`ganache-core` and `ganache-cli` have been updated to the latest
published versions.
Two Yarn resolutions have been made unnecessary by this update, so they
have been removed. They were added to update dependencies of
`ganache-core` to address security advisories. They have since been
updated in the latest `ganache-core` release.
* Add ses lockdown to build system using lavamoat-core
* use proper object.assign version
* disable lint rules for ses lockdown
* deps - update rtlcss
Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Refs #9663
See [`node/no-unsupported-features/node-builtins`][1] for more information.
This change enables `node/no-unsupported-features/node-builtins` and fixes the issue
raised by the rule.
The `engines.node` version is updated to reflect the version specified by the `.nvmrc`
file and the version used by CircleCI:
```bash
$ cat .nvmrc
v10.18.1
```
```bash
$ docker run --rm -it circleci/node@sha256:e16740707de2ebed45c05d507f33ef204902349c7356d720610b5ec6a35d3d88 node --version
v10.18.1
```
`@metamask/eslint-config` has been updated to v4.1.0. This update
requires that we update `eslint` to v7 as well, which in turn requires
updating most `eslint`-related packages.
Most notably, `babel-eslint` was replaced with `@babel/eslint-parser`,
and `babel-eslint-plugin` was replaced by `@babel/eslint-plugin`. This
required renaming all the `babel/*` rules to `@babel/*`.
Most new or updated rules that resulted in lint errors have been
temporarily disabled. They will be fixed and re-enabled in subsequent
PRs.
On Windows, spawn fails if the exact filename
of a binary isn't passed. e.g. `spawn('yarn')` fails
because the binary is named `yarn.cmd`.
Instead, we depend on `cross-spawn` which handles differences
in `spawn` across platforms.
All three of our Sentry packages have been updated to the latest
versions. There appear to have been no breaking changes - just bug
fixes and new features.
This change updates `node-forge` to the latest published version, 0.10.0. This
update resolves a security advisory [1] brought in via our `3box` dependency.
[1]:https://www.npmjs.com/advisories/1561
JSON files are now sorted by key with `prettier`, using the plugin
`prettier-plugin-sort-json`. This does not affect `package.json`
because `prettier` uses a special parser for that file, as it has
a more restrictive format than JSON.
Instead of using `eslint-plugin-json` for linting JSON files,
`prettier` is now used. `prettier` is capable of detecting and
correcting more problems than `eslint-plugin-json` can, such as
indentation.
All JSON files have been run through `prettier`. The changes are all
superficial.
* MetaMask mascot support for provided directions targets and toggling followMouse
* Fixes for mascot.component.js
* Update metamask-logo version to 2.4.0
* Lint fix
* Fix mouse follow updating
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Improve mascot story name
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Update package.json
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Lint fix
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Add react-testing-library
Adds react-testing-library as a dependency, creates a wrapper function with Provider store/I18n context support, and implements it in unconnected-account-alert.
* Refactor renderWithProvider store to extra param, instead of component prop store
This change updates the shared ESLint config to the latest published version,
v3.1.0.
From the config [`CHANGELOG.md`][1]: v3.0.1 has disabled `prefer-object-spread`
by default, so it has been enabled for this project.
[1]:https://github.com/MetaMask/eslint-config/blob/master/CHANGELOG.md
This updates the `copy-webpack-plugin` to the latest published version, 6.0.3,
resolving [a high-severity security advisory][1] with its `serialize-javascript`
dependency.
[1]: https://www.npmjs.com/advisories/1548
See https://www.npmjs.com/advisories/1548 for more information.
The `yarn audit` output:
```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Remote Code Execution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ copy-webpack-plugin │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ copy-webpack-plugin > serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1548 │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
The relevant [`v6.0.0`][2] breaking changes:
- minimum supported Node.js version is 10.13
- ✅ We use 10.18.1 locally and on CI
- the plugin now accepts an object, you should change `new CopyPlugin(patterns, options)` to `new CopyPlugin({ patterns, options })`
- ✅ Updated `.storybook/webpack.config.js`
[2]:https://github.com/webpack-contrib/copy-webpack-plugin/releases/tag/v6.0.0
We were not affected by the breaking changes introduced with v2.0.0.
This was updated primarily to get a bugfix relating to source maps, and
to update some older transitive dependencies.
The changes between these two versions don't seen to affect us a great
deal. The browserify dependency updates do result in changes to our
production bundle, but the changes have no obvious functional impact.
Mark Stacey
Brad Decker
Erik Marks
Etienne Dusseault
Whymarrh Whitby
Ari Lotter
Dan J Miller
ricky
dependabot[bot]
Thomas Huang