metamask-extension
metamask-extension copied to clipboard
MetaMask
PPOM version update to fetch files only when transaction is received
Description
Related issues
Fixes:
Manual testing steps
- Go to this page...
Screenshots/Recordings
Before
After
Pre-merge author checklist
- [ ] I’ve followed MetaMask Coding Standards.
- [ ] I've clearly explained what problem this PR is solving and how it is solved.
- [ ] I've linked related issues
- [ ] I've included manual testing steps
- [ ] I've included screenshots/recordings if applicable
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using JSDoc format if applicable
- [ ] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
- [ ] I’ve properly set the pull request status:
- [ ] In case it's not yet "ready for review", I've set it to "draft".
- [ ] In case it's "ready for review", I've changed it from "draft" to "non-draft".
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@metamask/[email protected] | Transitive: environment, filesystem, network, shell, unsafe | +144 |
25.2 MB | brad.decker, danfinlay, gudahtt, ...9 more |
🚮 Removed packages: npm/@metamask/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/@metamask/[email protected]
Next steps
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
I'm gonna unblock this PR before I go offline (the only way to do it myself was to approve, sorry) but I would like to handle the privacy impact at least by surfacing to the user that something is being sent.
hi there :wave: from QA I see the following behaviour, which I think it is expected:
- switching to a new network does not trigger any CDN request
- starting a transaction/signature triggers a
HEADrequest- if it's the 1st transaction/signature in that network (there is no data in the ppom-db for that net), the subsequent cdn requests are made to get the config, stale and stale_diff data
- if it's not the 1st transaction in that network, and there are no updates, no subsequent cdn requests are made
https://github.com/MetaMask/metamask-extension/assets/54408225/da6380de-b887-4bb7-8fd2-5c9365ff6c31
https://github.com/MetaMask/metamask-extension/assets/54408225/b11d370f-c866-4182-98d6-657156e21575
@jpuri let me know if this sounds good too :pray:
@seaona : Thanks a lot for the findings. Yep that is expected behaviour. Also will be useful to test how it works if there are updates. As I know CDN is daily updated, may be we can leave the extension instance for a day and test after 24 hours to check this.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
afb1b66) 68.49% compared to head (8d12e36) 68.49%.
Additional details and impacted files
@@ Coverage Diff @@
## develop #23001 +/- ##
========================================
Coverage 68.49% 68.49%
========================================
Files 1090 1090
Lines 43133 43133
Branches 11501 11501
========================================
Hits 29541 29541
Misses 13592 13592
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Builds ready [8d12e36]
- builds: chrome, firefox
- builds (beta): chrome
- builds (flask): chrome, firefox
- builds (MMI): chrome, firefox
- builds (test): chrome, firefox
- builds (test-flask): chrome, firefox
- build viz: Build System
- mv3: Background Module Init Stats
- mv3: UI Init Stats
- mv3: Module Load Stats
- mv3: Bundle Size Stats
- mv2: E2e Actions Stats
- code coverage: Report
- storybook: Storybook
- typescript migration: Dashboard
- all artifacts
Page Load Metrics (1885 ± 108 ms)
| Platform | Page | Metric | Min (ms) | Max (ms) | Average (ms) | StandardDeviation (ms) | MarginOfError (ms) |
|---|---|---|---|---|---|---|---|
| Chrome | Home | firstPaint | 97 | 211 | 153 | 37 | 18 |
| domContentLoaded | 10 | 55 | 26 | 15 | 7 | ||
| load | 1604 | 2537 | 1885 | 226 | 108 | ||
| domInteractive | 10 | 55 | 26 | 15 | 7 |
Bundle size diffs [🚀 Bundle size reduced!]
- background: -4.73 KiB (-0.12%)
- ui: 0 Bytes (0.00%)
- common: -15 Bytes (-0.00%)