-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update eth-snap-keyring
to 0.2.x to use the keyring-api
0.2.x
#20865
Conversation
Note: This PR only affects Flask. BREAKING CHANGE: The 'keyring-api' 0.2.x is incompatible with the previous 0.1.x release.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
@metamaskbot update-policies |
Removed dependencies detected. Learn more about Socket for GitHub ↗︎ 🚮 Removed packages: @metamask-institutional/portfolio-dashboard@1.4.0, @metamask/eth-snap-keyring@0.1.4, @metamask/rpc-methods@0.35.2-flask.1, @metamask/snaps-controllers@0.35.2-flask.1, @metamask/snaps-ui@0.35.2-flask.1, @metamask/snaps-utils@0.35.2-flask.1 |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is network access?This module accesses the network. Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Policies updated |
It's not working for me, when I try to Create Account I get this error:
|
Indeed @HowardBraham, I'll publish the new SSK that works with this branch (0.2.1). |
eth-snap-keyring
to 0.2.x to use the keyring-api
0.2.x
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## develop #20865 +/- ##
========================================
Coverage 68.38% 68.38%
========================================
Files 1006 1006
Lines 40244 40244
Branches 10759 10760 +1
========================================
+ Hits 27517 27518 +1
+ Misses 12727 12726 -1
☔ View full report in Codecov by Sentry. |
Manually tested on Mac Ventura 13.5.2 primarily with Chrome 117, but also Firefox 117.
|
@metamaskbot update-policies |
No policy changes |
e6ad318
@metamaskbot update-policies |
Policies updated |
Builds ready [49823b7]
Page Load Metrics (1769 ± 59 ms)
Bundle size diffs [🚀 Bundle size reduced!]
|
Wondering if my PR here relates to this one at all |
Yes @jiexi, we will soon release a new version of the |
Builds ready [7496857]
Page Load Metrics (1735 ± 112 ms)
Bundle size diffs [🚀 Bundle size reduced!]
|
Explanation
This PR updates the version of the
eth-snap-keyring
to use the new version of thekeyring-api
that we plan to expose to snap developers.This PR has no other impacts, and only affects Flask.
BREAKING CHANGE: The
keyring-api
0.2.x is incompatible with the previous 0.1.x release. Snaps developed with version 0.1.x of the API need to migrate to 0.2.x.Manual Testing Steps
Pre-merge author checklist
Pre-merge reviewer checklist
If further QA is required (e.g. new feature, complex testing steps, large refactor), add the
Extension QA Board
label.In this case, a QA Engineer approval will be be required.