Conversation
Member
Author
|
@metamaskbot update-changelogs |
|
✅ No changelog changes needed. |
jpuri
approved these changes
May 4, 2026
pull Bot
pushed a commit
to dmrazzy/core
that referenced
this pull request
May 4, 2026
## Explanation This pull request publishes **monorepo release `956.0.0`** from branch `release/956.0.0`. **Current state** - `main` already contained `Release/955.0.0` and the feature work for passkey post-registration verification ([MetaMask#8663](MetaMask#8663)). - A release branch was cut and completed with the standard **Initialize Release** / **Update Release** commits so package changelogs and workspace metadata match the release. **What this PR delivers** - Bumps the root workspace `package.json` version to **`956.0.0`**. - Releases **`@metamask/passkey-controller@2.0.0`**, which adds **post-registration authentication** (`generatePostRegistrationAuthenticationOptions`) and tightens enrollment so the vault wrapping key is derived from that assertion. Enrollment is now a **four-step WebAuthn path** (create → post-registration `get()` options → `get()` → `protectVaultKeyWithPasskey` with required `authenticationResponse`), replacing the previous flow where `protectVaultKeyWithPasskey` could complete enrollment without that step. - **Breaking changes** for passkey consumers: `rpID` → `expectedRPID` / `expectedRPIDs`, verification helpers updated for `expectedRPIDs: string[]`, and `already_enrolled` when enrolling while a passkey is already enrolled. Full detail is in `packages/passkey-controller/CHANGELOG.md` under `[2.0.0]`. **Note for reviewers** - Many `CHANGELOG.md` files are touched by **Update Release** for workspace-wide changelog housekeeping; the only **`package.json` version bump** besides the root is **`packages/passkey-controller`** (to `2.0.0`). ## References - Passkey enrollment / verification feature: [MetaMask#8663](MetaMask#8663) - Prior release on `main`: `Release/955.0.0` ([MetaMask#8671](MetaMask#8671)) - Changelog process: [Updating changelogs](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - Breaking changes process: [Breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) <!-- Add links to client/extension PRs that adopt `@metamask/passkey-controller@2.0.0` if applicable --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Mostly release metadata, but it publishes `@metamask/passkey-controller@2.0.0` with documented breaking API/enrollment-flow changes that will impact downstream consumers if adopted without updates. > > **Overview** > Bumps the root workspace version to `956.0.0`. > > Publishes `@metamask/passkey-controller@2.0.0` by updating its package version and changelog, including **breaking** documented changes to passkey enrollment/verification APIs (e.g., post-registration authentication step, `rpID` → `expectedRPIDs`, and new `already_enrolled` error code). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ad0f2ae. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
Release
955.0.0with a major version bump for:@metamask/transaction-pay-controller20.2.0→21.0.0@metamask/transaction-pay-controller@21.0.0Breaking: Narrow
AllowedActionstype to use individual action types instead of compound controller action unions (BridgeControllerActions,BridgeStatusControllerActions,CurrencyRateControllerActions,GasFeeControllerActions)Other changes:
assetId,providers, andfiattoRampsController:getQuotesand persist the selected ramps quote onTransactionFiatPaymentDependency updates
No packages depend on
@metamask/transaction-pay-controller, so no dependency range updates were needed.References
AllowedActionsto individual action types (BREAKING)RampsController:getQuotesand persistrampsQuoteChecklist
Note
Medium Risk
This is primarily a release/versioning PR, but it publishes
@metamask/transaction-pay-controller@21.0.0which includes a documented breakingAllowedActionstype change that may require consumer updates.Overview
Bumps the monorepo version to
955.0.0and releases@metamask/transaction-pay-controllerfrom20.2.0to21.0.0.Updates the
transaction-pay-controllerchangelog with the21.0.0release notes, including a breaking narrowing of theAllowedActionstype, plus Gas Station support for Across source transactions and a ramps quoting fix.Reviewed by Cursor Bugbot for commit 3a003ea. Bugbot is set up for automated code reviews on this repo. Configure here.