Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PermittedHandlerExport to permission-controller #1184

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

Mrtenz
Copy link
Member

@Mrtenz Mrtenz commented Apr 14, 2023

Description

The primary intent of this change is to move PermittedHandlerExport from @metamask/types to the permission-controller package. This required some additional changes however.

@metamask/json-rpc-engine was updated to the latest version, so we can use the latest types for the PermittedHandlerExport. This required updating @metamask/rpc-errors (previously eth-rpc-errors) and @metamask/utils too.

See the changelog below for a more detailed explanation.

Changes

  • ADDED: Add PermittedHandlerExport type.
  • CHANGED: Bump @metamask/json-rpc-engine, @metamask/rpc-errors, and @metamask/utils in permission-controller to the latest version.
    • Usage of eth-rpc-errors has been changed to use @metamask/rpc-errors.
  • CHANGED: RestrictedMethodParameters now accepts undefined instead of void, as void is not compatible with our JsonRpcParams type.
    • I'm unsure how this is used externally, but this may be a breaking change.
  • FIXED: Dedupe yarn.lock.
    • There were a lot of duplicate package versions before, which have been deduped by running yarn dedupe.

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation for new or updated code as appropriate (note: this will usually be JSDoc)
  • I've highlighted breaking changes using the "BREAKING" category above as appropriate

@Mrtenz Mrtenz requested a review from a team as a code owner April 14, 2023 11:19
@socket-security
Copy link

socket-security bot commented Apr 14, 2023

New dependency changes detected. Learn more about Socket for GitHub ↗︎


🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore @metamask/json-rpc-engine@7.0.0
⚠️ No contributors or author data

Package does not specify a list of contributors or an author in package.json.

Add a author field or contributors array to package.json.

Package Location Source
@metamask/json-rpc-engine@7.0.0 (added) package.json packages/permission-controller/package.json
Pull request alert summary
Issue Status
Critical CVE ✅ 0 issues
CVE ✅ 0 issues
Mild CVE ✅ 0 issues
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Filesystem access ✅ 0 issues
Network access ✅ 0 issues
Shell access ✅ 0 issues
Debug access ✅ 0 issues
Long strings ✅ 0 issues
High entropy strings ✅ 0 issues
URL strings ✅ 0 issues
Uses eval ✅ 0 issues
Dynamic require ✅ 0 issues
Environment variable access ✅ 0 issues
Missing dependency ✅ 0 issues
Unused dependency ✅ 0 issues
Peer dependency ✅ 0 issues
Uncaught optional dependency ✅ 0 issues
Unresolved require ✅ 0 issues
Extraneous dependency ✅ 0 issues
Obfuscated require ✅ 0 issues
Obfuscated code ✅ 0 issues
Minified code ✅ 0 issues
Bidirectional unicode control characters ✅ 0 issues
Zero width unicode chars ✅ 0 issues
Bad text encoding ✅ 0 issues
Unicode homoglyphs ✅ 0 issues
Invisible chars ✅ 0 issues
Suspicious strings ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
File dependency ✅ 0 issues
No tests ✅ 0 issues
No repository ✅ 0 issues
Bad semver ✅ 0 issues
Bad dependency semver ✅ 0 issues
No v1 ✅ 0 issues
No website ✅ 0 issues
No bug tracker ✅ 0 issues
No contributors or author data ⚠️ 1 issue
CommonJS depending on ESModule ✅ 0 issues
Empty package ✅ 0 issues
Trivial Package ✅ 0 issues
No README ✅ 0 issues
Deprecated ✅ 0 issues
Chronological version anomaly ✅ 0 issues
Semver anomaly ✅ 0 issues
New author ✅ 0 issues
Unstable ownership ✅ 0 issues
Non-existent author ✅ 0 issues
Unmaintained ✅ 0 issues
Unpublished package ✅ 0 issues
Major refactor ✅ 0 issues
Missing package tarball ✅ 0 issues
Unsafe copyright ✅ 0 issues
License change ✅ 0 issues
Non OSI license ✅ 0 issues
Deprecated license ✅ 0 issues
Missing license ✅ 0 issues
Non SPDX license ✅ 0 issues
Unclear license ✅ 0 issues
Mixed license ✅ 0 issues
Legal notice ✅ 0 issues
Modified license ✅ 0 issues
Modified license exception ✅ 0 issues
License exception ✅ 0 issues
Deprecated SPDX exception ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
AI detected security risk ✅ 0 issues
AI warning ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
@metamask/json-rpc-engine@7.0.0 None +1 metamaskbot
@metamask/rpc-errors@5.1.1 None +0 metamaskbot

🚮 Removed packages: @metamask/types@1.1.0

@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from 49be581 to 9d183f3 Compare April 17, 2023 10:02
mcmire
mcmire previously approved these changes Apr 18, 2023
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be good to get a second review on this, but seems like a reasonable change to me.

@legobeat
Copy link
Contributor

legobeat commented Apr 19, 2023

@Mrtenz Changes look reasonable to me but especially given that effectively used versions of ethereumjs and babel packages and the types are nontrivial combined with that these commits will be squashed:

could we break out all the dependency updates into a separate PR, which would precede the permission-controller changes in this PR?

@legobeat
Copy link
Contributor

legobeat commented Apr 19, 2023

55e256b fixes this error (but as noted above IMO this should be broken out with the upgrades)

@legobeat legobeat force-pushed the mrtenz/permitted-handler-type branch 2 times, most recently from 4eff32a to 55e256b Compare April 19, 2023 03:43
@legobeat
Copy link
Contributor

legobeat commented Apr 19, 2023

@metamask/utils upgrade and part of the dedupes (including the parts triggering the hexToBN regression) broken out into #1211.

@Mrtenz
Copy link
Member Author

Mrtenz commented Apr 19, 2023

Thanks @legobeat! Will update this PR once that's merged.

@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from 55e256b to 8e80463 Compare April 19, 2023 09:06
@Mrtenz
Copy link
Member Author

Mrtenz commented Apr 19, 2023

Blocked by MetaMask/rpc-errors#91.

@legobeat legobeat mentioned this pull request Apr 19, 2023
3 tasks
@legobeat legobeat mentioned this pull request Apr 19, 2023
3 tasks
@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from bc01c35 to 394834f Compare April 19, 2023 11:59
@legobeat
Copy link
Contributor

@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from 8ccde14 to 2c37d50 Compare April 19, 2023 12:54
@@ -1,5 +1,5 @@
import assert from 'assert';
import { JsonRpcEngine, PendingJsonRpcResponse } from 'json-rpc-engine';
import { JsonRpcEngine } from '@metamask/json-rpc-engine';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we will get type issues by just updating json-rpc-engine in this package alone 🤔

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also this will make the PermissionController minimum Node 16. Are we ready for that in this repo?

Copy link
Contributor

@mcmire mcmire Apr 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch @FrederikBolding.

We don't currently supporting bumping the minimum Node version for select packages in this monorepo. The Node version would have to be bumped across the board.

I'm not sure if we are ready to do this Update: It looks like we are getting pretty close to bumping to Node 16 on mobile, so this may not be a problem, but either way, it might be good to bump @metamask/json-rpc-engine in another PR for visibility, if that's possible?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumping @metamask/json-rpc-engine requires bumping @metamask/utils and @metamask/rpc-errors, due to type conflicts with @metamask/types otherwise. I could cherry-pick the first commit into a separate PR, if that makes it more clear?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As of today bumping this library to 16 should not be a problem as mobile is now running Node 16.

Copy link
Contributor

@mcmire mcmire Apr 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mrtenz Cherry-picking the first commit in a separate PR makes sense. We should also make a new PR that bumps the minimum version of Node to 16 across the board so we can codify that in the next release.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried cherry-picking without including the new PermittedHandlerExport, but the types are not compatible between @metamask/types and @metamask/utils, so that doesn't really work.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All packages in this repo now require Node 16, so that part is at least done.

@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from a785e17 to 6003a97 Compare April 20, 2023 12:04
@mcmire
Copy link
Contributor

mcmire commented Apr 27, 2023

Happy to re-review this when the conflicts are resolved.

Mrtenz and others added 3 commits April 28, 2023 10:43
…sk/utils` in `permission-controller`

In order to remove the dependency on `@metamask/types` inside `snaps-monorepo`, we need the `PermittedHandlerExport` type. This type depends on types from the `@metamask/json-rpc-engine` package, which were previously duplicated inside `@metamask/types`. In this commit, I have moved `PermittedHandlerExport` to this package, which required bumping `@metamask/json-rpc-engine`, `@metamask/rpc-errors`, and `@metamask/utils`.
This commit updates "@metamask/rpc-errors" package to version "^5.1.1" in package.json and yarn.lock files. This will resolve an issue related to an internal error in PermissionController caused by this dependency.
Co-authored-by: legobeat <109787230+legobeat@users.noreply.github.com>
Some error objects should have a 'cause' field that will capture inner causes of particular errors.
@Mrtenz Mrtenz force-pushed the mrtenz/permitted-handler-type branch from 6003a97 to f05f318 Compare April 28, 2023 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants