chore: bump `@metamask/{transaction, approval}-controller` #333

mikesposito · 2024-10-23T11:14:43Z

See changelogs for details on changes we are pulling in:

socket-security · 2024-10-23T11:15:04Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/code-frame@7.26.2	None	`0`	33.2 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/compat-data@7.26.2	None	`0`	66.4 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/core@7.26.0	Transitive: environment	`+1`	3.34 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/generator@7.26.2	None	`+1`	2.44 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helper-compilation-targets@7.25.9	None	`+2`	84 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helper-module-imports@7.25.9	None	`0`	63.7 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helper-module-transforms@7.26.0	None	`0`	161 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helper-string-parser@7.25.9	None	`0`	31.8 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helper-validator-identifier@7.25.9	None	`0`	48.3 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.25.9	None	`0`	11.8 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/helpers@7.26.0	None	`0`	863 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/template@7.25.9	None	`0`	70.3 kB	nicolo-ribaudo
npm/@babel/traverse@7.25.9	None	`0`	672 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@endo/env-options@1.1.7	None	`0`	28.2 kB	kriskowal
npm/@keystonehq/alias-sampling@0.1.2	None	`0`	10.3 kB	keystoneorg
npm/@keystonehq/base-eth-keyring@0.14.1	environment	`+1`	182 kB	soralit
npm/@keystonehq/bc-ur-registry-eth@0.19.1	environment	`0`	95.5 kB	soralit
npm/@keystonehq/bc-ur-registry@0.6.4	None	`0`	256 kB	liyanlance
npm/@keystonehq/metamask-airgapped-keyring@0.14.1	environment	`0`	65 kB	soralit
npm/@metamask/accounts-controller@18.2.3	None	`0`	267 kB	metamaskbot
npm/@metamask/approval-controller@7.1.1	None	`0`	221 kB	metamaskbot
npm/@metamask/browser-passworder@4.3.0	None	`+1`	749 kB	metamaskbot
npm/@metamask/eth-hd-keyring@7.0.4	None	`0`	59.4 kB	metamaskbot
npm/@metamask/eth-simple-keyring@6.0.5	None	`+1`	750 kB	metamaskbot
npm/@metamask/eth-snap-keyring@4.4.0	Transitive: network	`+2`	1.38 MB
npm/@metamask/ethjs-contract@0.4.1	None	`+1`	850 kB	lgbot
npm/@metamask/ethjs-filter@0.3.0	None	`0`	77.3 kB	lgbot
npm/@metamask/ethjs-format@0.3.0	None	`0`	592 kB	lgbot
npm/@metamask/ethjs-query@0.7.1	None	`0`	616 kB	lgbot
npm/@metamask/ethjs-rpc@0.4.0	None	`0`	86.8 kB	metamaskbot
npm/@metamask/ethjs-util@0.3.0	None	`0`	228 kB	lgbot
npm/@metamask/json-rpc-middleware-stream@8.0.5	None	`0`	49.9 kB	metamaskbot
npm/@metamask/key-tree@9.1.2	None	`+1`	922 kB	metamaskbot
npm/@metamask/keyring-api@8.1.3	None	`+1`	262 kB	metamaskbot
npm/@metamask/keyring-controller@17.3.1	None	`+3`	1.73 MB	metamaskbot
npm/@metamask/message-manager@11.0.1	None	`0`	210 kB	metamaskbot
npm/@metamask/nonce-tracker@6.0.0	None	`+1`	79 kB	lgbot
npm/@metamask/object-multiplex@2.1.0	None	`0`	13.9 kB	lgbot
npm/@metamask/obs-store@9.1.0	None	`0`	28.4 kB	lgbot
npm/@metamask/permission-controller@11.0.3	Transitive: network	`+1`	1.17 MB	metamaskbot
npm/@metamask/phishing-controller@12.3.0	network	`0`	320 kB	metamaskbot
npm/@metamask/post-message-stream@8.1.1	Transitive: environment	`+1`	200 kB	gudahtt
npm/@metamask/providers@18.1.1	None	`0`	439 kB	metamaskbot
npm/@metamask/scure-bip39@2.1.1	None	`+1`	936 kB	metamaskbot
npm/@metamask/slip44@4.1.0	None	`0`	138 kB	metamaskbot
npm/@metamask/snaps-controllers@9.12.0	None	`+1`	1.81 MB	danfinlay, gudahtt, kumavis, ...7 more
npm/@metamask/snaps-registry@3.2.2	None	`0`	54.6 kB	danfinlay, gudahtt, kumavis, ...7 more
npm/@metamask/snaps-rpc-methods@11.5.1	None	`0`	1.23 MB	metamaskbot
npm/@metamask/snaps-utils@8.5.1	None	`0`	0 B
npm/@metamask/transaction-controller@37.3.0	network	`+1`	2.3 MB	metamaskbot
npm/@ngraveio/bc-ur@1.1.13	None	`+1`	145 kB	xardasss
npm/@types/deep-freeze-strict@1.1.2	None	`0`	2.75 kB	types
npm/@types/punycode@2.1.4	None	`0`	2.8 kB	types
npm/@types/readable-stream@4.0.18	None	`+1`	63.4 kB	types
npm/@xstate/fsm@2.1.0	environment	`0`	57.1 kB	xstate-release-bot
npm/aes-js@3.1.2	None	`0`	80.5 kB	ricmoo
npm/assert@2.1.0	None	`0`	82.1 kB	ljharb
npm/b4a@1.6.7	None	`0`	41 kB	kasperisager
npm/bare-events@2.5.0	None	`0`	20.2 kB	kasperisager
npm/base64-js@1.5.1	None	`0`	9.62 kB	feross
npm/browserify-zlib@0.2.0	None	`0`	192 kB	dignifiedquire
npm/browserslist@4.24.2	None	`0`	64.2 kB	ai
npm/buffer@5.7.1	None	`0`	82.5 kB	feross
npm/caniuse-lite@1.0.30001677	None	`0`	2.13 MB	ai, beneb, caniuse-lite
npm/cbor-sync@1.0.4	None	`0`	34.8 kB	thegecko
npm/concat-stream@2.0.0	None	`0`	9.56 kB	mafintosh
npm/crc@3.8.0	None	`0`	94.3 kB	alexgorbatchev
npm/cron-parser@4.9.0	filesystem	`0`	54.2 kB	harrisiirak
npm/deep-freeze-strict@1.1.1	None	`0`	3.81 kB	jsdf
npm/detect-browser@5.3.0	None	`0`	27 kB	damonoehlman
npm/electron-to-chromium@1.5.51	None	`0`	151 kB	kilianvalkhof
npm/eth-method-registry@4.0.0	None	`0`	12.7 kB	lgbot
npm/ethereumjs-wallet@1.0.2	None	`+3`	1.24 MB	ralxz
npm/extension-port-stream@4.2.0	None	`0`	8.69 kB	lgbot
npm/fast-fifo@1.3.2	None	`0`	5.07 kB	mafintosh
npm/fast-xml-parser@4.5.0	None	`0`	174 kB	amitgupta
npm/fastest-levenshtein@1.0.16	None	`0`	21.3 kB	ka-weihe
npm/get-npm-tarball-url@2.1.0	None	`0`	8.52 kB	zkochan
npm/hdkey@2.1.0	None	`0`	15.3 kB	ryanzim
npm/ieee754@1.2.1	None	`0`	6.8 kB	feross
npm/is-arguments@1.1.1	None	`0`	28.8 kB	ljharb
npm/is-generator-function@1.0.10	eval	`0`	31.9 kB	ljharb
npm/is-nan@1.3.2	None	`0`	10.8 kB	ljharb
npm/jsbi@3.2.5	None	`0`	322 kB	google-wombot
npm/jsesc@3.0.2	None	`0`	31.7 kB	mathias
npm/jsonschema@1.4.1	None	`0`	81.8 kB	acubed
npm/luxon@3.5.0	None	`0`	4.48 MB	icambron
npm/marked@12.0.2	None	`0`	924 kB	tonybrix
npm/node-gyp-build@4.8.2	environment, filesystem	`0`	13.6 kB	mafintosh
npm/object-is@1.1.6	None	`0`	27 kB	ljharb
npm/pako@1.0.11	None	`0`	788 kB	vitaly
npm/queue-tick@1.0.1	None	`0`	3.03 kB	mafintosh
npm/readable-web-to-node-stream@3.0.2	None	`0`	15.9 kB	borewit
npm/rfdc@1.4.1	None	`0`	27.1 kB	matteo.collina
npm/ses@1.9.1	None	`0`	3.49 MB	kriskowal
npm/streamx@2.20.1	None	`0`	50.8 kB	mafintosh
npm/strnum@1.0.5	None	`0`	17.7 kB	amitgupta
npm/tar-stream@3.1.7	filesystem	`0`	32 kB	mafintosh
npm/text-decoder@1.2.1	None	`0`	17.3 kB	kasperisager, mafintosh
npm/typedarray@0.0.6	None	`0`	26 kB	substack
npm/update-browserslist-db@1.1.1	environment, filesystem, shell	`+2`	33.5 kB	ai
npm/utf8@3.0.0	None	`0`	11.2 kB	mathias
npm/util@0.12.5	environment	`0`	33.7 kB	goto-bus-stop

🚮 Removed packages: npm/@babel/compat-data@7.25.4, npm/@babel/core@7.25.2, npm/@babel/generator@7.25.5, npm/@babel/helper-compilation-targets@7.25.2, npm/@babel/helper-module-imports@7.24.7, npm/@babel/helper-module-transforms@7.25.2, npm/@babel/helper-simple-access@7.24.7, npm/@babel/helper-string-parser@7.24.8, npm/@babel/helper-validator-identifier@7.24.7, npm/@babel/helper-validator-option@7.24.8, npm/@babel/helpers@7.25.0, npm/@babel/highlight@7.24.7, npm/@babel/parser@7.25.4, npm/@babel/template@7.25.0, npm/@babel/traverse@7.25.4, npm/@metamask/approval-controller@5.1.3, npm/@metamask/ethjs-contract@0.3.4, npm/@metamask/ethjs-filter@0.2.0, npm/@metamask/ethjs-format@0.2.9, npm/@metamask/ethjs-provider-http@0.2.0, npm/@metamask/ethjs-query@0.5.3, npm/@metamask/ethjs-rpc@0.3.2, npm/@metamask/ethjs-util@0.2.0, npm/@metamask/ethjs@0.5.1, npm/@metamask/transaction-controller@19.0.1, npm/browserslist@4.23.3, npm/caniuse-lite@1.0.30001653, npm/electron-to-chromium@1.5.13, npm/eth-block-tracker@8.1.0, npm/eth-method-registry@3.0.0, npm/jsesc@2.5.2, npm/node-fetch@2.7.0, npm/node-gyp-build@4.8.1, npm/nonce-tracker@3.0.0, npm/to-fast-properties@2.0.0, npm/tr46@0.0.3, npm/update-browserslist-db@1.1.0, npm/webidl-conversions@3.0.1, npm/whatwg-url@5.0.0, npm/xhr2@0.2.1

View full report↗︎

socket-security · 2024-10-23T11:15:06Z

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/browserify-zlib@0.2.0, npm/ethereumjs-wallet@1.0.2, npm/assert@2.1.0, npm/@metamask/transaction-controller@37.3.0, npm/@metamask/phishing-controller@12.3.0, npm/@metamask/snaps-sdk@6.10.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

mikesposito · 2024-10-23T11:16:28Z

@SocketSecurity ignore npm/@metamask/transaction-controller@37.3.0

This package is ours

mikesposito · 2024-11-05T12:14:53Z

package.json

+    "@metamask/transaction-controller": "^37.3.0",
    "@types/jest": "^26.0.22",
    "@types/node": "^20.10.4",
+    "@types/readable-stream": "^4.0.18",


added to fix several error messages similar to these ones:

node_modules/@metamask/object-multiplex/dist/ObjectMultiplex.d.ts:2:44 - error TS7016: Could not find a declaration file for module 'readable-stream' node_modules/@metamask/post-message-stream/dist/BasePostMessageStream.d.ts:1:24 - error TS7016: Could not find a declaration file for module 'readable-stream'. '/home/mike/dev/metamask/swaps-controller/node_modules/readable-stream/readable.js' implicitly has an 'any' type. Try `npm i --save-dev @types/readable-stream` if it exists or add a new declaration (.d.ts) file containing `declare module 'readable-stream';` 1 import { Duplex } from 'readable-stream';

It seems that @types/readable-stream is a dev dependency of @metamask/object-multiplex when it should not be in the dev group. I've added a ticket for this here: MetaMask/object-multiplex#58

mikesposito · 2024-11-05T12:16:18Z

package.json

    "@metamask/eslint-config-nodejs": "^12.1.0",
    "@metamask/eslint-config-typescript": "^12.1.0",
    "@metamask/gas-fee-controller": "^21.0.0",
+    "@metamask/keyring-controller": "^17.0.0",


added to fix this error yield by AccountsController:

node_modules/@metamask/accounts-controller/dist/utils.d.cts:1:30 - error TS2307: Cannot find module '@metamask/keyring-controller' or its corresponding type declarations. 1 import { KeyringTypes } from "@metamask/keyring-controller";

Connected to the @metamask/transaction-controller update, I see.

mikesposito · 2024-11-05T12:19:41Z

package.json

    "@babel/runtime": "^7.0.0",
    "@lavamoat/allow-scripts": "^3.0.0",
-    "@metamask/approval-controller": "^5.1.1",
+    "@metamask/accounts-controller": "^18.0.0",


required by this TransactionController version:

node_modules/@metamask/transaction-controller/dist/TransactionController.d.cts:3:65 - error TS2307: Cannot find module '@metamask/accounts-controller' or its corresponding type declarations. 3 import type { AccountsControllerGetSelectedAccountAction } from "@metamask/accounts-controller"; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ node_modules/@metamask/transaction-controller/dist/helpers/IncomingTransactionHelper.d.cts:2:41 - error TS2307: Cannot find module '@metamask/accounts-controller' or its corresponding type declarations. 2 import type { AccountsController } from "@metamask/accounts-controller";

It looks like we only use @metamask/transaction-controller for types and yet this is needed because TransactionController talks to AccountsController, so @metamask/accounts-controller is a peer dependency of @metamask/transaction-controller. Interesting.

mikesposito · 2024-11-05T12:28:45Z

@SocketSecurity ignore npm/browserify-zlib@0.2.0
@SocketSecurity ignore npm/ethereumjs-wallet@1.0.2
@SocketSecurity ignore npm/assert@2.1.0

New authors seem to be trusted

@SocketSecurity ignore npm/@metamask/phishing-controller@12.3.0
@SocketSecurity ignore npm/@metamask/snaps-sdk@6.10.0

These are ours

mcmire

Looks good!

mcmire · 2024-11-05T17:13:20Z

package.json

    "@metamask/eslint-config-nodejs": "^12.1.0",
    "@metamask/eslint-config-typescript": "^12.1.0",
    "@metamask/gas-fee-controller": "^21.0.0",
+    "@metamask/keyring-controller": "^17.0.0",


Connected to the @metamask/transaction-controller update, I see.

mcmire · 2024-11-05T17:13:32Z

package.json

    "@babel/runtime": "^7.0.0",
    "@lavamoat/allow-scripts": "^3.0.0",
-    "@metamask/approval-controller": "^5.1.1",
+    "@metamask/accounts-controller": "^18.0.0",


It looks like we only use @metamask/transaction-controller for types and yet this is needed because TransactionController talks to AccountsController, so @metamask/accounts-controller is a peer dependency of @metamask/transaction-controller. Interesting.

mcmire · 2024-11-05T17:16:56Z

package.json

+    "@metamask/transaction-controller": "^37.3.0",
    "@types/jest": "^26.0.22",
    "@types/node": "^20.10.4",
+    "@types/readable-stream": "^4.0.18",


It seems that @types/readable-stream is a dev dependency of @metamask/object-multiplex when it should not be in the dev group. I've added a ticket for this here: MetaMask/object-multiplex#58

chore: bump @metamask/{transaction, approval}-controller

5509ffd

mikesposito requested a review from a team October 23, 2024 11:14

mikesposito marked this pull request as draft October 23, 2024 11:33

mikesposito mentioned this pull request Oct 23, 2024

Update NetworkController across Mobile dependency tree MetaMask/metamask-mobile#11910

Closed

12 tasks

add missing peer dependencies

516cd07

mikesposito commented Nov 5, 2024

View reviewed changes

mikesposito marked this pull request as ready for review November 5, 2024 12:29

mikesposito requested a review from a team November 5, 2024 12:29

Merge branch 'main' into mikesposito/bump/transaction-controller

7d509fb

mcmire approved these changes Nov 5, 2024

View reviewed changes

mikesposito merged commit 83b7365 into main Nov 5, 2024
11 checks passed

mikesposito deleted the mikesposito/bump/transaction-controller branch November 5, 2024 19:35

chore: bump @metamask/{transaction, approval}-controller #333

chore: bump @metamask/{transaction, approval}-controller #333

Uh oh!

Conversation

mikesposito commented Oct 23, 2024

Uh oh!

socket-security bot commented Oct 23, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Oct 23, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Next steps

Uh oh!

mikesposito commented Oct 23, 2024

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

mikesposito commented Nov 5, 2024

Uh oh!

mcmire left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore: bump `@metamask/{transaction, approval}-controller` #333

chore: bump `@metamask/{transaction, approval}-controller` #333

socket-security bot commented Oct 23, 2024 •

edited

Loading

socket-security bot commented Oct 23, 2024 •

edited

Loading