metamask-extension
metamask-extension copied to clipboard
MetaMask
fix(deps): [email protected]>~2.6.0
Description
- fix(deps):
[email protected]>~2.6.02.7.0updates to@ethereumjs/tx5, so holding at 2.6- removes dependency on legacy
ethereum-cryptographyv1
- dedupe and unpin
@ethereumjs/txto^4.2.0eth-lattice-keyringis pinned to@ethereumjs/[email protected]gridplus-sdkis pinned to@ethereumjs/[email protected]
- fix(deps): bump
[email protected]>^6.5.7via resolutions - fix(deps): bump
secp256k
Related issues
- https://github.com/GridPlus/eth-lattice-keyring/pull/64
- https://github.com/GridPlus/gridplus-sdk/issues/547
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
- [x] I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using JSDoc format if applicable
- [x] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@scure/[email protected] | None | 0 |
133 kB | paulmillr |
| npm/[email protected] | None | 0 |
31 kB | sheetjs |
| npm/[email protected] | None | 0 |
119 kB | indutny |
| npm/[email protected] | None | 0 |
1.17 MB | zanechua |
| npm/[email protected] | None | 0 |
380 kB | nicknaso |
| npm/[email protected] | None | 0 |
1.82 MB | fanatid, jprichardson, null_radix |
🚮 Removed packages: npm/@chainsafe/[email protected], npm/@chainsafe/[email protected], npm/@chainsafe/[email protected], npm/@scure/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Regarding the remaining deps-audit check:
They released fixes for node-secp256k1 in 4.0.4 and 3.8.1, but older 5.0.0 is still affected.
- https://github.com/cryptocoinjs/secp256k1-node/issues/208