MetaMask
devDeps: madge@^6.1.0 -> @lgbot/madge@^6.2.0
Explanation
Replaces madge with a fork resolving dependency issues. Significant reduction in node_modules size:
# Before
$ du -hs node_modules
2.0G node_modules
# After
$ du -hs node_modules
1.7G node_modules
It also includes the TypeScript typings, obviating the need for @types/madge and the patch.
madge is used in the ts-migration-dashboard CI job and can be run locally by yarn ts-migration:dashboard:build.
Pre-merge author checklist
- [x] I've clearly explained:
- [x] What problem this PR is solving
- [x] How this problem was solved
- [x] How reviewers can test my changes
- [x] Sufficient automated test coverage has been added
Pre-merge reviewer checklist
- [ ] Manual testing (e.g. pull and build branch, run in browser, test code being changed)
- [ ] PR is linked to the appropriate GitHub issue
- [ ] IF this PR fixes a bug in the release milestone, add this PR to the release milestone
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/@lgbot/[email protected]
Next steps
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 68.72%. Comparing base (
6e397d0) to head (2c2e6bd).
Additional details and impacted files
@@ Coverage Diff @@
## develop #20702 +/- ##
===========================================
- Coverage 68.72% 68.72% -0.00%
===========================================
Files 1124 1124
Lines 43606 43606
Branches 11669 11669
===========================================
- Hits 29967 29966 -1
- Misses 13639 13640 +1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 14 days. Thank you for your contributions.
Rebased on develop to resolve merge conflict in package.json. No other changes.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@lgbot/[email protected] | filesystem, shell | 0 |
81.3 kB | lgbot |
🚮 Removed packages: npm/@dependents/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]
No release label on PR. Adding release label release-11.14.0 on PR, as PR was added to branch 11.14.0 when release was cut.
