This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
Upgrade Snyk and whitelist vulnerability #630
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rajivshah3
added
C - Shared
T - Meta
cvarley100
approved these changes
Nov 24, 2018
rajivshah3
added a commit
that referenced
this pull request
Nov 25, 2018
* Upgrade Snyk * Whitelist vulnerability, this cannot be easily patched and Trinity is not vulnerable
cvarley100
pushed a commit
that referenced
this pull request
Feb 19, 2019
* Mobile: Add and link Realm * Shared: Define some schemas * Update schemas * Mobile/iOS: Update pbxproj * Move realm to shared * Shared: Store chart data in realm * Bug fix * Change input selection * Add coverage for #prepareInputs * Fix lockfile * Clean up #getInputs and related utils * Remove unused utils #getOutgoingTransfersForAddresses & #getPendingOutgoingTransfersForAddresses * Update coverage for libs/iota/addresses * Add coverage for #getInputs * Fix failing tests in libs/iota/transfers * Update test coverage for actions/transfers * Remove realm & redux-persist-realm dependency from mobile directory * Avoid passing Realm constructor to state actions * Setup base for realm * Update schema - Add Wallet schema - Add Account schema - Update Transaction schema - Update Address schema * Add a selector for selecting bundles for auto promotion * Add some storage (realm) to state (redux) mappers * Consume storage to state mapper for restoring state when mobile app intialises * Allow purging realm storage on wallet reset * Migrate to realm for account state for a new/fresh account * Migrate account deletion & account name change to realm * Integrate realm with mobile's entry point * Integrate account syncs, polling, snapshot transition with realm storage * Add maxInputs property to SeedVault class and use it during input selection * Migrate accounts (transaction & addresses) related data management from AsyncStorage to realm * Mobile: Relink Realm * Add realm binaries to gitignore * Clean up transaction utils and update test coverage - Remove transaction util #categoriseTransactionsByPersistence - Remove transaction util #transformTransactionsByBundleHash - Remove transaction util #isValidTransactionSync - Remove transaction util #isValidTransactionAsync - Remove transaction util #filterInvalidTransactionsSync - Remove transaction util #filterInvalidTransactionsAsync - Remove transaction util #prepareForAutoPromotion - Remove transaction util #getPendingTxTailHashes - Remove transaction util #markTransfersConfirmed - Remove transaction util #getConfirmedTransactionHashes - Remove transaction util #mergeNewTransfers - Remove transaction util #getBundleHashesForNewlyConfirmedTransactions - Remove transaction util #isStillAValidTransaction - Remove transaction util #getOwnTransactionHashes - Remove transaction util #pickNewTailTransactions * Remove unnecessary tests for reducers/accounts * Make maxInputs a read-only property of SeedVault class * Fix some unit tests for libs/iota/addresses * Remove unnecessary check for remainder transaction when inputs are categorised Some bundles (e.g., MECOSAGPFIHBAJQBBX9HUJRNJEKRVNRJBHEBWYPD9H9IKBFEJZCRLLFYLLILEUHCUNYEHBEQARWNHFWBC) are not properly categorised into inputs/outputs. This is because input transactions of such bundles have currentIndex === lastIndex. This commit removes the unnecessary checks on inputs (restricting them to be non-remainder transactions). Categorisation of a bundle to inputs/outputs should only be based on negative/non-negative value. # Please enter the commit message for your changes. Lines starting * [Realm] Node schema (#499) * Shared: Add node schema * Refactor and add tests * Remove unnecessary import * Make maxInputs a read-only property of SeedVault class * Migrate settings redux reducer to realm * Simplify theming state management Currently, we store both theme object and theme name in settings reducer. This commit simplifies the theme setup by removing theme object from state and using a state selector for passing active theme object to all UI components. This also avoids storing theme object in persistent storage. * Remove ChartDataSchema, DataForTimeframeSchema, DataPointSchema * Use theme selector for injecting theme object to all UI components (mobile & shared) * Migrate node and currency related state management to realm * Update test coverage for settings reducer * Fix typo * Fix test coverage for libs/iota/addresses * Fix transactions schema and related tests * Add auto migration from AsyncStorage to Realm storage This commit adds the ability for the wallet to automatically migrate (accounts & settings) data from old (AsyncStorage) to Realm storage. After login, users will automatically be redirected to the migration screen (on mobile) where behind the scenes, auto migration will be performed. On successful migration, users will be redirected to the dashboard. * Minor fixes - Fix balance display for accounts in TopBar (mobile) - Fix reference to address data in ViewAddresses (mobile) - Fix some failing tests - Refactor tests for actions/transfers/makeTransaction * Minor fixes - Fix failing tests - Fix some iota utils * Make sure getInput stubs return an object and not an array of inputs * Upgrade Snyk and whitelist vulnerability (#630) * Upgrade Snyk * Whitelist vulnerability, this cannot be easily patched and Trinity is not vulnerable * Upgrade to React Native 0.57 (#438) * Mobile: Update to React Native 0.56 * Mobile: Clean up RN update * Mobile: Remove react-native-keyboard-aware-scroll-view * Mobile: Fix Android keyboard avoidance * Mobile: Fix chart interpolation Android * Mobile: Fix Android account name cut-off * Mobile: Upgrade React Native to 0.57 * Bug fixes * Bug fixes * Mobile: Fix hidden back button * Update lockfile * Mobile: Re-add JVM args * Mobile: Add babel-plugin-jest-hoist to fix Bugsnag mocks * Shared: Fix babel-related mocha issues * Remove unnecessary patches * Update lockfile * Mobile: Apply forwardRef fix * Mobile: Fix failing Balance test * Mobile: Revert unintended changes * Mobile: Re-add react-native-vector-icons patch * Remove unnecessary babel files/deps * Fix module-resolver, ignore some YellowBox warnings * Shared: Revert redux-persist upgrade * Make sure greenkeeper does not update redux-persist * Shared: Revert React update * Revert "Merge branch 'hotfix/revert-upgrade' into chore/rn-0.57" This reverts commit 3b5a8e7, reversing changes made to a6bbbbb. * Mobile: Bump to React Native 0.57.5, React 16.6.1 * Revert unnecessary change [ci skip] * Upgrade react-native-vector-icons Closes #603 * Upgrade react-native-navigation * Use new Xcode build system * Mobile: Fix Android build * Mobile: Fix failing test * Mobile: Revert RNN upgrade, revert to legacy build system * Mobile: Cherry pick wix/react-native-navigation@ab2f335 for RN 0.57 support * Mobile: Fix typo in gradlew.bat * Finalise Realm instantiation (#777) * Import realm from mobile directory instead of directly importing it from shared * Finalize realm usage for desktop, mobile & test environments * Disable realm analytics reports * Fix failing tests and warnings for mobile * Use detectOpenHandles argument for jest tests * Force exit mocha tests * Fix incorrect refs & add realm initialisation setup for desktop * Show desktop window only after persisted state has been restored * Send payload only if provided * Shared: Rebuild realm after installing dependencies (#842) * Remove undefined i18next translate function from progressSteps * Update prepateTransferArray implementation to accept addressData as an array instead of an object * Minor fixes and updates - Remove manual state rehydration from src/desktop/src/index.js - Pass in theme object to UnitInfoModal - Fix JSDocs for addCustomNodeSuccess action creator - Fix notificationFn trigger in syncAccount - Relocate mapNormalisedTransactions util * Always find transaction hashes diff from transactions with own addresses * Update UI for migration screen * Assign index & meta to account object during migration * Use buildNumber for detecting & triggering redux->realm migration * Shared: Ignore chownr vulnerability in Snyk * Desktop: Realm Database implementation Desktop fixes (#874) * Desktop related fixes: - Fix balance setting in `Balance` and `Sidebar` components - Fix latest address retrieval - Fix notification function - Fix List component transaction list retrieval * Remove `reverse` from account address list * Mobile: Resolve lint errors * Revert 5291972 and fix eslint config (see eslint/eslint#11231) * Fix failing tests for libs/iota/accounts * Fix checksum for latestAddressObject & add a separate constant for latestAddressBalance * Fix attachAndFormatAddresses util implementation * Mobile: Fix migration step strings * Mobile: Update prop types * Shared: Fix documentation for delete and addNodes * Remove hash as a primary key from Transaction schema * Add realm-object-server/ to gitignore * Bump realm to v2.21.1 * Update Transaction schema - Add attachmentTimestamp - Add attachmentTimestampLowerBound - Add attachmentTimestampUpperBound - Add obsoleteTag * Minor fixes - Map correct persistence to normalised transactions - Fix parameters for constructBundleFromTransactions util * Minor fixes - Make completedMigration a required prop in Login & Migration component - Make sure missing properties like completedMigration are correctly mapped to redux store on entry * Include version check on app entry * Minor fixes and updates - Update method description for realm Wallet class method updateLatest - Rename setMigrationStatus action creator to setRealmMigrationStatus * Desktop: Realm Database - remove redux persist settings dependency (#877) * Update tray application state sync and initialisation * Update Proxy settings to use separate electronSettings entry * Shared: Fix periodically failing sortTransactionTrytesArray test (#878) * Shared: Fix periodically failing sortTransactionTrytesArray test * Shared: Make recommended changes * Remove unnecessary assert statements * Fix skipped tests for #isNodeHealthy * Fix skipped tests * Update build number check realm migration detection * Update build number to 40 for migration detection check * Add missing getCustomNodesFromState state selector * Pass nodes array in correct format to quorum methods * Migrate accountIndex property for account from AsyncStorage to realm * Remove primary key (address) from AddressSchema * Fix invalid bundle construction for failed transactions * Preserve local spend status before updating account data in realm * Refactor #getFullAddressHistory tests * Make sure we fetch persisted account indexes from realm * Check for undefined addressData prop before updating address data in realm * Realm data encryption (#1018) * Add base setup for realm data encryption * Pass #getEncryptionKeyPromise when storage is reinitialised * Store realm encryption key in keychain * Initialise realm instance with encryption key in tests * Store realm encryption key in keychain * Address comments - Remove base64-js - Perform Uint8Array to string conversions with vanilla JS * Skip realm encryption key to be reset on password change * Simplify #getEncryptionKey implementation * Update build number to 41 for migration detection check * Mobile: Fix notification icon touch radius * Include isRetryingFailedTransaction in modalProps when modalProps are updated * Move manual bundle construction implementation (for failed transactions) in constructBundlesFromTransactions * Mobile: Fix iPhone X modal visual bug * Mobile Release 0.4.1 (41) (#1029) * Mobile: Bump build number to 41 * Mobile: Bump Realm migration versioning * Shared: Only rebuild Realm on Debian * Correctly assign new account name in realm storage (#1045) * Update isFailedTransaction prop when modal props are updated (#1046) * Mobile: Add retry button, error log and change node to Realm migration (#1041) * Mobile: Add ability to change node and retry during migration * Mobile: Address comments * Mobile: Fix notification button import and padding * Mobile: Disable iOS pop gesture * Mobile Release 0.6.1 (42) (#1048) * Mobile: Bump build no to 42 * Mobile: Update realm migration versioning * Realm Database implementation desktop bugfixes (#1025) * - Fix Realm storage path - Add missing wallet reset triggers - Fix address component prop use - Remove failed bundle hash action * Update Realm path for test environment * - Remove Realm instance init from Tray application - Keep Realm encryption key on keychain initialisation * Focus wallet window after initial store update * Add missing Windows required dependency * Desktop: Create Migration component to migrate data (#857) * Desktop: Create Migration component to migrate data * Desktop: Add 'history' to PropTypes * Desktop: Document getAllStorageKeys * - Fix Realm storage path - Add missing wallet reset triggers - Fix address component prop use - Remove failed bundle hash action * Update Realm path for test environment * - Remove Realm instance init from Tray application - Keep Realm encryption key on keychain initialisation * Focus wallet window after initial store update * Add missing Windows required dependency * Move Migration to `ui/global` * Migration bugfixes * Desktop: Fix off-by-one mistake on Migration component * Code review fixes * Fix Wallet reset functionallity * Fix account duplication on account rename operation (#1077) Related issue: #1066 * Fix invalid address data issue (#1089) Interrupting new account onboarding (on loading screen) leads wallet to throw continuous exceptions. The reason for exceptions was missing "completed" property in realm schema. This commit fixes the issue and also adds realm migration from schema version 0 to latest schema. * Mobile: Readd react-native-translucent-moddal (#1083) * Add migration retry and node change functionality (#1094) * Desktop: Realm implementation fixes (#1096) * - Exclude unnecessary realm package contents in builds - Fix unique seed check to exclude Realm key - Fix account snapshot transition missing addresses * Missing tag build error fix * Desktop: Updated Entangled node use (#1095) * Implement new Entangled node bindings * Update shrinkwrap file * Mobile: Link translucent modal * Merge branch 'develop' into feature/realm * develop: Bump react from 16.8.1 to 16.8.2 in /src/desktop (#1075) Bump @ledgerhq/hw-transport-node-hid in /src/desktop (#1082) [Security] Bump braces from 1.8.5 to 2.3.2 in /src/desktop (#1079) Bump i18next from 15.0.2 to 15.0.4 in /src/desktop (#1072) Bump react-dom from 16.8.1 to 16.8.2 in /src/desktop (#1076) Desktop Ledger app update (#1059) # Conflicts: # src/desktop/npm-shrinkwrap.json # src/desktop/package.json # src/shared/actions/transfers.js * Fix desktop transition `Cannot read property 'type' of undefined` error * Update shrinkwrap file * - Fix receive closes automatically on Ledger account (#1101) - Fix unable to cancel refreshing history without Ledger connected - Fix onboarding seed not available after failed initial account fetch * Shared: Fix migration when app is first installed (#1098)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Upgrades
snyk, whitelists vulnerability that cannot be patched easily and doesn't affect us. Fixes failing CIType of change
How Has This Been Tested?
N/A
Checklist: