diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d29104fa..4a207154 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,4 @@ # Lines starting with '#' are comments. # Each line is a file pattern followed by one or more owners. -* @MetaMask/shared-libraries-engineers +* @MetaMask/wallet-framework-engineers diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml new file mode 100644 index 00000000..ced04497 --- /dev/null +++ b/.github/workflows/security-code-scanner.yml @@ -0,0 +1,43 @@ +name: 'MetaMask Security Code Scanner' + +on: + push: + branches: ['main'] + pull_request: + branches: ['main'] + +jobs: + run-security-scan: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: MetaMask Security Code Scanner + uses: MetaMask/Security-Code-Scanner@main + with: + repo: ${{ github.repository }} + paths_ignored: | + .storybook/ + '**/__snapshots__/' + '**/*.snap' + '**/*.stories.js' + '**/*.stories.tsx' + '**/*.test.browser.ts*' + '**/*.test.js*' + '**/*.test.ts*' + '**/fixtures/' + '**/jest.config.js' + '**/jest.environment.js' + '**/mocks/' + '**/test*/' + docs/ + e2e/ + merged-packages/ + node_modules + storybook/ + test*/ + rules_excluded: example + project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }} + slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }} diff --git a/CHANGELOG.md b/CHANGELOG.md index c33ecaf4..6cdaab68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [12.1.2] +### Fixed +- Update `@metamask/eth-block-tracker` from `^9.0.2` to `^9.0.3` ([#306](https://github.com/MetaMask/eth-json-rpc-middleware/pull/306)) + - Use updated versions of `@metamask/eth-json-rpc-engine` and `@metamask/eth-json-rpc-provider` +- Update `@metamask/eth-json-rpc-provider` from `^2.1.0` to `^3.0.2` ([#306](https://github.com/MetaMask/eth-json-rpc-middleware/pull/306)) + - Use updated version of `@metamask/eth-json-rpc-engine` +- Update `@metamask/json-rpc-engine` from `^7.1.1` to `^8.0.2` ([#306](https://github.com/MetaMask/eth-json-rpc-middleware/pull/306)) + - Maintenance updates + +## [12.1.1] +### Fixed +- Update from `eth-block-tracker@^8.0.0` to `@metamask/eth-block-tracker@^9.0.2` ([#303](https://github.com/MetaMask/eth-json-rpc-middleware/pull/303)) + - Mitigates polling-loop related concurrency issue in the block tracker. + ## [12.1.0] ### Added - Add `signatureMethod` property to `MessageParams` ([#273](https://github.com/MetaMask/eth-json-rpc-middleware/pull/273)) @@ -164,7 +178,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `json-rpc-engine@5.3.0` ([#53](https://github.com/MetaMask/eth-json-rpc-middleware/pull/53)) - `eth-rpc-errors@3.0.0` ([#55](https://github.com/MetaMask/eth-json-rpc-middleware/pull/55)) -[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.0...HEAD +[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.2...HEAD +[12.1.2]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.1...v12.1.2 +[12.1.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.0...v12.1.1 [12.1.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.0.1...v12.1.0 [12.0.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.0.0...v12.0.1 [12.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v11.0.2...v12.0.0 diff --git a/package.json b/package.json index 827f3f4f..0802b1b0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/eth-json-rpc-middleware", - "version": "12.1.0", + "version": "12.1.2", "description": "Ethereum-related json-rpc-engine middleware.", "repository": { "type": "git", @@ -28,12 +28,12 @@ "test:watch": "jest --watch" }, "dependencies": { - "@metamask/eth-json-rpc-provider": "^2.1.0", + "@metamask/eth-block-tracker": "^9.0.3", + "@metamask/eth-json-rpc-provider": "^3.0.2", "@metamask/eth-sig-util": "^7.0.0", - "@metamask/json-rpc-engine": "^7.1.1", + "@metamask/json-rpc-engine": "^8.0.2", "@metamask/rpc-errors": "^6.0.0", "@metamask/utils": "^8.1.0", - "eth-block-tracker": "^8.0.0", "klona": "^2.0.6", "pify": "^5.0.0", "safe-stable-stringify": "^2.4.3" diff --git a/src/block-cache.test.ts b/src/block-cache.test.ts index 3073161f..34744593 100644 --- a/src/block-cache.test.ts +++ b/src/block-cache.test.ts @@ -1,6 +1,6 @@ +import { PollingBlockTracker } from '@metamask/eth-block-tracker'; import { providerFromEngine } from '@metamask/eth-json-rpc-provider'; import { JsonRpcEngine } from '@metamask/json-rpc-engine'; -import { PollingBlockTracker } from 'eth-block-tracker'; import pify from 'pify'; import { createBlockCacheMiddleware } from '.'; diff --git a/src/block-cache.ts b/src/block-cache.ts index 5bfd7e47..cb4f48d7 100644 --- a/src/block-cache.ts +++ b/src/block-cache.ts @@ -1,6 +1,6 @@ +import type { PollingBlockTracker } from '@metamask/eth-block-tracker'; import { createAsyncMiddleware } from '@metamask/json-rpc-engine'; import type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils'; -import type { PollingBlockTracker } from 'eth-block-tracker'; import { projectLogger, createModuleLogger } from './logging-utils'; import type { diff --git a/src/block-ref-rewrite.ts b/src/block-ref-rewrite.ts index cdc993c8..95ff342c 100644 --- a/src/block-ref-rewrite.ts +++ b/src/block-ref-rewrite.ts @@ -1,7 +1,7 @@ +import type { PollingBlockTracker } from '@metamask/eth-block-tracker'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { createAsyncMiddleware } from '@metamask/json-rpc-engine'; import type { Json, JsonRpcParams } from '@metamask/utils'; -import type { PollingBlockTracker } from 'eth-block-tracker'; import { blockTagParamIndex } from './utils/cache'; diff --git a/src/block-ref.test.ts b/src/block-ref.test.ts index 89f8f7ce..2d5f8947 100644 --- a/src/block-ref.test.ts +++ b/src/block-ref.test.ts @@ -1,8 +1,8 @@ +import { PollingBlockTracker } from '@metamask/eth-block-tracker'; import { providerFromEngine } from '@metamask/eth-json-rpc-provider'; import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { JsonRpcEngine } from '@metamask/json-rpc-engine'; -import { PollingBlockTracker } from 'eth-block-tracker'; import { createBlockRefMiddleware } from '.'; import { diff --git a/src/block-ref.ts b/src/block-ref.ts index 0146ee12..949031c0 100644 --- a/src/block-ref.ts +++ b/src/block-ref.ts @@ -1,3 +1,4 @@ +import type { PollingBlockTracker } from '@metamask/eth-block-tracker'; import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { createAsyncMiddleware } from '@metamask/json-rpc-engine'; @@ -6,7 +7,6 @@ import type { JsonRpcParams, PendingJsonRpcResponse, } from '@metamask/utils'; -import type { PollingBlockTracker } from 'eth-block-tracker'; import { klona } from 'klona/full'; import pify from 'pify'; diff --git a/src/block-tracker-inspector.ts b/src/block-tracker-inspector.ts index eba414ec..6540cb28 100644 --- a/src/block-tracker-inspector.ts +++ b/src/block-tracker-inspector.ts @@ -1,3 +1,4 @@ +import type { PollingBlockTracker } from '@metamask/eth-block-tracker'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { createAsyncMiddleware } from '@metamask/json-rpc-engine'; import type { @@ -5,7 +6,6 @@ import type { JsonRpcParams, PendingJsonRpcResponse, } from '@metamask/utils'; -import type { PollingBlockTracker } from 'eth-block-tracker'; import { projectLogger, createModuleLogger } from './logging-utils'; diff --git a/src/retryOnEmpty.test.ts b/src/retryOnEmpty.test.ts index b219b23c..27fefb3c 100644 --- a/src/retryOnEmpty.test.ts +++ b/src/retryOnEmpty.test.ts @@ -1,10 +1,10 @@ +import { PollingBlockTracker } from '@metamask/eth-block-tracker'; import { providerFromEngine } from '@metamask/eth-json-rpc-provider'; import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { JsonRpcEngine } from '@metamask/json-rpc-engine'; import { errorCodes, rpcErrors } from '@metamask/rpc-errors'; import type { Json, JsonRpcParams, JsonRpcRequest } from '@metamask/utils'; -import { PollingBlockTracker } from 'eth-block-tracker'; import { createRetryOnEmptyMiddleware } from '.'; import type { ProviderRequestStub } from '../test/util/helpers'; diff --git a/src/retryOnEmpty.ts b/src/retryOnEmpty.ts index b777f8c2..79d34a71 100644 --- a/src/retryOnEmpty.ts +++ b/src/retryOnEmpty.ts @@ -1,3 +1,4 @@ +import type { PollingBlockTracker } from '@metamask/eth-block-tracker'; import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider'; import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine'; import { createAsyncMiddleware } from '@metamask/json-rpc-engine'; @@ -6,7 +7,6 @@ import type { JsonRpcParams, PendingJsonRpcResponse, } from '@metamask/utils'; -import type { PollingBlockTracker } from 'eth-block-tracker'; import { klona } from 'klona/full'; import pify from 'pify'; diff --git a/yarn.lock b/yarn.lock index 48be516a..7a232982 100644 --- a/yarn.lock +++ b/yarn.lock @@ -928,6 +928,19 @@ __metadata: languageName: node linkType: hard +"@metamask/eth-block-tracker@npm:^9.0.3": + version: 9.0.3 + resolution: "@metamask/eth-block-tracker@npm:9.0.3" + dependencies: + "@metamask/eth-json-rpc-provider": ^3.0.2 + "@metamask/safe-event-emitter": ^3.0.0 + "@metamask/utils": ^8.1.0 + json-rpc-random-id: ^1.0.1 + pify: ^5.0.0 + checksum: edd3d59a0416752d90c8e2d8c10c31635dbe3eb323fcb054c401528afe4cbbb6a5a85aedd6ffee4a504d9779656bfab027f2274fd95981c90bf56b6f565dbca2 + languageName: node + linkType: hard + "@metamask/eth-json-rpc-middleware@workspace:.": version: 0.0.0-use.local resolution: "@metamask/eth-json-rpc-middleware@workspace:." @@ -939,9 +952,10 @@ __metadata: "@metamask/eslint-config-jest": ^12.1.0 "@metamask/eslint-config-nodejs": ^12.1.0 "@metamask/eslint-config-typescript": ^12.1.0 - "@metamask/eth-json-rpc-provider": ^2.1.0 + "@metamask/eth-block-tracker": ^9.0.3 + "@metamask/eth-json-rpc-provider": ^3.0.2 "@metamask/eth-sig-util": ^7.0.0 - "@metamask/json-rpc-engine": ^7.1.1 + "@metamask/json-rpc-engine": ^8.0.2 "@metamask/rpc-errors": ^6.0.0 "@metamask/utils": ^8.1.0 "@types/btoa": ^1.2.3 @@ -958,7 +972,6 @@ __metadata: eslint-plugin-n: ^15.7.0 eslint-plugin-prettier: ^4.2.1 eslint-plugin-promise: ^6.1.1 - eth-block-tracker: ^8.0.0 jest: ^27.5.1 klona: ^2.0.6 pify: ^5.0.0 @@ -972,14 +985,14 @@ __metadata: languageName: unknown linkType: soft -"@metamask/eth-json-rpc-provider@npm:^2.1.0": - version: 2.3.1 - resolution: "@metamask/eth-json-rpc-provider@npm:2.3.1" +"@metamask/eth-json-rpc-provider@npm:^3.0.2": + version: 3.0.2 + resolution: "@metamask/eth-json-rpc-provider@npm:3.0.2" dependencies: - "@metamask/json-rpc-engine": ^7.3.1 + "@metamask/json-rpc-engine": ^8.0.2 "@metamask/safe-event-emitter": ^3.0.0 - "@metamask/utils": ^8.2.0 - checksum: fa0a987eb7e0dcff495489e95c358f6786a4a793a42ac900bb022027d27e6534ded743092e79a2191b9b4d760f418f39f6cfb99a5a5a0085f252016579be6865 + "@metamask/utils": ^8.3.0 + checksum: 0321eaad6fa205a9d3ddcfaf28e63c05291614893cb2e116151185a4acbd6bb6a508d6e556b3cb8bc4d3caef4bf0a638202d9b6bdc127fbcb81715eb2660a809 languageName: node linkType: hard @@ -997,24 +1010,24 @@ __metadata: languageName: node linkType: hard -"@metamask/json-rpc-engine@npm:^7.1.1, @metamask/json-rpc-engine@npm:^7.3.1": - version: 7.3.1 - resolution: "@metamask/json-rpc-engine@npm:7.3.1" +"@metamask/json-rpc-engine@npm:^8.0.2": + version: 8.0.2 + resolution: "@metamask/json-rpc-engine@npm:8.0.2" dependencies: - "@metamask/rpc-errors": ^6.1.0 + "@metamask/rpc-errors": ^6.2.1 "@metamask/safe-event-emitter": ^3.0.0 - "@metamask/utils": ^8.2.0 - checksum: 4952eb4e70c0011d334fb4a9bf56aa2d68bef745c892dddd06f6ed7e6303fb95b3b60b4e32c88b6d77bfc5091acc8e71ad274f389419e4bdcc5741ef49cde87d + "@metamask/utils": ^8.3.0 + checksum: c240d298ad503d93922a94a62cf59f0344b6d6644a523bc8ea3c0f321bea7172b89f2747a5618e2861b2e8152ae5086b76f391a10e4566529faa50b8850c051d languageName: node linkType: hard -"@metamask/rpc-errors@npm:^6.0.0, @metamask/rpc-errors@npm:^6.1.0": - version: 6.1.0 - resolution: "@metamask/rpc-errors@npm:6.1.0" +"@metamask/rpc-errors@npm:^6.0.0, @metamask/rpc-errors@npm:^6.2.1": + version: 6.2.1 + resolution: "@metamask/rpc-errors@npm:6.2.1" dependencies: - "@metamask/utils": ^8.1.0 + "@metamask/utils": ^8.3.0 fast-safe-stringify: ^2.0.6 - checksum: 9f4821d804e2fcaa8987b0958d02c6d829b7c7db49740c811cb593f381d0c4b00dabb7f1802907f1b2f6126f7c0d83ec34219183d29650f5d24df014ac72906a + checksum: a9223c3cb9ab05734ea0dda990597f90a7cdb143efa0c026b1a970f2094fe5fa3c341ed39b1e7623be13a96b98fb2c697ef51a2e2b87d8f048114841d35ee0a9 languageName: node linkType: hard @@ -1025,9 +1038,9 @@ __metadata: languageName: node linkType: hard -"@metamask/utils@npm:^8.0.0, @metamask/utils@npm:^8.1.0, @metamask/utils@npm:^8.2.0": - version: 8.2.1 - resolution: "@metamask/utils@npm:8.2.1" +"@metamask/utils@npm:^8.0.0, @metamask/utils@npm:^8.1.0, @metamask/utils@npm:^8.3.0": + version: 8.4.0 + resolution: "@metamask/utils@npm:8.4.0" dependencies: "@ethereumjs/tx": ^4.2.0 "@noble/hashes": ^1.3.1 @@ -1037,7 +1050,8 @@ __metadata: pony-cause: ^2.1.10 semver: ^7.5.4 superstruct: ^1.0.3 - checksum: 36a714a17e4949d2040bedb28d4373a22e7e86bb797aa2d59223f9799fd76e662443bcede113719c4e200f5e9d90a9d62feafad5028fff8b9a7a85fface097ca + uuid: ^9.0.1 + checksum: b0397e97bac7192f6189a8625a2dfcb56d3c2cf4dd2cb3d4e012a7e9786f04f59f6917805544bc131a6dacd2c8344e237ae43ad47429bb5eb35c6cf1248440b4 languageName: node linkType: hard @@ -3046,19 +3060,6 @@ __metadata: languageName: node linkType: hard -"eth-block-tracker@npm:^8.0.0": - version: 8.0.0 - resolution: "eth-block-tracker@npm:8.0.0" - dependencies: - "@metamask/eth-json-rpc-provider": ^2.1.0 - "@metamask/safe-event-emitter": ^3.0.0 - "@metamask/utils": ^8.1.0 - json-rpc-random-id: ^1.0.1 - pify: ^5.0.0 - checksum: 3416c2ee653f81d1f71f3a9b80e04837fb516494f64ded45c053dfc24c6c6ce8dac7e5b8376cd57f52838f43a93d20a8e17d4d875e50d1e4c267543ffe0e6ad8 - languageName: node - linkType: hard - "ethereum-cryptography@npm:^2.0.0, ethereum-cryptography@npm:^2.1.2": version: 2.1.2 resolution: "ethereum-cryptography@npm:2.1.2" @@ -6695,6 +6696,15 @@ __metadata: languageName: node linkType: hard +"uuid@npm:^9.0.1": + version: 9.0.1 + resolution: "uuid@npm:9.0.1" + bin: + uuid: dist/bin/uuid + checksum: 39931f6da74e307f51c0fb463dc2462807531dc80760a9bff1e35af4316131b4fc3203d16da60ae33f07fdca5b56f3f1dd662da0c99fea9aaeab2004780cc5f4 + languageName: node + linkType: hard + "v8-compile-cache-lib@npm:^3.0.1": version: 3.0.1 resolution: "v8-compile-cache-lib@npm:3.0.1"