value was in the previous version we used,
which is 32 (the SHA256 hash size).
The flat tests also rely upon these transformations, yet invoke
browserify from the command line rather than using the gulpfile. The
transformations have been specified on the command line for those
instead.
Of course it's not ideal to have the same transformations listed in two
different places, but the plan is to delete the flat tests soon anyway,
so this should suffice until then.
Closes#4538