-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: always use snaps to resolve domains; include preinstalled ENS resolver snap #26242
Conversation
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
5962a95
to
81fb9c0
Compare
…esolver snap fixes MetaMask/MetaMask-planning#2403 Signed-off-by: Mircea Nistor <[email protected]>
81fb9c0
to
19fbf60
Compare
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
70e86ff
to
5cf7905
Compare
…straction/contracts Signed-off-by: Mircea Nistor <[email protected]>
5cf7905
to
6682719
Compare
@SocketSecurity ignore npm/@metamask/[email protected] |
…enerated on CI Signed-off-by: Mircea Nistor <[email protected]>
534452a
to
962b056
Compare
Signed-off-by: Mircea Nistor <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #26242 +/- ##
===========================================
+ Coverage 69.96% 70.05% +0.09%
===========================================
Files 1442 1442
Lines 50100 50009 -91
Branches 14006 13965 -41
===========================================
- Hits 35049 35029 -20
+ Misses 15051 14980 -71 ☔ View full report in Codecov by Sentry. |
@@ -560,6 +561,7 @@ | |||
"eslint-plugin-react-hooks": "^4.2.0", | |||
"eslint-plugin-storybook": "^0.6.15", | |||
"eta": "^3.2.0", | |||
"ethers": "5.7.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not directly used, but expected by @account-abstraction/contracts
during tests.
Without this, tests would fail as the transitive ethers v6+ would get used.
Builds ready [83e07e3]
Page Load Metrics (539 ± 370 ms)
Bundle size diffs [🚀 Bundle size reduced!]
|
…2403-resolve-on-l2 # Conflicts: # lavamoat/browserify/beta/policy.json # lavamoat/browserify/flask/policy.json # lavamoat/browserify/main/policy.json # lavamoat/browserify/mmi/policy.json
Signed-off-by: Mircea Nistor <[email protected]>
Builds ready [546b2bc]
Page Load Metrics (319 ± 271 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
ui/pages/confirmations/send/send-content/add-recipient/domain-input.container.js
Outdated
Show resolved
Hide resolved
…2403-resolve-on-l2
…2403-resolve-on-l2
…2403-resolve-on-l2 # Conflicts: # app/_locales/en/messages.json
e88bd56
to
572c18a
Compare
Signed-off-by: Mircea Nistor <[email protected]>
Signed-off-by: Mircea Nistor <[email protected]>
This reverts commit 606b389.
…2403-resolve-on-l2
@metamaskbot update-policies |
No policy changes |
Builds ready [0afeb71]
Page Load Metrics (1746 ± 80 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
…2403-resolve-on-l2 # Conflicts: # lavamoat/browserify/beta/policy.json # lavamoat/browserify/flask/policy.json # lavamoat/browserify/main/policy.json # lavamoat/browserify/mmi/policy.json
Signed-off-by: Mircea Nistor <[email protected]>
Quality Gate passedIssues Measures |
Builds ready [2dcdfe4]
Page Load Metrics (1744 ± 53 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change in files owned by confirmations team look good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm (strictly policies):
- new globals:
fetch
andWebSocket
introduced by a different version of the pkg (so they're not new)define
is also already used previously- could not find other new globals that may be risky
- new
packages
- packages consumption seems fine too, just a reorg
- I only checked
main/policy.json
, assuming the rest are similar (worth a check @mirceanis)
Description
The embedded ENS resolution logic is being replaced by snaps that use
endowment:name-lookup
.This change-set also includes a preinstalled snap that does ENS resolution including ENS multi-coin functionality.
The ENS resolver snap will use the Ethereum provider from the extension on Ethereum mainnet and ENS supported testnets and will revert to an Infura JSON-RPC when the extension is connected to other networks. On other networks it tries to resolve the network-specific ENS address and if none exists will try to resolve the mainnet address (with a⚠️ warning) as long as that address appears to be an externally owned account.
Most of the relevant changes are in
domains.js
.Since the preinstalled snap uses ethers v6 while the extension depends on ethers v5.7 there are some changes in the lavamoat policies. Also, the more recent ethers version requires a different set of mocks, requiring a small change in the e2e test.
Related issues
fixes https://github.com/MetaMask/MetaMask-planning/issues/2403
closes #18035
fixes #18648
fixes #22797
fixes #8556
fixes MetaMask/specifications#11
Manual testing steps
No resolution for domain provided.
error.Screenshots/Recordings
Before
After
after.mov
Pre-merge author checklist
Pre-merge reviewer checklist