Skip to content
This repository was archived by the owner on Oct 16, 2025. It is now read-only.

Bump MetaMask dependencies#351

Merged
Mrtenz merged 4 commits intomainfrom
mrtenz/bump-metamask-dependencies
Dec 19, 2024
Merged

Bump MetaMask dependencies#351
Mrtenz merged 4 commits intomainfrom
mrtenz/bump-metamask-dependencies

Conversation

@Mrtenz
Copy link
Member

@Mrtenz Mrtenz commented Dec 18, 2024
edited
Loading

This contains the following bumps:

  • @metamask/eth-block-tracker from ^11.0.3 to ^11.0.4.
  • @metamask/eth-json-rpc-provider from ^4.1.5 to ^4.1.7.
  • @metamask/eth-sig-util from ^7.0.3 to ^8.1.2.
  • @metamask/json-rpc-engine from ^10.0.0 to ^10.0.2.
  • @metamask/rpc-errors from ^7.0.0 to ^7.0.2.
  • @metamask/utils from ^9.1.0 to ^11.0.1.

This removes previous major versions of @metamask/utils from the dependency tree.

@socket-security
Copy link

socket-security bot commented Dec 18, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@metamask/abi-utils@3.0.0 None 0 0 B
npm/@metamask/eth-block-tracker@11.0.4 None 0 76.2 kB gudahtt
npm/@metamask/eth-json-rpc-provider@4.1.7 None +1 81.8 kB metamaskbot
npm/@metamask/eth-sig-util@8.1.2 None 0 133 kB danfinlay, gudahtt, kumavis, ...6 more
npm/@metamask/json-rpc-engine@10.0.2 None 0 178 kB metamaskbot
npm/@metamask/rpc-errors@7.0.2 None 0 171 kB metamaskbot
npm/@metamask/utils@11.0.1 None +1 837 kB metamaskbot

🚮 Removed packages: npm/@metamask/abi-utils@2.0.4, npm/@metamask/eth-block-tracker@11.0.3, npm/@metamask/eth-json-rpc-provider@4.1.5, npm/@metamask/eth-sig-util@7.0.3, npm/@metamask/json-rpc-engine@10.0.0, npm/@metamask/rpc-errors@7.0.0, npm/@metamask/utils@9.1.0

View full report↗︎

@socket-security
Copy link

socket-security bot commented Dec 18, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@metamask/eth-block-tracker@11.0.4

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@Mrtenz
Copy link
Member Author

Mrtenz commented Dec 18, 2024

@SocketSecurity ignore npm/@metamask/eth-block-tracker@11.0.4

This is ours.

@Mrtenz Mrtenz mentioned this pull request Dec 18, 2024
Merged
4 tasks
Mrtenz added a commit to MetaMask/core that referenced this pull request Dec 19, 2024
@Mrtenz
Bump @metamask/utils to ^11.0.1 and @metamask/rpc-errors to `^7…
83e9ea7 
….0.2` (#5080)

## Explanation

This bumps `@metamask/utils` from `^10.0.0` to `^11.0.1`, in an effort
to bump all packages using `@metamask/utils` to use v11. Unfortunately
there are some circular dependencies, so this does not completely
eliminate previous versions yet, but this is required to bump
`@metamask/utils` in other packages, such as:

- MetaMask/eth-json-rpc-middleware#351

## Changelog

<!--
If you're making any consumer-facing changes, list those changes here as
if you were updating a changelog, using the template below as a guide.

(CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or
FIXED. For security-related issues, follow the Security Advisory
process.)

Please take care to name the exact pieces of the API you've added or
changed (e.g. types, interfaces, functions, or methods).

If there are any breaking changes, make sure to offer a solution for
consumers to follow once they upgrade to the changes.

Finally, if you're only making changes to development scripts or tests,
you may replace the template below with "None".
-->

- **CHANGED**: Bump `@metamask/utils` from `^10.0.0` to `^11.0.1`
- **CHANGED**: Bump `@metamask/rpc-errors` from `^7.0.1` to `^7.0.2`

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [x] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes
@Mrtenz Mrtenz marked this pull request as ready for review December 19, 2024 12:02
@Mrtenz Mrtenz requested a review from a team as a code owner December 19, 2024 12:02
mikesposito
mikesposito approved these changes Dec 19, 2024
View reviewed changes
Copy link
Member

@mikesposito mikesposito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Mrtenz Mrtenz merged commit ae19e06 into main Dec 19, 2024
@Mrtenz Mrtenz deleted the mrtenz/bump-metamask-dependencies branch December 19, 2024 13:08
PatrykLucka pushed a commit to MetaMask/core that referenced this pull request Jan 13, 2025
@Mrtenz @PatrykLucka
Bump @metamask/utils to ^11.0.1 and @metamask/rpc-errors to `^7…
1044b5a 
….0.2` (#5080)

## Explanation

This bumps `@metamask/utils` from `^10.0.0` to `^11.0.1`, in an effort
to bump all packages using `@metamask/utils` to use v11. Unfortunately
there are some circular dependencies, so this does not completely
eliminate previous versions yet, but this is required to bump
`@metamask/utils` in other packages, such as:

- MetaMask/eth-json-rpc-middleware#351

## Changelog

<!--
If you're making any consumer-facing changes, list those changes here as
if you were updating a changelog, using the template below as a guide.

(CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or
FIXED. For security-related issues, follow the Security Advisory
process.)

Please take care to name the exact pieces of the API you've added or
changed (e.g. types, interfaces, functions, or methods).

If there are any breaking changes, make sure to offer a solution for
consumers to follow once they upgrade to the changes.

Finally, if you're only making changes to development scripts or tests,
you may replace the template below with "None".
-->

- **CHANGED**: Bump `@metamask/utils` from `^10.0.0` to `^11.0.1`
- **CHANGED**: Bump `@metamask/rpc-errors` from `^7.0.1` to `^7.0.2`

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [x] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@mikesposito mikesposito mikesposito approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mrtenz @mikesposito