Merge branch 'main' into feat/subscription-crypto-add-fund-after-check

Author: tuna1207

.eslintrc.js

@@ -377,7 +377,7 @@ module.exports = {
         'react/prop-types': 'off',
         'react/no-children-prop': 'off',
         'react/jsx-key': 'warn', // TODO - increase this into 'error' level
-        'react-hooks/rules-of-hooks': 'warn', // TODO - increase this into 'error' level
+        'react-hooks/rules-of-hooks': 'error',
       },
       settings: {
         react: {

.github/CODEOWNERS

@@ -165,14 +165,16 @@ app/scripts/lib/smart-transaction                 @MetaMask/transactions
 shared/lib/multichain/addresses/* @MetaMask/new-networks
 
 # QA Team - E2E Framework
-test/e2e/page-objects/                    @MetaMask/qa
-test/e2e/seeder/                          @MetaMask/qa
-test/e2e/default-fixture.js               @MetaMask/qa
-test/e2e/fixture-builder.js               @MetaMask/qa
-test/e2e/fixture-server.js                @MetaMask/qa
-test/e2e/helpers.js                       @MetaMask/qa
-test/e2e/mock-e2e-allowlist.js            @MetaMask/qa
-test/e2e/mock-e2e.js                      @MetaMask/qa
+test/e2e/page-objects/                            @MetaMask/qa
+test/e2e/seeder/                                  @MetaMask/qa
+test/e2e/default-fixture.js                       @MetaMask/qa
+test/e2e/fixture-builder.js                       @MetaMask/qa
+test/e2e/fixture-server.js                        @MetaMask/qa
+test/e2e/helpers.js                               @MetaMask/qa
+test/e2e/mock-e2e-allowlist.js                    @MetaMask/qa
+test/e2e/mock-e2e.js                              @MetaMask/qa
+test/e2e/tests/settings/state-logs-helpers.ts     @MetaMask/qa
+test/e2e/tests/settings/state-logs.json           @MetaMask/qa @MetaMask/extension-privacy-reviewers
 
 # Wallet Integrations
 app/scripts/lib/rpc-method-middleware                                 @MetaMask/wallet-integrations

.github/workflows/run-benchmarks.yml

@@ -13,7 +13,7 @@ env:
   COMMANDS: |
     {
       standardHome: 'yarn tsx test/e2e/benchmarks/benchmark.ts --out test-artifacts/benchmarks/benchmark-{0}-{1}-standardHome.json --retries 2',
-      powerUserHome: 'yarn tsx test/e2e/benchmarks/benchmark.ts --persona powerUser --browserLoads 4 --pageLoads 4 --out test-artifacts/benchmarks/benchmark-{0}-{1}-powerUserHome.json --retries 2',
+      powerUserHome: 'yarn tsx test/e2e/benchmarks/benchmark.ts --persona powerUser --browserLoads 10 --pageLoads 10 --out test-artifacts/benchmarks/benchmark-{0}-{1}-powerUserHome.json --retries 2',
       userActions: 'yarn tsx test/e2e/benchmarks/user-actions-benchmark.ts --out test-artifacts/benchmarks/benchmark-{0}-{1}-userActions.json --retries 2',
     }
 
@@ -22,6 +22,11 @@ jobs:
     if: ${{ github.event_name != 'merge_group' }} # Skip this job for the Merge Queue
     runs-on: ubuntu-22.04
     timeout-minutes: 30
+    container:
+      image: ghcr.io/metamask/metamask-extension-e2e-image:v24.11.0
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     strategy:
       fail-fast: false
       matrix:
@@ -31,7 +36,7 @@ jobs:
     name: ${{ matrix.browser }}-${{ matrix.buildType }}-${{ matrix.pageType }}
     env:
       SELENIUM_BROWSER: ${{ matrix.browser }}
-      HEADLESS: true
+      HEADLESS: false
       ARTIFACT_NAME: build-test-${{ matrix.buildType }}
       OUTPUT_NAME: benchmark-${{ matrix.browser }}-${{ matrix.buildType }}-${{ matrix.pageType }}.json
       INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }}
@@ -63,6 +68,13 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }} # This is required when downloading artifacts from a different repository or from a different workflow run.
           run-id: ${{ inputs.builds-from-run }} # Download from whatever run the identify-builds job said.
 
+      - name: Configure Xvfb
+        run: Xvfb -ac :99 -screen 0 1280x1024x16 &
+
+      # TODO: Pre-install this in the container image
+      - name: Install AWS CLI (needed in the container)
+        run: sudo apt-get install python3-pip && sudo pip install awscli --break-system-packages
+
       - name: Run the benchmark
         # Choose a benchmark command from env.COMMANDS
         # Then replace the {0} placeholder with the browser, and the {1} placeholder with the buildType

.madgerc

@@ -26,9 +26,7 @@
     "ui/pages/confirmations/**",
     "ui/ducks/**",
     "ui/selectors/**",
-    "ui/hooks/**",
     "ui/store/**",
-    "ui/helpers/utils/token-util.js",
     "ui/components/multichain/**",
     "ui/components/app/**",
     "ui/components/component-library/**",

.yarnrc.yml

@@ -15,149 +15,43 @@ nodeLinker: node-modules
 npmAuditIgnoreAdvisories:
   ### Advisories:
 
-  # Issue: yargs-parser Vulnerable to Prototype Pollution
-  # URL - https://github.com/advisories/GHSA-p9pc-299p-vxgp
-  # The affected version (<5.0.0) is only included via @ensdomains/ens via
-  # 'solc' which is not used in the imports we use from this package.
-  - 1088783
-
-  # Issue: protobufjs Prototype Pollution vulnerability
-  # URL - https://github.com/advisories/GHSA-h755-8qp9-cq85
-  # Not easily patched. Minimally effects the extension due to usage of
-  # LavaMoat lockdown. Additional id added that resolves to the same advisory
-  # but has a different entry due to it being a new dependency of
-  # @trezor/connect-web. Upgrading
-  - 1092429
-  - 1095136
-
   # Issue: Regular Expression Denial of Service (ReDOS)
   # URL: https://github.com/advisories/GHSA-257v-vj4p-3w2h
   # color-string is listed as a dependency of 'color' which is brought in by
   # @metamask/jazzicon v2.0.0 but there is work done on that repository to
   # remove the color dependency. We should upgrade
   - 1089718
 
-  # Issue: semver vulnerable to Regular Expression Denial of Service
-  # URL: https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
-  # semver is used in the solidity compiler portion of @truffle/codec that does
-  # not appear to be used.
-  - 1092461
-
-  # Issue: Malware in @solana/web3.js
-  # URL: https://github.com/advisories/GHSA-2mhj-xmf4-pr8m
-  # we patched this to ensure the vulnerable versions are not included, but the advisory
-  # was mistakenly originally created to flag all versions as vulnerable
-  - 1101059
-
-  # Issue: axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
-  # URL: https://github.com/advisories/GHSA-jr5f-v2jv-69x6
-  # We are ignoring this on March 11, 2025 to unblock CI, we will follow with a proper fix or confirmation this does not affect our users
-  - 1102472
-
   # Issue: Issue: Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
-  # We are ignoring this on March 12, 2025 and April 24, 2025 to unblock CI, we will follow with a proper fix or confirmation this does not affect our users
-  - 1103026
+  # We are ignoring this on April 24, 2025 to unblock CI, we will follow with a proper fix or confirmation this does not affect our users
   - 1104001
 
-  # Issue: ses's global contour bindings leak into Compartment lexical scope
-  # URL: https://github.com/advisories/GHSA-h9w6-f932-gq62
-  # We are ignoring this on April 24, 2025 as it does not affect the codebase.
-  - 1103932
-
-  # Issue: React Router allows pre-render data spoofing on React-Router framework mode
-  # URL: https://github.com/MetaMask/metamask-extension/security/dependabot/228
-  # will be fixed in https://github.com/MetaMask/MetaMask-planning/issues/3261
-  - 1104031
-  - 1104032
-
-  # Temp fix for https://github.com/MetaMask/metamask-extension/pull/16920 for the sake of 11.7.1 hotfix
-  # This will be removed in this ticket https://github.com/MetaMask/metamask-extension/issues/22299
-  - 'ts-custom-error (deprecation)'
-  - 'text-encoding (deprecation)'
+  # Issue: `glob` vulnerability, already fixed in the version we're using (v10.5.0) but the
+  # advisory range hasn't been updated yet.
+  # URL: https://github.com/advisories/GHSA-5j98-mcp5-4vw2
+  - 1109809
 
   ### Package Deprecations:
 
   # React-tippy brings in popper.js and react-tippy has not been updated in
   # three years.
   - 'popper.js (deprecation)'
 
-  # React-router is out of date and brings in the following deprecated package
-  - 'mini-create-react-context (deprecation)'
-
-  # The affected version, which is less than 7.0.0, is brought in by
-  # ethereumjs-wallet version 0.6.5 used in the extension but only in a single
-  # file app/scripts/account-import-strategies/index.js, which may be easy to
-  # upgrade.
-  - 'uuid (deprecation)'
-
-  # @npmcli/move-file is brought in via CopyWebpackPlugin used in the storybook
-  # main.js file, which can be upgraded to remove this dependency in favor of
-  # @npmcli/fs
-  - '@npmcli/move-file (deprecation)'
-
-  # Upgrading babel will result in the following deprecated packages being
-  # updated:
-  - 'core-js (deprecation)'
-
   # Material UI dependencies are planned for removal
   - '@material-ui/core (deprecation)'
   - '@material-ui/styles (deprecation)'
-  - '@material-ui/system (deprecation)'
-
-  # @ensdomains/ens should be explored for upgrade. The following packages are
-  # deprecated and would be resolved by upgrading to newer versions of
-  # ensdomains packages:
-  - '@ensdomains/ens (deprecation)'
-  - '@ensdomains/resolver (deprecation)'
-  - 'testrpc (deprecation)'
 
   # Dependencies brought in by @truffle/decoder that are deprecated:
   - 'cids (deprecation)' # via @ensdomains/content-hash
   - 'multibase (deprecation)' # via cids
   - 'multicodec (deprecation)' # via cids
 
-  # MetaMask owned repositories brought in by other MetaMask dependencies that
-  # can be resolved by updating the versions throughout the dependency tree
-  - 'eth-sig-util (deprecation)' # via @metamask/eth-ledger-bridge-keyring
-  - '@metamask/controller-utils (deprecation)' # via @metamask/phishing-controller
-  - 'safe-event-emitter (deprecation)' # via eth-block-tracker and others
-
-  # @metamask-institutional relies upon crypto which is deprecated
-  - 'crypto (deprecation)'
-
-  # @metamask/providers uses webextension-polyfill-ts which has been moved to
-  # @types/webextension-polyfill
-  - 'webextension-polyfill-ts (deprecation)'
-
-  # Imported in @trezor/blockchain-link@npm:2.1.8, but not actually depended on
-  # by MetaMask
-  - 'ripple-lib (deprecation)'
-
-  # Brought in by ethereumjs-utils, which is used in the extension and in many
-  # other dependencies. At the time of this exclusion, the extension has three
-  # old versions of ethereumjs-utils which should be upgraded to
-  # @ethereumjs/utils throughout our owned repositories. However even doing
-  # that may be insufficient due to dependencies we do not own still relying
-  # upon old versions of ethereumjs-utils.
-  - 'ethereum-cryptography (deprecation)'
-
   # Currently in use for the network list drag and drop functionality.
   # Maintenance has stopped and the project will be archived in 2025.
   - 'react-beautiful-dnd (deprecation)'
   # New package name format for new versions: @ethereumjs/wallet.
   - 'ethereumjs-wallet (deprecation)'
 
-  # The new trezor version breaks the webpack build due to issues with ESM and CommonJS
-  # Leading to this error on start: `Uncaught ReferenceError: exports is not defined`
-  # We temporarily ignore the audit failure until we can safely upgrade to the new version without breaking the webpack build
-  # Check Trezor 9.5.X Changelog for more info: https://github.com/trezor/trezor-suite/blob/develop/packages/connect/CHANGELOG.md
-  - '@trezor/connect-web (deprecation)'
-
-  # We temporarily ignore the deprecation notice to unblock ci
-  # Issue: @solana/web3.js version 2.0 is now @solana/kit! Remove @solana/web3.js@2 from your dependencies and replace it with @solana/kit.
-  # As needed, upgrade all of your @solana-program/* dependencies to the latest versions that use Kit.
-  - '@solana/web3.js (deprecation)'
-
 plugins:
   - path: .yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs
     spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js'