Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dependencies): @metamask/eth-token-tracker@^7.0.2->^8.0.0 #24855

Merged
merged 3 commits into from
May 29, 2024
Merged

chore(dependencies): @metamask/eth-token-tracker@^7.0.2->^8.0.0 #24855

merged 3 commits into from
May 29, 2024

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented May 29, 2024
edited
Loading

Description

Open in GitHub Codespaces

Related issues

Screenshots/Recordings

Before

After

Pre-merge author checklist

  • I’ve followed MetaMask Coding Standards.
  • I've completed the PR template to the best of my ability
  • I’ve included tests if applicable
  • I’ve documented my code using JSDoc format if applicable
  • I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@socket-security Socket Security
Copy link

socket-security bot commented May 29, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@metamask/[email protected] None 0 0 B
npm/@metamask/[email protected] None 0 5.55 MB metamaskbot
npm/@metamask/[email protected] Transitive: network +1 833 kB metamaskbot
npm/@metamask/[email protected] network 0 673 kB metamaskbot
npm/@sentry/[email protected] environment, filesystem, network, shell 0 55.8 kB sentry-bot

🚮 Removed packages: npm/@metamask/[email protected], npm/@metamask/[email protected], npm/@metamask/[email protected], npm/@metamask/[email protected], npm/@metamask/[email protected], npm/@sentry/[email protected]

View full report↗︎

@legobeat legobeat force-pushed the dependencies-metamask-eth-token-tracker branch from 7d70351 to 8063e5b Compare May 29, 2024 02:12
@legobeat legobeat added dependencies Pull requests that update a dependency file team-security labels May 29, 2024
@legobeat legobeat marked this pull request as ready for review May 29, 2024 02:26
@legobeat legobeat requested review from a team as code owners May 29, 2024 02:26
@legobeat legobeat requested a review from matthewwalsh0 May 29, 2024 02:27
@metamaskbot metamaskbot added the INVALID-PR-TEMPLATE PR's body doesn't match template label May 29, 2024
@legobeat legobeat force-pushed the dependencies-metamask-eth-token-tracker branch 4 times, most recently from c9fda40 to 23ea171 Compare May 29, 2024 04:00
@legobeat legobeat requested a review from a team May 29, 2024 09:05
@codecov Codecov
Copy link

codecov bot commented May 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.77%. Comparing base (0df1d57) to head (7415c93).

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #24855      +/-   ##
===========================================
- Coverage    65.77%   65.77%   -0.00%     
===========================================
  Files         1366     1366              
  Lines        54254    54254              
  Branches     14101    14101              
===========================================
- Hits         35685    35684       -1     
- Misses       18569    18570       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@legobeat legobeat force-pushed the dependencies-metamask-eth-token-tracker branch from 23ea171 to b15189d Compare May 29, 2024 10:45
@socket-security Socket Security
Copy link

socket-security bot commented May 29, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/@sentry/[email protected]
  • Install script: install
  • Source: node ./scripts/install.js
Network access npm/@sentry/[email protected]

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@legobeat
Copy link
Contributor Author

The @socket-security alert about npm/@sentry/[email protected] is unrelated to anything in this PR. I am not sure why it's coming up here. @naugtur

@legobeat legobeat force-pushed the dependencies-metamask-eth-token-tracker branch from b15189d to 7415c93 Compare May 29, 2024 11:10
@legobeat legobeat mentioned this pull request May 29, 2024
Merged
7 tasks
@legobeat legobeat requested a review from dbrans May 29, 2024 12:22
@legobeat legobeat merged commit eb95d86 into MetaMask:develop May 29, 2024
92 of 93 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators May 29, 2024
@benjisclowder benjisclowder added the release-12.0.0 Issue or pull request that will be included in release 12.0.0 label Jun 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@matthewwalsh0 matthewwalsh0 matthewwalsh0 approved these changes

@dbrans dbrans dbrans approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file INVALID-PR-TEMPLATE PR's body doesn't match template release-12.0.0 Issue or pull request that will be included in release 12.0.0 team-security
Projects
PR review queue
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@legobeat @dbrans @matthewwalsh0 @metamaskbot @benjisclowder