Merged
Conversation
Remove non-consumer Uncategorized entries from the 13.2.0 section. Made-with: Cursor
…roller bump Add missing Unreleased entry for the ramps-controller ^13.1.0 → ^13.2.0 dependency bump. Made-with: Cursor
Made-with: Cursor
mcmire
reviewed
Apr 15, 2026
Austrie
approved these changes
Apr 15, 2026
saustrie-consensys
approved these changes
Apr 15, 2026
7 tasks
github-merge-queue bot
pushed a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 16, 2026
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Bumps `@metamask/ramps-controller` from `^13.1.0` to `^13.2.0` to pick up the `TransakService.verifyUserOtp` no-retry policy fix (TRAM-3442). **What changed in ramps-controller 13.2.0:** - **Fixed** — `TransakService.verifyUserOtp` no longer retries on failure, preventing single-use OTP attempts from being silently consumed when consumers configure a non-zero `maxRetries` in `policyOptions` ([core#8468](MetaMask/core#8468)) - **Changed** — Bump `@metamask/base-controller` from `^9.0.1` to `^9.1.0` ([core#8457](MetaMask/core#8457)) **Core release PR:** MetaMask/core#8476 **Scope of this PR:** bumps the `@metamask/ramps-controller` dependency version in `package.json`. No mobile source code changes. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: [TRAM-3442](https://consensyssoftware.atlassian.net/browse/TRAM-3442) ## **Manual testing steps** ```gherkin Feature: OTP verification no-retry policy Scenario: user enters an invalid OTP during Transak onramp Given user has initiated a Transak fiat-to-crypto purchase And user has received an OTP via SMS/email When user enters an incorrect OTP code Then the app surfaces the verification failure immediately And no automatic retry is performed against the Transak API And the user's remaining OTP attempt count decrements by exactly one Scenario: user enters a valid OTP during Transak onramp Given user has initiated a Transak fiat-to-crypto purchase And user has received an OTP via SMS/email When user enters the correct OTP code Then verification succeeds on the first attempt And the onramp flow proceeds to the next step ``` ## **Screenshots/Recordings** N/A — dependency bump only, no UI changes. ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable — N/A, dependency bump only - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable — N/A - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [TRAM-3442]: https://consensyssoftware.atlassian.net/browse/TRAM-3442?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Dependency-only change, but it impacts the fiat ramps stack; behavior changes in the controller could affect onramp/offramp flows and should be smoke-tested. > > **Overview** > Updates the `@metamask/ramps-controller` dependency from `^13.1.0` to `^13.2.0`. > > Regenerates `yarn.lock` to pull in `@metamask/ramps-controller@13.2.0` and its updated transitive deps (notably `@metamask/base-controller@9.1.0` / `@metamask/messenger@^1.1.1`), with no application source changes. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9ea81a7. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Darius Costolas <10818970+meltingice1337@users.noreply.github.com> Co-authored-by: Amitabh Aggarwal <aggarwal.amitabh@gmail.com>
github-merge-queue bot
pushed a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 16, 2026
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Bumps `@metamask/ramps-controller` from `^13.1.0` to `^13.2.0` to pick up the `TransakService.verifyUserOtp` no-retry policy fix (TRAM-3442). **What changed in ramps-controller 13.2.0:** - **Fixed** — `TransakService.verifyUserOtp` no longer retries on failure, preventing single-use OTP attempts from being silently consumed when consumers configure a non-zero `maxRetries` in `policyOptions` ([core#8468](MetaMask/core#8468)) - **Changed** — Bump `@metamask/base-controller` from `^9.0.1` to `^9.1.0` ([core#8457](MetaMask/core#8457)) **Core release PR:** MetaMask/core#8476 **Scope of this PR:** bumps the `@metamask/ramps-controller` dependency version in `package.json`. No mobile source code changes. ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: [TRAM-3442](https://consensyssoftware.atlassian.net/browse/TRAM-3442) ## **Manual testing steps** ```gherkin Feature: OTP verification no-retry policy Scenario: user enters an invalid OTP during Transak onramp Given user has initiated a Transak fiat-to-crypto purchase And user has received an OTP via SMS/email When user enters an incorrect OTP code Then the app surfaces the verification failure immediately And no automatic retry is performed against the Transak API And the user's remaining OTP attempt count decrements by exactly one Scenario: user enters a valid OTP during Transak onramp Given user has initiated a Transak fiat-to-crypto purchase And user has received an OTP via SMS/email When user enters the correct OTP code Then verification succeeds on the first attempt And the onramp flow proceeds to the next step ``` ## **Screenshots/Recordings** N/A — dependency bump only, no UI changes. ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable — N/A, dependency bump only - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable — N/A - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [TRAM-3442]: https://consensyssoftware.atlassian.net/browse/TRAM-3442?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Dependency-only change, but it impacts the fiat ramps stack; behavior changes in the controller could affect onramp/offramp flows and should be smoke-tested. > > **Overview** > Updates the `@metamask/ramps-controller` dependency from `^13.1.0` to `^13.2.0`. > > Regenerates `yarn.lock` to pull in `@metamask/ramps-controller@13.2.0` and its updated transitive deps (notably `@metamask/base-controller@9.1.0` / `@metamask/messenger@^1.1.1`), with no application source changes. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9ea81a7. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Darius Costolas <10818970+meltingice1337@users.noreply.github.com> Co-authored-by: Amitabh Aggarwal <aggarwal.amitabh@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release 917.0.0
@metamask/ramps-controller 13.2.0
Fixed
TransakService.verifyUserOtpno longer retries on failure, preventing single-use OTP attempts from being silently consumed when consumers configure a non-zeromaxRetriesinpolicyOptions(#8468)Changed
@metamask/base-controllerfrom^9.0.1to^9.1.0(#8457)Other
@metamask/transaction-pay-controllerdependency on@metamask/ramps-controllerto^13.2.0Note
Low Risk
This is a version-bump/release bookkeeping change (package versions, changelogs, lockfile) with no runtime logic modifications in this PR.
Overview
Bumps the monorepo version to
917.0.0and publishes@metamask/ramps-controller13.2.0(changelog entry + package version).Updates
@metamask/transaction-pay-controllerto depend on@metamask/ramps-controller@^13.2.0, with correspondingCHANGELOG.mdandyarn.lockupdates.Reviewed by Cursor Bugbot for commit f358ba9. Bugbot is set up for automated code reviews on this repo. Configure here.