Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version v12.7.2 RC #28705

Merged
merged 7 commits into from
Nov 26, 2024
Merged

Version v12.7.2 RC #28705

merged 7 commits into from
Nov 26, 2024

Conversation

metamaskbot
Copy link
Collaborator

📦 🚀

@github-actions github-actions bot added the team-bot Bot team (for MetaMask Bot) label Nov 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@socket-security Socket Security
Copy link

socket-security bot commented Nov 26, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@chainsafe/as-sha256@0.3.1 None 0 165 kB dapplion
npm/@chainsafe/persistent-merkle-tree@0.4.2 None 0 112 kB dapplion
npm/@chainsafe/ssz@0.9.4 None 0 468 kB dapplion
npm/@scure/base@1.1.7 None 0 122 kB paulmillr
npm/bitwise@2.1.0 None 0 120 kB florianwendelborn
npm/case@1.6.3 None 0 39.1 kB nbubna
npm/crc-32@1.2.0 None 0 13.3 kB sheetjs
npm/elliptic@6.5.4 None +1 160 kB indutny
npm/eth-chainlist@0.0.498 None 0 1.13 MB zanechua
npm/eth-eip712-util-browser@0.0.3 None 0 33.9 kB asmiller1989
npm/exit-on-epipe@1.0.1 None 0 5 kB sheetjs
npm/gridplus-sdk@2.5.1 environment, network +2 789 kB asmiller1989
npm/printj@1.1.2 None 0 113 kB sheetjs

🚮 Removed packages: npm/@scure/base@1.1.9, npm/@sovpro/delimited-stream@1.1.0, npm/bitwise@2.2.1, npm/borc@3.0.0, npm/crc-32@1.2.2, npm/elliptic@6.5.7, npm/eth-chainlist@0.0.519, npm/gridplus-sdk@2.7.1, npm/iso-url@1.2.1, npm/json-text-sequence@0.3.0

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Nov 26, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/elliptic@6.5.4, npm/@noble/secp256k1@1.6.3, npm/exit-on-epipe@1.0.1, npm/crc-32@1.2.0, npm/printj@1.1.2, npm/ethereum-cryptography@1.1.2, npm/@noble/hashes@1.1.2, npm/@scure/bip32@1.1.0, npm/@scure/bip39@1.1.0, npm/@chainsafe/as-sha256@0.3.1, npm/@chainsafe/persistent-merkle-tree@0.4.2, npm/@chainsafe/ssz@0.9.4, npm/case@1.6.3, npm/bitwise@2.1.0, npm/@ethereumjs/tx@4.1.1, npm/@ethereumjs/common@3.1.1, npm/eth-eip712-util-browser@0.0.3, npm/gridplus-sdk@2.5.1, npm/@scure/base@1.1.7, npm/eth-chainlist@0.0.498

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

gauthierpetetin and others added 3 commits November 25, 2024 22:43
@gauthierpetetin @hjetpoluru @danjm
fix(sentry sampling): divide by 2 our sentry trace sample rate to avo…
4e41eee 
…id exceeding our quota (#28573)

## **Description**

- Divide by 2 our sentry trace sample rate to avoid exceeding our quota

## **Related issues**

Fixes: None

## **Manual testing steps**

- None

## **Screenshots/Recordings**

- None

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

Co-authored-by: Harika <153644847+hjetpoluru@users.noreply.github.com>
@danjm
Merge pull request #28711 from MetaMask/cherry-pick-62430fb-12.7.2
8724b63 
Cherry pick 62430fb (#28573) to v12.7.2
@danjm
Update changelog for v12.7.2 (#28712)
c4e1d93
@metamaskbot
Copy link
Collaborator Author

Builds ready [c4e1d93]
Page Load Metrics (1947 ± 62 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint29421851782486233
domContentLoaded16802174191112862
load16842187194713062
domInteractive16259595928
backgroundConnect683352211
firstReactRender49215893517
getState587292612
initialActions01000
loadScripts12101667140411053
setupStore12105382713
uiStartup18832704217918187

@danjm
Copy link
Contributor

danjm commented Nov 26, 2024

@SocketSecurity ignore-all

This returns these dependencies to the state they were in on v12.6.2, and these issues are fixed in develop

@danjm danjm marked this pull request as ready for review November 26, 2024 03:55
@danjm danjm requested review from a team as code owners November 26, 2024 03:55
@metamaskbot
Copy link
Collaborator Author

Builds ready [c4e1d93]
Page Load Metrics (1780 ± 55 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint15812155178711254
domContentLoaded15652065174710550
load15822157178011555
domInteractive249549199
backgroundConnect1189342411
firstReactRender44110822110
getState46015157
initialActions01000
loadScripts1146157212959244
setupStore106125188
uiStartup17502447196813565

@danjm danjm merged commit 040cb8d into master Nov 26, 2024
80 checks passed
@danjm danjm deleted the Version-v12.7.2 branch November 26, 2024 13:28
@github-actions github-actions bot locked and limited conversation to collaborators Nov 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@danjm danjm danjm approved these changes

Assignees
No one assigned
Labels
team-bot Bot team (for MetaMask Bot)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@metamaskbot @danjm @gauthierpetetin