[pull] main from MetaMask:main#785
Merged
Merged
Conversation
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> Normalizes native asset addresses. ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [X] I've updated the test suite for new or updated code as appropriate - [X] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [X] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [X] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes the canonical native asset IDs produced by `buildNativeAssetsFromConstant`, which can affect cache/state keys and lookups if any consumers relied on the previous un-normalized IDs. Logic is small and test-covered, with normalization limited to EVM `erc20` CAIP-19 IDs. > > **Overview** > Native-asset seeding now normalizes each CAIP-19 native asset ID returned by `buildNativeAssetsFromConstant` using `normalizeAssetId`, aligning the seed map with IDs produced by other data sources (e.g., EIP-55 checksummed ERC-20 addresses). > > Tests were updated to assert the normalized IDs, and the package changelog documents the fix. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 00b8711. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation Support pagination on the search API ## References Jira: https://consensyssoftware.atlassian.net/browse/ASSETS-3206 Mobile: MetaMask/metamask-mobile#30097 <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Moderate risk because it changes the `searchTokens` request/response contract (new `after` query param and optional `totalCount`/`pageInfo` fields), which may require consumer updates and could affect pagination behavior across clients. > > **Overview** > `searchTokens` now supports cursor-based pagination by accepting an optional `after` cursor and forwarding it to the `/tokens/search` request. > > When present in the API response, the function now forwards `totalCount` and `pageInfo` (`{ hasNextPage, endCursor }`) to callers, and exports a new `PageInfo` type; tests and the changelog were updated to cover/describe these new pagination fields. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 9025b38. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> Release: - Patch release of `@metamask/assets-controller` - Minor release of `@metamask/assets-controllers` - Minor release of `@metamask/profile-sync-controller` - Minor release of `@metamask/account-tree-controller` - Major release of `@metamask/multichain-account-service` - Initial release of `@metamask/snap-account-service` ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Mostly version/changelog updates, but it rolls in a **major** bump of `@metamask/multichain-account-service` (breaking API/messenger requirements) plus new `@metamask/snap-account-service`, which can break downstream builds if consumers don’t update their allowed actions/events and configs. > > **Overview** > Publishes a new monorepo release (`979.0.0`) and cuts new package versions across the workspace. > > This release bumps `@metamask/account-tree-controller` to `7.4.0` and propagates dependency updates through related packages (e.g. `assets-controller`/`assets-controllers`, bridge controllers, and others), including upgrading `@metamask/profile-sync-controller` to `28.1.0` and `@metamask/multichain-account-service` to `10.0.0`. > > Changelogs and `yarn.lock` are updated accordingly, including recording the initial `@metamask/snap-account-service` (`0.1.0`) and the `multichain-account-service` breaking changes around Snap readiness handling/messenger requirements. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 4cb40f1. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Charly Chevalier <charly.chevalier@consensys.net>
## Explanation Initialize the `wallet` package, which will eventually contain shared initialization code for the MetaMask clients. ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: this PR primarily scaffolds a new package and wires it into repo tooling (TypeScript refs, docs, ownership) with only placeholder code and a basic unit test. > > **Overview** > Adds a new `@metamask/wallet` workspace package scaffold (build/test/docs configs, licensing/changelog/readme) with a placeholder `greeter` export and a simple Jest test. > > Wires the new package into monorepo infrastructure by updating root `tsconfig.json`/`tsconfig.build.json` references, `README.md` package list/dependency graph, `CODEOWNERS`/`teams.json` ownership mapping, and `yarn.lock` workspace entry. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 17e8453. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation Release `980.0.0` with minor version bumps for: - **`@metamask/transaction-controller`** `65.3.0` → `65.4.0` - **`@metamask/transaction-pay-controller`** `22.3.1` → `22.4.0` ### `@metamask/transaction-controller@65.4.0` #### Added - Add optional `fiat` object (with `orderId` and `provider` properties) to `MetamaskPayMetadata` type for persisting fiat on-ramp order data on transactions - Add `predictAcrossWithdraw` to the `TransactionType` enum #### Changed - `estimateGasBatch` now falls back to the sum of per-tx `gas` values in the EIP-7702 path when node simulation fails, instead of returning the block-gas-limit fallback - Bump `@metamask/network-controller` from `^31.0.0` to `^32.0.0` - Bump `@metamask/accounts-controller` from `^38.1.0` to `^38.1.1` - Bump `@metamask/controller-utils` from `^12.0.0` to `^12.1.0` ### `@metamask/transaction-pay-controller@22.4.0` #### Added - Add Across quote support for post-quote Predict withdraw flows #### Changed - Derive fiat order source amount from on-chain transaction data (`order.txHash`) with fallback to `order.cryptoAmount` - Persist fiat order ID and provider code on `transaction.metamaskPay` before polling, so activity views can query order status after controller state cleanup - Bump `@metamask/assets-controller` from `^7.1.1` to `^7.1.2` - Bump `@metamask/assets-controllers` from `^108.0.0` to `^108.1.0` #### Fixed - For postquote payments payment token for MM Pay transaction should not be reset when accountOverride is changed ### Dependency updates 14 packages had their `@metamask/transaction-controller` dependency range updated from `^65.3.0` to `^65.4.0` with corresponding changelog entries under `[Unreleased]`: - `@metamask/assets-controller` - `@metamask/assets-controllers` - `@metamask/bridge-controller` - `@metamask/bridge-status-controller` - `@metamask/earn-controller` - `@metamask/eip-5792-middleware` - `@metamask/gator-permissions-controller` - `@metamask/network-enablement-controller` - `@metamask/perps-controller` - `@metamask/phishing-controller` - `@metamask/profile-metrics-controller` - `@metamask/shield-controller` - `@metamask/subscription-controller` - `@metamask/user-operation-controller` ## References - [#8694](#8694) — Add fiat on-ramp order data persistence on transactions - [#8759](#8759) — Add `predictAcrossWithdraw` transaction type - [#8735](#8735) — EIP-7702 gas estimation fallback improvements - [#8760](#8760) — Across quote support for post-quote Predict withdraw - [#8787](#8787) — Fix payment token reset on accountOverride change ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Mainly a release/version bump, but it pulls in updated `@metamask/transaction-controller` behavior (gas estimation fallback, new metadata/type fields) across many dependent controllers, which could affect transaction handling paths. > > **Overview** > Bumps the monorepo release to `980.0.0`, publishes `@metamask/transaction-controller@65.4.0`, and publishes `@metamask/transaction-pay-controller@22.4.0` (with corresponding changelog link updates). > > Propagates the `@metamask/transaction-controller` dependency range from `^65.3.0` to `^65.4.0` across multiple packages (e.g. assets/bridge/network-enablement/perps/phishing/shield/subscription/user-operation controllers) and records the bumps in each package’s `[Unreleased]` changelog entries, with `yarn.lock` updates to match. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 699b516. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…#8695) ## Explanation ### Architecture Overview ``` ┌─────────────────┐ messenger ┌──────────────────────────┐ │ OHLCVService │ ─── calls actions ────► │ BackendWebSocketService │ │ (domain logic) │ │ (raw WS connection) │ │ │ ◄── listens to events ── │ │ └────────┬────────┘ └──────────┬───────────────┘ │ │ publishes events actual WebSocket to UI consumers (connect, auth, reconnect, heartbeat, JSON framing) │ ▼ ┌──────────────────┐ │ Mobile UI │ │ (React hooks) │ │ useOHLCVRealtime │ └──────────────────┘ ``` ### What - Add `OHLCVService` for real-time OHLCV (candlestick) data streaming via the backend WebSocket gateway - Move all WebSocket-related files (`BackendWebSocketService`, `AccountActivityService`) into a new `src/ws/` directory per code review feedback ### Why - Enable real-time chart updates on the Token Details screen without polling - Reduce API load by replacing periodic HTTP calls with persistent WebSocket subscriptions - Organize WebSocket code into a dedicated `ws/` folder for better discoverability ### New files - `src/ws/ohlcv/OHLCVService.ts` — main service with subscribe/unsubscribe semantics, reference counting, grace-period unsubscribe, idempotency checks, chain-status forwarding, and automatic resubscription on reconnect - `src/ws/ohlcv/OHLCVService.test.ts` — 22 unit tests covering all paths (100% branch coverage) - `src/ws/ohlcv/OHLCVService-method-action-types.ts` — auto-generated messenger action types - `src/ws/ohlcv/types.ts` — `OHLCVBar` and `OHLCVSubscriptionOptions` types - `src/ws/ohlcv/index.ts` — barrel exports ### Modified files - `src/index.ts` — added exports for `OHLCVService`, its types, and allowed actions/events; updated import paths to `./ws/` - `eslint-suppressions.json` — updated paths for moved files, added suppressions for new test file - `CHANGELOG.md` — documented new service and exports ### Moved files (no logic changes) - `src/BackendWebSocketService.ts` → `src/ws/BackendWebSocketService.ts` - `src/BackendWebSocketService.test.ts` → `src/ws/BackendWebSocketService.test.ts` - `src/BackendWebSocketService-method-action-types.ts` → `src/ws/BackendWebSocketService-method-action-types.ts` - `src/AccountActivityService.ts` → `src/ws/AccountActivityService.ts` - `src/AccountActivityService.test.ts` → `src/ws/AccountActivityService.test.ts` - `src/AccountActivityService-method-action-types.ts` → `src/ws/AccountActivityService-method-action-types.ts` - Only import path updates (`./logger` → `../logger`, `./types` → `../types`, test helper paths) ### Key design decisions - **UI-driven lifecycle** — unlike `AccountActivityService` (auto-subscribes on account change), `OHLCVService` exposes `subscribe()`/`unsubscribe()` called by the UI when the chart mounts/unmounts - **Reference counting** — multiple UI consumers subscribing to the same assetId/interval/currency share one WebSocket subscription - **Grace period (3s)** — when all consumers unsubscribe, actual WS unsubscribe is delayed 3 seconds to absorb rapid navigation (Token A → Token B → Token A) - **Idempotency** — uses `channelHasSubscription` before subscribing; duplicate calls are no-ops (React Strict Mode safe) - **Chain status** — listens to `system-notifications.v1.market-data.v1` (auto-subscribed by server) and publishes `OHLCVService:chainStatusChanged` - **Disconnect handling** — on WebSocket disconnect, publishes `chainStatusChanged { status: 'down' }` for all tracked chains, triggering UI polling fallback - **Reconnect** — resubscribes all active channels when WebSocket reconnects (no `sessionId` needed for OHLCV; UI polling fallback covers the gap) - **`init()` method** — system notification callback registered in `init()` (not constructor) to comply with messenger-in-constructor lint rule ### Events published - `OHLCVService:barUpdated` — `{ channel, bar: OHLCVBar }` — new candle data from WebSocket - `OHLCVService:chainStatusChanged` — `{ chainIds, status, timestamp? }` — chain up/down (server notification or WS disconnect) - `OHLCVService:subscriptionError` — `{ channel, error, operation }` — subscribe or unsubscribe failure ## References * Related to https://www.notion.so/metamask-consensys/OHLCV-WebSocket-Integration-UI-Implementation-Guide-346f86d67d6880b6a70fc3be0f0c34b9 * Related to MetaMask/metamask-mobile#29739 * Fixes https://consensyssoftware.atlassian.net/browse/ASSETS-3195 ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Adds a new WebSocket-driven market-data service with reference counting, timers, and reconnect resubscription logic, which can affect subscription lifecycles and event delivery. Also moves existing WebSocket services into `src/ws/`, so consumers relying on internal paths (vs package exports) could break if any remain. > > **Overview** > Adds a new `OHLCVService` to stream real-time OHLCV bars over WebSocket, exposing `subscribe`/`unsubscribe` via messenger actions, publishing `barUpdated`/`chainStatusChanged`/`subscriptionError` events, and handling reconnect resubscription with ref-counting plus a grace-period unsubscribe (mutex-protected). > > Refactors `core-backend` by moving `BackendWebSocketService` and `AccountActivityService` (and their tests/action-type files) into `src/ws/`, updating imports/exports (`src/index.ts`), and updating lint suppressions; also adds `async-mutex` plus comprehensive unit tests for the new service and documents the addition in the changelog. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 730af62. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes request header names and makes `clientVersion` optional, which could break backend compatibility or analytics if consumers/backends still expect the old headers or a default version. > > **Overview** > `BaseApiClient` now sends `x-metamask-clientproduct` and (optionally) `x-metamask-clientversion` instead of the previous `X-Client-Product`/`X-Client-Version` headers, and it no longer defaults `clientVersion` to `1.0.0`. > > Tests and the `core-backend` changelog are updated to reflect the new header contract, including verifying the version header is *omitted* when `clientVersion` is not provided. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 09cc23a. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> This PR updates notification preferences to use AUS as the source of truth after first initialization, in order to enrich notification settings with the following categories: - Updates and Rewards (or marketing) - Wallet Activity - Perps - Social AI For new users, the NotificationServicesController now writes a complete preferences blob, seeding wallet activity from the current Trigger API state and defaulting all current accounts to enabled for true first-time setup. Marketing initialization is split by channel: push follows marketing consent, while in-app follows the product announcement current option. ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> Fixes [GE-13](https://consensyssoftware.atlassian.net/browse/GE-13) ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [x] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes the notification settings source of truth and initialization/write paths (Trigger API -> AUS), which can affect user notification enablement and push registration behavior across accounts and channels. > > **Overview** > **Moves notification preference storage to Authenticated User Storage (AUS).** `NotificationServicesController` now reads/writes notification preferences via AUS messenger actions and uses those preferences (instead of Trigger API config) when enabling push notifications, checking account presence, and selecting addresses for fetching on-chain notifications. > > **Adds first-time preference initialization and new options.** When AUS has no preferences (`null`), `createOnChainTriggers` writes a complete preferences blob (wallet activity seeded from current Trigger API state with first-time “enable all” fallback, plus default Perps/SocialAI) and seeds marketing push/in-app from new `hasMarketingConsent` and `productAnnouncementEnabled` options; the old `resetNotifications` option is removed. > > **Updates shared types and tests.** `@metamask/authenticated-user-storage` notification preference types/validators replace `enabled` with per-channel `inAppNotificationsEnabled`/`pushNotificationsEnabled`, and notification-services-controller tests/mocks are rewritten to mock AUS calls and drop `updateOnChainNotifications` coverage. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit c1c039d. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> [GE-13]: https://consensyssoftware.atlassian.net/browse/GE-13?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
## Explanation Why: Dapp scanning now supports path-level dapp scanning. Without this client-side change, the API never receives paths and the path-scanning capability goes unused. <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> Fixes: https://consensyssoftware.atlassian.net/jira/software/c/projects/PSAFE/boards/1950?selectedIssue=PSAFE-419 Extension PR: MetaMask/metamask-extension#42311 ## Screenshots I've ran MetaMask Extension locally with these changes. Paths are now included in the API request. <img width="483" height="119" alt="image" src="https://github.com/user-attachments/assets/ce278da6-fa90-4e7c-9ac2-90e4ecfd671f" /> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Modifies `scanUrl` request/caching semantics to sometimes key on `hostname+pathname`, which can change phishing detection outcomes and cache behavior for gateway domains and could affect API load if misclassified. > > **Overview** > **Adds path-aware phishing URL scanning for shared gateway hosts.** `PhishingController.scanUrl` now sends `hostname+pathname` (instead of hostname-only) for a curated set of gateway root domains and subdomains, and caches results by this scan parameter. > > Introduces new utilities/constants (`PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`, `isPhishingDetectionPathBasedHostname`, `getPhishingDetectionScanUrlParam`), exports them from `index.ts`, and updates tests/changelog to cover the new request format and per-path caching behavior. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 74ef4dc. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
## Explanation <!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? * Are there any changes whose purpose might not obvious to those unfamiliar with the domain? * If your primary goal was to update one package but you found you had to update another one along the way, why did you do so? * If you had to upgrade a dependency, why did you do so? --> ## References <!-- Are there any issues that this pull request is tied to? Are there other links that reviewers should consult to understand these changes better? Are there client or consumer pull requests to adopt any breaking changes? For example: * Fixes #12345 * Related to #67890 --> ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [ ] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: this is a release/version bookkeeping PR that mainly updates package versions, changelogs, and dependency ranges without changing runtime logic. > > **Overview** > Bumps the root monorepo version to `981.0.0` and publishes new package versions for `@metamask/base-data-service` (`0.1.3`), `@metamask/react-data-query` (`0.2.1`), and `@metamask/eip-5792-middleware` (`3.0.4`). > > Updates consumers (`authenticated-user-storage`, `chomp-api-service`, `money-account-balance-service`, `react-data-query`, `sample-controllers`, `social-controllers`) to depend on `@metamask/base-data-service@^0.1.3`, and refreshes associated changelog entries and `yarn.lock` resolutions. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 78dd458. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )