feat: 7.47.0

[metamaskbot]

🚀 v7.47.0 Testing & Release Quality Process

Hi Team,
As part of our new MetaMask Release Quality Process, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment.

---

📋 Key Processes

Testing Strategy

• Developer Teams:
  Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows.
• QA Team:
  Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing.
• Customer Success Team:
  Validate new functionalities and provide feedback to support release monitoring.

GitHub Signoff

• Each team must sign off on the Release Candidate (RC) via GitHub by the end of the validation timeline (Tuesday EOD PT).
• Ensure all tests outlined in the Testing Plan are executed, and any identified issues are addressed.

Issue Resolution

• Resolve all Release Blockers (Sev0 and Sev1) by Tuesday EOD PT.
• For unresolved blockers, PRs may be reverted, or feature flags disabled to maintain release quality and timelines.

Cherry-Picking Criteria

• Only critical fixes meeting outlined criteria will be cherry-picked.
• Developers must ensure these fixes are thoroughly reviewed, tested, and merged by Tuesday EOD PT.

---

🗓️ Timeline and Milestones

1. Today (Friday): Begin Release Candidate validation.
2. Tuesday EOD PT: Finalize RC with all fixes and cherry-picks.
3. Wednesday: Buffer day for final checks.
4. Thursday: Submit release to app stores and begin rollout to 1% of users.
5. Monday: Scale deployment to 10%.
6. Tuesday: Full rollout to 100%.

---

✅ Signoff Checklist

Each team is responsible for signing off via GitHub. Use the checkbox below to track signoff completion:

Team sign-off checklist

• [x] Accounts
• [x] Assets
• [x] Confirmations
• [x] Design System
• [x] Earn
• [x] Hardware Wallets
• [x] Identity
• [x] Mobile Platform
• [x] Portfolio
• [x] Product Safety
• [x] Ramp
• [x] SDK
• [x] Snaps Platform
• [x] Solana
• [x] Swaps and Bridge
• [x] Transactions
• [x] Wallet API Platform
• [x] Wallet Framework
• [x] Wallet UX

This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀

Feel free to reach out if you have questions or need clarification.

Many thanks in advance

Reference

https://docs.google.com/spreadsheets/d/1tsoodlAlyvEUpkkcNcbZ4PM9HuC9cEM80RZeoVv5OCQ/edit?gid=1347945803#gid=1347945803

[github-actions[bot]]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security[bot]]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​lightningcss-win32-arm64-msvc@​1.27.0
	npm/​lightningcss-freebsd-x64@​1.27.0
	npm/​lightningcss-darwin-x64@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-linux-x64-gnu@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-win32-x64-msvc@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-darwin-arm64@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-linux-arm64-gnu@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-linux-arm-gnueabihf@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-linux-arm64-musl@​1.19.0 ⏵ 1.27.0
	npm/​lightningcss-linux-x64-musl@​1.19.0 ⏵ 1.27.0
	npm/​@​sentry/​cli-darwin@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-linux-arm@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-linux-arm64@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-linux-i686@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-linux-x64@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-win32-i686@​2.36.6 ⏵ 2.42.4
	npm/​@​sentry/​cli-win32-x64@​2.36.6 ⏵ 2.42.4
	npm/​node-releases@​2.0.18 ⏵ 2.0.19
	npm/​@​react-native/​gradle-plugin@​0.72.11 ⏵ 0.76.9			+5
	npm/​expo-json-utils@​0.9.0 ⏵ 0.14.0	+1			+6
	npm/​metro-cache-key@​0.76.9 ⏵ 0.81.1			-3
	npm/​expo-updates-interface@​0.12.0 ⏵ 1.0.0			-11	+7
	npm/​is-core-module@​2.16.1
	npm/​expo-dev-menu-interface@​1.4.0 ⏵ 1.9.3	+1
	npm/​@​babel/​plugin-transform-react-jsx-development@​7.25.9
	npm/​metro-minify-terser@​0.76.9 ⏵ 0.81.1			-1
	npm/​metro-babel-transformer@​0.76.9 ⏵ 0.81.1
	npm/​@​react-native/​typescript-config@​0.76.9
	npm/​@​babel/​plugin-syntax-export-default-from@​7.24.1 ⏵ 7.25.9
See 234 more rows in the dashboard

View full report

[socket-security[bot]]

[!CAUTION] Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		npm/@expo/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@expo/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native-community/[email protected] has Shell access. Module: child_process Location: Package overview From: yarn.lock → npm/@react-native-community/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native-community/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native-community/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: package.json → npm/@react-native-community/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native-community/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@wix-pilot/[email protected] → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@react-native/[email protected] → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@wix-pilot/[email protected] → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@react-native/[email protected] → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@react-native/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@wix-pilot/[email protected] → npm/@react-native/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@sentry-internal/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/@sentry-internal/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry-internal/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@sentry/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: package.json → npm/@sentry/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@viem/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: package.json → npm/@viem/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@viem/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@vscode/[email protected] has Shell access. Module: child_process Location: Package overview From: yarn.lock → npm/@vscode/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@vscode/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Native code. Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Shell access. Module: child_process Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Network access. Module: net Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Network access. Module: http Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Shell access. Module: child_process Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Shell access. Module: child_process Location: Package overview From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@expo/[email protected] has a New author. New Author: evanbacon Previous Author: brentvatne From: yarn.lock → npm/@expo/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@expo/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@sideway/[email protected] has a New author. New Author: marsup Previous Author: hueniverse From: yarn.lock → npm/@sideway/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sideway/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has a New author. New Author: gabrieldonadel Previous Author: lukmccall From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 6 more rows in the dashboard

View full report

[sethkfman]

@metamaskbot update-attributions

[metamaskbot]

Attributions update failed. You can review the logs or retry the attributions update here

[github-actions[bot]]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 2128a92902ca6d86e18982a85b948009b7a6f7ed Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/5f562250-4a5c-4911-9d2e-38d7e4e1ff88

[!NOTE]

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[!TIP]

• Check the documentation if you have any doubts on how to understand the failure on bitrise

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 88.46154% with 3 lines in your changes missing coverage. Please review.

Please upload report for BASE (stable@c56ec84). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...nt-library/components/Form/TextField/TextField.tsx	89.47%	0 Missing and 2 partials :warning:
...ggregatedPercentage/NonEvmAggregatedPercentage.tsx	50.00%	0 Missing and 1 partial :warning:

Additional details and impacted files

@@            Coverage Diff            @@
##             stable   #15256   +/-   ##
=========================================
  Coverage          ?   68.93%           
=========================================
  Files             ?     2387           
  Lines             ?    51670           
  Branches          ?     7744           
=========================================
  Hits              ?    35620           
  Misses            ?    13787           
  Partials          ?     2263           

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

• :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sethkfman]

@metamaskbot update-attributions

[metamaskbot]

Attributions updated

[github-actions[bot]]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 353bd9d5be7f2d36c51ba6d3b7388b169c9bd0eb Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/e218e08e-6d18-40fa-b6fc-0f61ae7aa590

[!NOTE]

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[!TIP]

• Check the documentation if you have any doubts on how to understand the failure on bitrise

[sonarqubecloud[bot]]

Quality Gate passed

Issues
24 New issues
1 Accepted issue

Measures
0 Security Hotspots
84.8% Coverage on New Code
0.6% Duplication on New Code

See analysis details on SonarQube Cloud

[tommasini]

api specs e2e failures are known, let's merge this: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/f1e0ab0f-559b-454f-9f82-37d07deaf3b5