chore(devDeps): Use updated fork of oss-attribution-generator

[legobeat]

Description

This package was last updated in 2018, by now over 5 years ago.
This replaces it with an updated fork with several obsolete dependencies removed or updated.

npmdiff

Blocked by

• 2.0.0 oss-attribution-generator#11

Checklist

• Tests are included if applicable
• Any added code is fully documented

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: license-checker@25.0.1, @metamask/oss-attribution-generator@2.0.1

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

[legobeat]

@github-actions: Not stale but waiting for MetaMask/oss-attribution-generator#7

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@metamask/oss-attribution-generator	2.0.1	shell	+10	372 kB

🚮 Removed packages: oss-attribution-generator@1.7.1

[legobeat]

@SocketSecurity ignore license-checker@25.0.1

shell access ok

[codecov-commenter]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (13130e3) 34.61% compared to head (a458d40) 34.61%.
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6306   +/-   ##
=======================================
  Coverage   34.61%   34.61%           
=======================================
  Files        1019     1019           
  Lines       27193    27193           
  Branches     2218     2218           
=======================================
  Hits         9413     9413           
  Misses      17289    17289           
  Partials      491      491           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[leotm]

awesome work 💪 and thx for tidying up the resolutions

noticed on main running yarn build:attribution and yarn test:attribution-check

# ...
processing zip-stream@4.1.0
processing zip-stream for authors and licenseText
processing zxcvbn@4.4.2
processing zxcvbn for authors and licenseText
@metamask/react-native-button: unable to locate package.json
error Command failed with exit code 1.

and https://github.com/MetaMask/metamask-mobile/blob/main/attribution.txt hasn't been updated since last year (cc @wachunei spotted last update was yours), so this could be why
but not worth raising as a v1.7.1 issue since being replaced by v2.0.0

then in this pr (v2.0.0) running yarn build:attribution and yarn test:attribution-check

# ...
processing @metamask/preferences-controller for authors and licenseText
processing @metamask/preferences-controller@4.4.0
processing @metamask/preferences-controller for authors and licenseText
processing @metamask/react-native-button@2.3.0
TypeError: Assignment to constant variable.
    at Object.<anonymous> (/Users/leo/Documents/GitHub/metamask-mobile/node_modules/@metamask/oss-attribution-generator/index.js:115:31)
    at Array.map (<anonymous>)
    at /Users/leo/Documents/GitHub/metamask-mobile/node_modules/@metamask/oss-attribution-generator/index.js:105:35
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
error Command failed with exit code 1.

so perhaps worth raising an issue to fix in v2.0.1 then update to that as follow-up?

[legobeat]

@leotm Good catches!

• Lifting this to draft pending 2.0.1 oss-attribution-generator#18
• Re @metamask/react-native-button, seems to stem from misnamed package (@metamask/react-native-button vs react-native-button). Should be addressed, separately.
  • Release v3.0.0 react-native-button#5
  • fix: fix require misname of @metamask/react-native-button #7530

[legobeat]

@SocketSecurity ignore @metamask/oss-attribution-generator@2.0.1