metamask-mobile
metamask-mobile copied to clipboard
MetaMask
fix(devDeps): ganache@^7.7.7->^7.9.2
Description
Related issues
Fixes:
Manual testing steps
- Go to this page...
Screenshots/Recordings
Before
After
Pre-merge author checklist
- [ ] I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using JSDoc format if applicable
- [ ] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Bitrise
❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌
Commit hash: 2cbf686df42d5ba0f6d294f7469862bdbbbfa53b Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/b3074aa5-f175-4cdb-8fc5-8dd6e2e6d3e2
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Bitrise
❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌
Commit hash: 3a31552d8777215367b8dd1da910217fa603c528 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/4b6b410d-7270-472b-8186-a8076b686ef6
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/[email protected] | environment, filesystem, network | +37 |
186 MB | truffle-cicd |
| npm/[email protected] | Transitive: filesystem, network, shell | +5 |
1.94 MB | darrachequesne |
🚮 Removed packages: npm/[email protected], npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Ignoring: npm/@rushstack/[email protected], npm/@trufflesuite/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]
Next steps
What is a CVE?
Contains a high severity Common Vulnerability and Exposure (CVE).
Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.
What is a critical CVE?
Contains a Critical Common Vulnerability and Exposure (CVE).
Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.
What is network access?
This module accesses the network.
Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/[email protected]
Bitrise
❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌
Commit hash: e28061652e25be6a5517e3d71f4f0cfeabed1f65 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/a7040e58-3951-4cd4-848e-9ed27d7174be
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Bitrise
🔄🔄🔄 pr_smoke_e2e_pipeline started on Bitrise...🔄🔄🔄
Commit hash: 0e0aa1dcde77032775cc7b3fe111f73b71d35994 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/40cb9d42-5d42-47b0-84f7-57d257333595
[!NOTE]
- This comment will auto-update when build completes
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Bitrise
✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅
Commit hash: 0b34cb55c4792ee21e1bcd629bd03febcd9a63e2 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/bbc7a7fd-bff5-4632-a5a4-e2bda1c4545e
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
@SocketSecurity ignore npm/[email protected]
prev author lukekarrys, new author gar(npm)/wraithgar(gh) ok
network access (module: globalThis["fetch"])
we likely want to resolve to v1.0.6 to include remove some code for SES envrionments
network access (module: globalThis["fetch"])
we likely want to resolve to v1.3.0 https://socket.dev/npm/package/mcl-wasm/overview/1.3.0 where network access has been removed
Bitrise
❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌
Commit hash: 5abdd6a8bb1ab432d806d046fbc211e4edf7c1ea Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/08b834ae-4dbe-498f-adb5-d0d44156a4a5
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Bitrise
✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅
Commit hash: 80890c627319cb79072e01ce7244b5bb0bfe6cd8 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/1c4c9d3c-cde3-4d24-a9fc-bebae9e23389
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Bitrise
✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅
Commit hash: 2ecd27cc4131bc341238aabb397a24a9ba6f4c79 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/2c4b4dc9-8f81-41cb-aa50-896203a2b459
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}