From 923d305ba972ae264debab75cf3f8478a305122c Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:08:55 +0100 Subject: [PATCH 1/9] Initialize Release 857.0.0 --- packages/address-book-controller/CHANGELOG.md | 9 + packages/analytics-controller/CHANGELOG.md | 8 + packages/announcement-controller/CHANGELOG.md | 11 + packages/app-metadata-controller/CHANGELOG.md | 11 + packages/approval-controller/CHANGELOG.md | 12 + packages/base-controller/CHANGELOG.md | 19 + packages/build-utils/CHANGELOG.md | 12 + .../chain-agnostic-permission/CHANGELOG.md | 8 + packages/claims-controller/CHANGELOG.md | 8 + packages/client-controller/CHANGELOG.md | 5 + packages/compliance-controller/CHANGELOG.md | 4 + packages/composable-controller/CHANGELOG.md | 19 + packages/connectivity-controller/CHANGELOG.md | 8 + packages/controller-utils/CHANGELOG.md | 4 + packages/eip-5792-middleware/CHANGELOG.md | 4 + .../CHANGELOG.md | 15 + .../CHANGELOG.md | 7 + packages/ens-controller/CHANGELOG.md | 4 + packages/error-reporting-service/CHANGELOG.md | 7 + packages/eth-block-tracker/CHANGELOG.md | 9 + packages/eth-json-rpc-middleware/CHANGELOG.md | 8 + packages/eth-json-rpc-provider/CHANGELOG.md | 9 + packages/foundryup/CHANGELOG.md | 11 + packages/gas-fee-controller/CHANGELOG.md | 4 + packages/json-rpc-engine/CHANGELOG.md | 12 +- .../json-rpc-middleware-stream/CHANGELOG.md | 34 +- packages/keyring-controller/CHANGELOG.md | 8 + packages/logging-controller/CHANGELOG.md | 8 + packages/message-manager/CHANGELOG.md | 9 + packages/messenger/CHANGELOG.md | 13 + .../multichain-api-middleware/CHANGELOG.md | 5 + packages/name-controller/CHANGELOG.md | 13 + packages/network-controller/CHANGELOG.md | 4 + .../CHANGELOG.md | 7 + packages/permission-controller/CHANGELOG.md | 7 + .../permission-log-controller/CHANGELOG.md | 14 + packages/perps-controller/CHANGELOG.md | 5 + packages/phishing-controller/CHANGELOG.md | 5 + packages/polling-controller/CHANGELOG.md | 4 + .../INVESTIGATION-401.md | 655 ++++++++++++++++++ packages/profile-sync-controller/CHANGELOG.md | 7 + packages/rate-limit-controller/CHANGELOG.md | 12 + packages/sample-controllers/CHANGELOG.md | 4 + .../CHANGELOG.md | 4 + .../selected-network-controller/CHANGELOG.md | 4 + packages/shield-controller/CHANGELOG.md | 7 + packages/storage-service/CHANGELOG.md | 7 + packages/subscription-controller/CHANGELOG.md | 8 + .../user-operation-controller/CHANGELOG.md | 4 + 49 files changed, 1060 insertions(+), 16 deletions(-) create mode 100644 packages/profile-metrics-controller/INVESTIGATION-401.md diff --git a/packages/address-book-controller/CHANGELOG.md b/packages/address-book-controller/CHANGELOG.md index d63149d6172..f84a99dd637 100644 --- a/packages/address-book-controller/CHANGELOG.md +++ b/packages/address-book-controller/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Re-enable `@typescript-eslint/prefer-optional-chain` ([#7314](https://github.com/MetaMask/core/pull/7314)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/analytics-controller/CHANGELOG.md b/packages/analytics-controller/CHANGELOG.md index 6e5a0aa0ee9..01ef60fe270 100644 --- a/packages/analytics-controller/CHANGELOG.md +++ b/packages/analytics-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/announcement-controller/CHANGELOG.md b/packages/announcement-controller/CHANGELOG.md index 010dd83339e..d1db69e9749 100644 --- a/packages/announcement-controller/CHANGELOG.md +++ b/packages/announcement-controller/CHANGELOG.md @@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Fix suppressed errors in `@metamask/accouncement-controller` ([#7630](https://github.com/MetaMask/core/pull/7630)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ## [8.0.0] ### Changed diff --git a/packages/app-metadata-controller/CHANGELOG.md b/packages/app-metadata-controller/CHANGELOG.md index 0be977bc879..67078131df7 100644 --- a/packages/app-metadata-controller/CHANGELOG.md +++ b/packages/app-metadata-controller/CHANGELOG.md @@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: remove unused `sinon` `devDependency` from 4 packages ([#7915](https://github.com/MetaMask/core/pull/7915)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ## [2.0.0] ### Changed diff --git a/packages/approval-controller/CHANGELOG.md b/packages/approval-controller/CHANGELOG.md index 44c6a2e5415..0b99fd5fe8b 100644 --- a/packages/approval-controller/CHANGELOG.md +++ b/packages/approval-controller/CHANGELOG.md @@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: remove unused `sinon` `devDependency` from 4 packages ([#7915](https://github.com/MetaMask/core/pull/7915)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/base-controller/CHANGELOG.md b/packages/base-controller/CHANGELOG.md index 58b12894418..0bdb8a728e7 100644 --- a/packages/base-controller/CHANGELOG.md +++ b/packages/base-controller/CHANGELOG.md @@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(base-controller): replace `Sinon` with `Jest` mocks ([#7962](https://github.com/MetaMask/core/pull/7962)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- Release/752.0.0 ([#7642](https://github.com/MetaMask/core/pull/7642)) +- chore(lint): Fix suppressed ESLint errors in `base-controller` package ([#7443](https://github.com/MetaMask/core/pull/7443)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- Release/687.0.0 ([#7202](https://github.com/MetaMask/core/pull/7202)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/build-utils/CHANGELOG.md b/packages/build-utils/CHANGELOG.md index e7d9bee9390..6530d572f6e 100644 --- a/packages/build-utils/CHANGELOG.md +++ b/packages/build-utils/CHANGELOG.md @@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `build-utils` package ([#7460](https://github.com/MetaMask/core/pull/7460)) +- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/chain-agnostic-permission/CHANGELOG.md b/packages/chain-agnostic-permission/CHANGELOG.md index c5bc1a1e959..4ba295ea51a 100644 --- a/packages/chain-agnostic-permission/CHANGELOG.md +++ b/packages/chain-agnostic-permission/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- feat: bump `accounts` deps + use new `AccountProvider.createAccounts` ([#7857](https://github.com/MetaMask/core/pull/7857)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/controller-utils` from `^11.17.0` to `^11.19.0` ([#7583](https://github.com/MetaMask/core/pull/7583), [#7995](https://github.com/MetaMask/core/pull/7995)) diff --git a/packages/claims-controller/CHANGELOG.md b/packages/claims-controller/CHANGELOG.md index 4282ca2ab8c..43ae373e2e0 100644 --- a/packages/claims-controller/CHANGELOG.md +++ b/packages/claims-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/profile-sync-controller` from `^27.0.0` to `^27.1.0` ([#7849](https://github.com/MetaMask/core/pull/7849)) diff --git a/packages/client-controller/CHANGELOG.md b/packages/client-controller/CHANGELOG.md index f9fdba129a0..d0c834c03e1 100644 --- a/packages/client-controller/CHANGELOG.md +++ b/packages/client-controller/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) + ## [1.0.0] ### Added diff --git a/packages/compliance-controller/CHANGELOG.md b/packages/compliance-controller/CHANGELOG.md index 70286bdf42f..41ff8607c1e 100644 --- a/packages/compliance-controller/CHANGELOG.md +++ b/packages/compliance-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [1.0.1] ## [1.0.0] diff --git a/packages/composable-controller/CHANGELOG.md b/packages/composable-controller/CHANGELOG.md index e450350d850..8642b726906 100644 --- a/packages/composable-controller/CHANGELOG.md +++ b/packages/composable-controller/CHANGELOG.md @@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(composable-controller): replace `Sinon` with `Jest` mocks ([#7964](https://github.com/MetaMask/core/pull/7964)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- Release/752.0.0 ([#7642](https://github.com/MetaMask/core/pull/7642)) +- chore(lint): Fix suppressed ESLint errors in `composable-controller` package ([#7462](https://github.com/MetaMask/core/pull/7462)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- Release/687.0.0 ([#7202](https://github.com/MetaMask/core/pull/7202)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ## [12.0.0] ### Changed diff --git a/packages/connectivity-controller/CHANGELOG.md b/packages/connectivity-controller/CHANGELOG.md index 72bfa6f8965..4d31f3b4239 100644 --- a/packages/connectivity-controller/CHANGELOG.md +++ b/packages/connectivity-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Added - Add `init` method to asynchronously fetch and set the initial connectivity status from the adapter ([#7679](https://github.com/MetaMask/core/pull/7679)) diff --git a/packages/controller-utils/CHANGELOG.md b/packages/controller-utils/CHANGELOG.md index 42f17286cda..b3dfc563bba 100644 --- a/packages/controller-utils/CHANGELOG.md +++ b/packages/controller-utils/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [11.19.0] ### Added diff --git a/packages/eip-5792-middleware/CHANGELOG.md b/packages/eip-5792-middleware/CHANGELOG.md index 80e8e612971..354c19f6fc8 100644 --- a/packages/eip-5792-middleware/CHANGELOG.md +++ b/packages/eip-5792-middleware/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: mark getAccounts → getPermittedAccountsForOrigin rename as breaking in eip-5792-middleware changelog ([#8060](https://github.com/MetaMask/core/pull/8060)) + ### Changed - Bump `@metamask/transaction-controller` from `^62.19.0` to `^62.21.0` ([#8104](https://github.com/MetaMask/core/pull/8104)), ([#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md b/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md index 7d7cf3a33d9..babc2f89b1e 100644 --- a/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md +++ b/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md @@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `eip-7702-internal-rpc-middleware` package ([#7476](https://github.com/MetaMask/core/pull/7476)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) +- Release/650.0.0 ([#7003](https://github.com/MetaMask/core/pull/7003)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/eip1193-permission-middleware/CHANGELOG.md b/packages/eip1193-permission-middleware/CHANGELOG.md index 8fd45d27b1c..bffe2df4bf7 100644 --- a/packages/eip1193-permission-middleware/CHANGELOG.md +++ b/packages/eip1193-permission-middleware/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/ens-controller/CHANGELOG.md b/packages/ens-controller/CHANGELOG.md index 34722c1ce0c..02a4b2fbf69 100644 --- a/packages/ens-controller/CHANGELOG.md +++ b/packages/ens-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [19.0.3] ### Changed diff --git a/packages/error-reporting-service/CHANGELOG.md b/packages/error-reporting-service/CHANGELOG.md index 30bd6cda37d..4e10f3e8ddd 100644 --- a/packages/error-reporting-service/CHANGELOG.md +++ b/packages/error-reporting-service/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ## [3.0.1] ### Changed diff --git a/packages/eth-block-tracker/CHANGELOG.md b/packages/eth-block-tracker/CHANGELOG.md index ae0f0a89d1a..1483e8e2592 100644 --- a/packages/eth-block-tracker/CHANGELOG.md +++ b/packages/eth-block-tracker/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ## [15.0.1] ### Changed diff --git a/packages/eth-json-rpc-middleware/CHANGELOG.md b/packages/eth-json-rpc-middleware/CHANGELOG.md index 3cc7f136156..d6f9a705581 100644 --- a/packages/eth-json-rpc-middleware/CHANGELOG.md +++ b/packages/eth-json-rpc-middleware/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- fix: Clone `JsonRpcEngineV2` results to prevent returning frozen objects ([#8077](https://github.com/MetaMask/core/pull/8077)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- Release/825.0.0 ([#7996](https://github.com/MetaMask/core/pull/7996)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.1` to `^10.2.3` ([#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/eth-json-rpc-provider/CHANGELOG.md b/packages/eth-json-rpc-provider/CHANGELOG.md index 857f7333d9a..322a40dff6f 100644 --- a/packages/eth-json-rpc-provider/CHANGELOG.md +++ b/packages/eth-json-rpc-provider/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `eth-json-rpc-provider` package ([#7497](https://github.com/MetaMask/core/pull/7497)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/foundryup/CHANGELOG.md b/packages/foundryup/CHANGELOG.md index f6ce1417dc3..900cdcbd067 100644 --- a/packages/foundryup/CHANGELOG.md +++ b/packages/foundryup/CHANGELOG.md @@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ## [1.0.1] ### Fixed diff --git a/packages/gas-fee-controller/CHANGELOG.md b/packages/gas-fee-controller/CHANGELOG.md index 8b11eeb249b..fefa5b9b4ab 100644 --- a/packages/gas-fee-controller/CHANGELOG.md +++ b/packages/gas-fee-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [26.0.3] ### Changed diff --git a/packages/json-rpc-engine/CHANGELOG.md b/packages/json-rpc-engine/CHANGELOG.md index f6208f42f22..05c45ed72ef 100644 --- a/packages/json-rpc-engine/CHANGELOG.md +++ b/packages/json-rpc-engine/CHANGELOG.md @@ -305,9 +305,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [7.2.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.1.1...@metamask/json-rpc-engine@7.2.0 [7.1.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.1.0...@metamask/json-rpc-engine@7.1.1 [7.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.0.0...@metamask/json-rpc-engine@7.1.0 -[7.0.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@6.1.0...@metamask/json-rpc-engine@7.0.0 -[6.1.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@6.0.0...json-rpc-engine@6.1.0 -[6.0.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.4.0...json-rpc-engine@6.0.0 -[5.4.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.3.0...json-rpc-engine@5.4.0 -[5.3.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.2.0...json-rpc-engine@5.3.0 -[5.2.0]: https://github.com/MetaMask/core/releases/tag/json-rpc-engine@5.2.0 +[7.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@6.1.0...@metamask/json-rpc-engine@7.0.0 +[6.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@6.0.0...@metamask/json-rpc-engine@6.1.0 +[6.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.4.0...@metamask/json-rpc-engine@6.0.0 +[5.4.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.3.0...@metamask/json-rpc-engine@5.4.0 +[5.3.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.2.0...@metamask/json-rpc-engine@5.3.0 +[5.2.0]: https://github.com/MetaMask/core/releases/tag/@metamask/json-rpc-engine@5.2.0 diff --git a/packages/json-rpc-middleware-stream/CHANGELOG.md b/packages/json-rpc-middleware-stream/CHANGELOG.md index b135bfdc0c0..86b4c7b411b 100644 --- a/packages/json-rpc-middleware-stream/CHANGELOG.md +++ b/packages/json-rpc-middleware-stream/CHANGELOG.md @@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `json-rpc-middleware-stream` package ([#7463](https://github.com/MetaMask/core/pull/7463)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) @@ -224,13 +238,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [7.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.2...@metamask/json-rpc-middleware-stream@7.0.0 [6.0.2]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.1...@metamask/json-rpc-middleware-stream@6.0.2 [6.0.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.0...@metamask/json-rpc-middleware-stream@6.0.1 -[6.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@5.0.1...@metamask/json-rpc-middleware-stream@6.0.0 -[5.0.1]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@5.0.0...json-rpc-middleware-stream@5.0.1 -[5.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.3...json-rpc-middleware-stream@5.0.0 -[4.2.3]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.2...json-rpc-middleware-stream@4.2.3 -[4.2.2]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.1...json-rpc-middleware-stream@4.2.2 -[4.2.1]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.0...json-rpc-middleware-stream@4.2.1 -[4.2.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.1.0...json-rpc-middleware-stream@4.2.0 -[4.1.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.0.0...json-rpc-middleware-stream@4.1.0 -[4.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@3.0.0...json-rpc-middleware-stream@4.0.0 -[3.0.0]: https://github.com/MetaMask/core/releases/tag/json-rpc-middleware-stream@3.0.0 +[6.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@5.0.1...@metamask/json-rpc-middleware-stream@6.0.0 +[5.0.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@5.0.0...@metamask/json-rpc-middleware-stream@5.0.1 +[5.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.3...@metamask/json-rpc-middleware-stream@5.0.0 +[4.2.3]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.2...@metamask/json-rpc-middleware-stream@4.2.3 +[4.2.2]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.1...@metamask/json-rpc-middleware-stream@4.2.2 +[4.2.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.0...@metamask/json-rpc-middleware-stream@4.2.1 +[4.2.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.1.0...@metamask/json-rpc-middleware-stream@4.2.0 +[4.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.0.0...@metamask/json-rpc-middleware-stream@4.1.0 +[4.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@3.0.0...@metamask/json-rpc-middleware-stream@4.0.0 +[3.0.0]: https://github.com/MetaMask/core/releases/tag/@metamask/json-rpc-middleware-stream@3.0.0 diff --git a/packages/keyring-controller/CHANGELOG.md b/packages/keyring-controller/CHANGELOG.md index f918e01ef62..592130e6e38 100644 --- a/packages/keyring-controller/CHANGELOG.md +++ b/packages/keyring-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(keyring-controller): replace `Sinon` with `Jest` mocks ([#7965](https://github.com/MetaMask/core/pull/7965)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/keyring-api` from `^21.0.0` to `^21.5.0` ([#7857](https://github.com/MetaMask/core/pull/7857)) diff --git a/packages/logging-controller/CHANGELOG.md b/packages/logging-controller/CHANGELOG.md index b6b854f4078..63a4d2b328a 100644 --- a/packages/logging-controller/CHANGELOG.md +++ b/packages/logging-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) + ### Changed - Bump `@metamask/controller-utils` from `^11.16.0` to `^11.19.0` ([#7534](https://github.com/MetaMask/core/pull/7534), [#7583](https://github.com/MetaMask/core/pull/7583), [#7995](https://github.com/MetaMask/core/pull/7995)) diff --git a/packages/message-manager/CHANGELOG.md b/packages/message-manager/CHANGELOG.md index d9f4178ed47..6a6ca02797b 100644 --- a/packages/message-manager/CHANGELOG.md +++ b/packages/message-manager/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/messenger/CHANGELOG.md b/packages/messenger/CHANGELOG.md index 00371d21c6d..ac4bb0d8865 100644 --- a/packages/messenger/CHANGELOG.md +++ b/packages/messenger/CHANGELOG.md @@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(messenger): replace `Sinon` with `Jest` mocks ([#7959](https://github.com/MetaMask/core/pull/7959)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore: Fix suppressed lint errors in `@metamask/messenger` ([#7421](https://github.com/MetaMask/core/pull/7421)) +- chore: Re-enable `@typescript-eslint/prefer-optional-chain` ([#7314](https://github.com/MetaMask/core/pull/7314)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ## [0.3.0] ### Added diff --git a/packages/multichain-api-middleware/CHANGELOG.md b/packages/multichain-api-middleware/CHANGELOG.md index 49ee195743c..31eacd7b5f2 100644 --- a/packages/multichain-api-middleware/CHANGELOG.md +++ b/packages/multichain-api-middleware/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- Release/855.0.0 ([#8140](https://github.com/MetaMask/core/pull/8140)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/name-controller/CHANGELOG.md b/packages/name-controller/CHANGELOG.md index b822a94f617..70d5d8b797d 100644 --- a/packages/name-controller/CHANGELOG.md +++ b/packages/name-controller/CHANGELOG.md @@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) +- Release/650.0.0 ([#7003](https://github.com/MetaMask/core/pull/7003)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/network-controller/CHANGELOG.md b/packages/network-controller/CHANGELOG.md index ab316dc3f32..fc480d6a81f 100644 --- a/packages/network-controller/CHANGELOG.md +++ b/packages/network-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/notification-services-controller/CHANGELOG.md b/packages/notification-services-controller/CHANGELOG.md index bf5750cbca9..091ca6a6b76 100644 --- a/packages/notification-services-controller/CHANGELOG.md +++ b/packages/notification-services-controller/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) + ### Changed - Debounce `KeyringController:stateChange` handler to reduce redundant notification subscription calls during rapid account syncing ([#7980](https://github.com/MetaMask/core/pull/7980)) diff --git a/packages/permission-controller/CHANGELOG.md b/packages/permission-controller/CHANGELOG.md index 46262073622..b896f194496 100644 --- a/packages/permission-controller/CHANGELOG.md +++ b/packages/permission-controller/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/permission-log-controller/CHANGELOG.md b/packages/permission-log-controller/CHANGELOG.md index 7295a29619b..fd372c211b2 100644 --- a/packages/permission-log-controller/CHANGELOG.md +++ b/packages/permission-log-controller/CHANGELOG.md @@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `permission-log-controller` package ([#7489](https://github.com/MetaMask/core/pull/7489)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) +- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/perps-controller/CHANGELOG.md b/packages/perps-controller/CHANGELOG.md index 38b363d2826..2bd6cc8a380 100644 --- a/packages/perps-controller/CHANGELOG.md +++ b/packages/perps-controller/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- Release/855.0.0 ([#8140](https://github.com/MetaMask/core/pull/8140)) +- Release/847.0.0 ([#8104](https://github.com/MetaMask/core/pull/8104)) + ## [1.0.0] ### Added diff --git a/packages/phishing-controller/CHANGELOG.md b/packages/phishing-controller/CHANGELOG.md index 2ddfd9077a0..4f72b3839c1 100644 --- a/packages/phishing-controller/CHANGELOG.md +++ b/packages/phishing-controller/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(phishing-controller): replace `Sinon` with `Jest` mocks and fake timers ([#7972](https://github.com/MetaMask/core/pull/7972)) + ### Changed - Bump `@metamask/transaction-controller` from `^62.17.0` to `^62.21.0` ([#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/polling-controller/CHANGELOG.md b/packages/polling-controller/CHANGELOG.md index 116687d265d..7672121fd38 100644 --- a/packages/polling-controller/CHANGELOG.md +++ b/packages/polling-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [16.0.3] ### Changed diff --git a/packages/profile-metrics-controller/INVESTIGATION-401.md b/packages/profile-metrics-controller/INVESTIGATION-401.md new file mode 100644 index 00000000000..80af4bd6005 --- /dev/null +++ b/packages/profile-metrics-controller/INVESTIGATION-401.md @@ -0,0 +1,655 @@ +# ProfileMetricsController 401 Investigation Report + +## Table of Contents + +- [Executive Summary](#executive-summary) +- [Architecture Overview](#architecture-overview) +- [Authentication Flow](#authentication-flow) +- [Why Are We Getting 401s?](#why-are-we-getting-401s) +- [Root Causes (Detailed)](#root-causes-detailed) + - [1. Token Silently Discarded for Undefined entropySourceId](#1-token-silently-discarded-for-undefined-entropysourceid) + - [2. Bearer Token Obtained Outside the Retry Loop](#2-bearer-token-obtained-outside-the-retry-loop) + - [3. No Token Invalidation on Downstream 401](#3-no-token-invalidation-on-downstream-401) + - [4. Login Deduplication by entropySourceId Not by Identity](#4-login-deduplication-by-entropysourceid-not-by-identity) + - [5. 401s Are Retried But Never Succeed](#5-401s-are-retried-but-never-succeed) +- [How the Issues Compound](#how-the-issues-compound) +- [Can a 401 Lock the User?](#can-a-401-lock-the-user) +- [Suggested Fixes](#suggested-fixes) + +--- + +## Executive Summary + +`ProfileMetricsController` polls on a 10-second interval and calls `PUT /api/v2/profile/accounts` with a bearer token obtained from `AuthenticationController`. Approximately 60% of users are receiving HTTP 401 responses on this endpoint. + +Five compounding issues were identified in the client-side authentication and retry infrastructure. Together, they create a scenario where: + +1. An invalid/stale token can enter the system (via race conditions or expiry-edge timing). +2. That token is retried 4 times with no chance of success (token captured outside retry loop). +3. The invalid token is never evicted from cache (no invalidation on 401). +4. The polling loop keeps hitting the same stale token every 10 seconds. +5. This continues for up to 90% of the token's `expiresIn` lifetime before a refresh occurs. + +The user is **temporarily locked** (minutes to potentially hours, depending on token TTL) but **not permanently locked** -- tokens eventually expire and are refreshed. + +--- + +## Architecture Overview + +```mermaid +flowchart TD + subgraph consumers [Token Consumers on Unlock] + PMC["ProfileMetricsController
(polls every 10s)"] + PMS["ProfileMetricsService"] + BWS["BackendWebSocketService"] + NSC["NotificationServicesController"] + NSPC["NotificationServicesPushController"] + TBC["TokenBalancesController"] + BC["BridgeController"] + BSC["BridgeStatusController"] + CS["ClaimsService"] + end + + subgraph auth [Authentication Layer] + AC["AuthenticationController"] + SRP["SRPJwtBearerAuth
(flow-srp.ts)"] + OIDC["OIDC Token Endpoint
/oauth2/token"] + AuthAPI["Auth API
/api/v2/srp/login"] + end + + subgraph storage [Token Storage] + STATE["Controller State
srpSessionData"] + end + + PMC -->|"submitMetrics()"| PMS + PMS -->|"getBearerToken(entropySourceId)"| AC + BWS -->|"getBearerToken(undefined)"| AC + NSC -->|"getBearerToken(undefined)"| AC + NSPC -->|"getBearerToken(undefined)"| AC + TBC -->|"getBearerToken(undefined)"| AC + BC -->|"getBearerToken(undefined)"| AC + BSC -->|"getBearerToken(undefined)"| AC + CS -->|"getBearerToken(undefined)"| AC + AC -->|"getAccessToken()"| SRP + SRP -->|"read/write session"| STATE + SRP -->|"getNonce + authenticate"| AuthAPI + SRP -->|"exchange for access token"| OIDC + PMS -->|"PUT /profile/accounts"| ProfileAPI["Auth API
/api/v2/profile/accounts"] +``` + +Key observation: **~8 controllers** call `getBearerToken(undefined)` (no `entropySourceId`), while `ProfileMetricsService` calls `getBearerToken(entropySourceId)` with a **specific** entropy source ID. Both paths go through the same `SRPJwtBearerAuth` instance, but they are deduplicated independently. + +--- + +## Authentication Flow + +When `getBearerToken(entropySourceId?)` is called, this is the full chain of events: + +```mermaid +sequenceDiagram + participant Caller + participant AC as AuthenticationController + participant SRP as SRPJwtBearerAuth + participant State as srpSessionData + participant Snap as Message Signing Snap + participant AuthAPI as Auth API + participant OIDC as OIDC Server + participant ProfileAPI as Profile API + + Caller->>AC: getBearerToken(entropySourceId?) + AC->>AC: assertIsUnlocked() + AC->>SRP: getAccessToken(entropySourceId?) + + SRP->>State: getLoginResponse(entropySourceId?) + alt Session found and age < 90% of expiresIn + State-->>SRP: cached LoginResponse + SRP-->>AC: accessToken + AC-->>Caller: accessToken + else No session or expired + SRP->>SRP: deferredLogin(entropySourceId?) + Note over SRP: loginKey = entropySourceId ?? '__default__' + alt Ongoing login exists for this key + SRP-->>SRP: await existing promise + else No ongoing login + SRP->>Snap: getPublicKey(entropySourceId?) + Snap-->>SRP: publicKey + SRP->>AuthAPI: getNonce(publicKey) + AuthAPI-->>SRP: nonce + SRP->>Snap: signMessage("metamask:{nonce}:{publicKey}") + Snap-->>SRP: signature + SRP->>AuthAPI: authenticate(rawMessage, signature) + AuthAPI-->>SRP: authToken + profile + SRP->>OIDC: authorizeOIDC(authToken) + OIDC-->>SRP: accessToken + expiresIn + SRP->>State: setLoginResponse(result, entropySourceId?) + Note over State: BUG: if entropySourceId is
undefined, NOTHING is stored + end + SRP-->>AC: accessToken + AC-->>Caller: accessToken + end + + Caller->>ProfileAPI: PUT /profile/accounts (Bearer accessToken) + ProfileAPI-->>Caller: 200 OK or 401 Unauthorized +``` + +--- + +## Why Are We Getting 401s? + +The short answer has two parts: + +1. **What triggers the 401?** Likely one of two things (possibly both): the same user identity authenticates twice concurrently through different code paths and the server invalidates the earlier token (see below), or the token simply expires naturally and the client is caught in the edge of the 90% TTL window. + +2. **Why can't we recover?** This is the real problem. **It does not matter what causes the 401.** Whether the token was invalidated by a concurrent login, expired naturally, or was revoked server-side for any reason -- the outcome is identical. The client has no mechanism to respond to a 401 by re-authenticating. A well-behaved OAuth2 client would detect the 401, invalidate the cached token, re-authenticate, and retry with a fresh token. The current implementation does none of that. It retries with the same dead token, never tells `AuthenticationController` the token was rejected, and keeps serving the dead token from cache for up to 90% of its TTL. **The client is fundamentally unable to recover from any 401, regardless of cause.** + +Below is the most likely sequence that produces the initial 401, step by step. But keep in mind: even if the trigger is something else entirely (e.g., normal token expiry, server-side revocation), the persistence and amplification mechanisms described in Steps 4-5 apply identically. + +### Step 1 -- Wallet unlocks, multiple controllers wake up at once + +When the wallet unlocks, `KeyringController:unlock` fires. Several controllers react simultaneously: + +- **BackendWebSocketService**, **NotificationServicesPushController**, **TokenBalancesController**, and others all call `getBearerToken()` with **no** `entropySourceId` (i.e. `undefined`). +- **ProfileMetricsController** starts polling and eventually calls `getBearerToken("abc-entropy-id")` with the **specific** entropy source ID of each account batch. + +Both calls go through the same `SRPJwtBearerAuth` instance. + +### Step 2 -- Two independent logins fire for the same identity + +`SRPJwtBearerAuth.#deferredLogin` is supposed to prevent concurrent logins, but it deduplicates by `entropySourceId`, not by the actual identity (public key): + +```typescript +const loginKey = entropySourceId ?? '__default__'; +// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +// getBearerToken(undefined) → loginKey = '__default__' +// getBearerToken("abc-entropy") → loginKey = 'abc-entropy' +// +// Different keys → NOT deduplicated → two full login flows proceed. +``` + +Critically, when `"abc-entropy"` is the **primary SRP** (which it almost always is), both `getIdentifier(undefined)` and `getIdentifier("abc-entropy")` resolve to the **same public key**. Two independent login flows run against the auth server for the exact same identity: + +| Login flow | `entropySourceId` | `loginKey` | Identity (public key) | +|---|---|---|---| +| Flow A (8+ controllers) | `undefined` | `'__default__'` | Primary SRP key | +| Flow B (ProfileMetricsService) | `"abc-entropy"` | `'abc-entropy'` | Primary SRP key (same!) | + +Each flow independently calls `getNonce` -> `authenticate` -> `authorizeOIDC`, producing two distinct OIDC access tokens for the same identity. + +### Step 3 -- The auth server invalidates the earlier token + +The OIDC/auth server issues token **T1** (for flow A) and then token **T2** (for flow B) -- or vice versa depending on timing. When the server performs session rotation (standard practice for security), it invalidates the previously issued token for that identity. The token that happened to be issued first is now dead. + +> **This is the moment the 401 is born.** One of the two tokens is now server-side invalid, but the client has no idea. + +### Step 4 -- The dead token gets cached, the valid one gets discarded + +Here is where the `#setLoginResponseToState` bug makes everything worse: + +- **Flow B** (`entropySourceId = "abc-entropy"`): Token T2 is **stored** in `srpSessionData["abc-entropy"]`. This is the token ProfileMetricsController will use. +- **Flow A** (`entropySourceId = undefined`): Token T1 should be stored too, but `#setLoginResponseToState` has an `if (entropySourceId)` guard that **silently discards it** when `entropySourceId` is falsy. T1 vanishes. + +If T2 was issued first and T1 invalidated it, ProfileMetricsController is fine (it uses T2). But if T1 was issued **second** and invalidated T2, ProfileMetricsController is stuck with a dead T2 in its cache. + +Because the `undefined` path never caches its token, **every subsequent call** to `getBearerToken(undefined)` triggers a fresh login for the same identity -- continuously creating new tokens that can keep invalidating whatever ProfileMetricsController has cached. The race condition isn't a one-time event; it recurs on every poll cycle where another controller also needs a token. + +### Step 5 -- No recovery, no circuit breaker, no escape + +Once ProfileMetricsController has a dead token cached: + +1. `submitMetrics` obtains the dead token **once**, before the retry loop. +2. All 4 retry attempts use the same dead token. All return 401. +3. The `AuthenticationController` is never told the token was rejected. The dead token stays in `srpSessionData`. +4. The circuit breaker only trips on 5xx errors. 401 is invisible to it. +5. 10 seconds later, the next poll cycle starts. `getBearerToken("abc-entropy")` reads the same dead token from cache (still within the 90% TTL window). Same 401s. +6. This repeats every 10 seconds, wasting 4 requests per cycle, **for up to 90% of the token's lifetime** (potentially ~49 minutes for a 1-hour token). +7. When the token finally expires by age, a fresh login happens. If another controller races it again, the cycle restarts. + +### Visual summary + +```mermaid +flowchart LR + subgraph trigger ["THE TRIGGER"] + A["Wallet unlocks"] --> B["~8 controllers call
getBearerToken(undefined)"] + A --> C["ProfileMetricsService calls
getBearerToken('abc-entropy')"] + B --> D["Login flow A
key: '__default__'"] + C --> E["Login flow B
key: 'abc-entropy'"] + D --> F["Same public key!"] + E --> F + F --> G["Two OIDC tokens issued
for same identity"] + G --> H["Server invalidates
the earlier token"] + end + + subgraph persist ["THE PERSISTENCE"] + H --> I["Dead token cached in
srpSessionData"] + I --> J["No invalidation
on 401"] + J --> K["Retries use
same dead token"] + K --> L["Circuit breaker
ignores 401"] + L --> M["Locked for up to
90% of token TTL"] + end + + subgraph recur ["THE RECURRENCE"] + M --> N["Token expires by age"] + N --> O{"Another concurrent
login from undefined path?"} + O -->|"Yes (likely)"| H + O -->|"No"| P["Success"] + end +``` + +### Why ~60% of users? + +The 60% failure rate aligns with users who have **at least one mnemonic-based account** (the vast majority). For these users, `ProfileMetricsService` calls `getBearerToken` with a specific `entropySourceId`, while other controllers call it with `undefined`. Since `undefined` maps to the same primary SRP identity, the race condition fires. Users who only have imported/hardware accounts (no mnemonic entropy source) would use the `undefined` path exclusively -- no conflicting login keys, no race condition. But because the `undefined` path never caches its token, these users still suffer from repeated unnecessary logins (issue #1), which can cause rate limiting and transient failures, though not the persistent 401 lock. + +--- + +## Root Causes (Detailed) + +### 1. Token Silently Discarded for Undefined `entropySourceId` + +**Severity: High** | **File:** `AuthenticationController.ts` lines 286-306 + +When `#setLoginResponseToState` is called with `entropySourceId = undefined`, the entire storage operation is silently skipped: + +```typescript +async #setLoginResponseToState( + loginResponse: LoginResponse, + entropySourceId?: string, +) { + const metaMetricsId = await this.#metametrics.getMetaMetricsId(); + this.update((state) => { + if (entropySourceId) { // <-- undefined is falsy, entire block skipped + state.isSignedIn = true; + if (!state.srpSessionData) { + state.srpSessionData = {}; + } + state.srpSessionData[entropySourceId] = { + ...loginResponse, + profile: { ...loginResponse.profile, metaMetricsId }, + }; + } + // When entropySourceId is undefined: NOTHING happens. + // The token is silently discarded. isSignedIn is not set. + }); +} +``` + +**How does `undefined` get there?** + +In `ProfileMetricsController._executePoll` (line 291-292), accounts without a mnemonic entropy source are grouped under the key `'null'`: + +```typescript +entropySourceId: entropySourceId === 'null' ? null : entropySourceId, +``` + +Then in `ProfileMetricsService.submitMetrics` (line 203): + +```typescript +data.entropySourceId ?? undefined // null ?? undefined → undefined +``` + +So `getBearerToken(undefined)` is called. This also happens for the ~8 other controllers that never pass an `entropySourceId` at all (BackendWebSocketService, NotificationServicesController, TokenBalancesController, BridgeController, etc.). + +**Impact:** + +- Every `getBearerToken(undefined)` call that needs a fresh login produces a valid token, but **never caches it**. +- The companion read path (`#getLoginResponseFromState(undefined)`) tries `Object.values(srpSessionData)[0]`, which returns the first stored session (typically from `performSignIn`). If `performSignIn` hasn't been called yet, or all stored sessions have expired, there is no fallback -- a fresh login is triggered every single time. +- This causes excessive authentication traffic to the auth API, increasing the probability of hitting rate limits (429) and amplifying the race condition described in issue #4. + +--- + +### 2. Bearer Token Obtained Outside the Retry Loop + +**Severity: Critical** | **File:** `ProfileMetricsService.ts` lines 200-226 + +The bearer token is obtained **once**, before the retry policy executes, and is captured in the closure: + +```typescript +async submitMetrics(data: ProfileMetricsSubmitMetricsRequest): Promise { + // Token obtained HERE, ONCE, before retries + const authToken = await this.#messenger.call( + 'AuthenticationController:getBearerToken', + data.entropySourceId ?? undefined, + ); + await this.#policy.execute(async () => { + // All retry attempts use the SAME authToken from the closure + const url = new URL(`${this.#baseURL}/profile/accounts`); + const localResponse = await this.#fetch(url, { + method: 'PUT', + headers: { + Authorization: `Bearer ${authToken}`, // same stale token on every retry + // ... + }, + // ... + }); + if (!localResponse.ok) { + throw new HttpError(localResponse.status, /* ... */); + } + }); +} +``` + +**Impact:** + +If the token is invalid at the time of the first request, all 4 attempts (1 initial + 3 retries from the default `maxRetries = 3`) fail with 401. There is no mechanism to refresh the token between retries. + +--- + +### 3. No Token Invalidation on Downstream 401 + +**Severity: Critical** | **Files:** `flow-srp.ts` lines 174-191, `AuthenticationController.ts` lines 265-284 + +When `/api/v2/profile/accounts` returns HTTP 401, the `AuthenticationController` is **never notified**. The stale token remains in `srpSessionData` and keeps being served to callers. + +The token validity check in `#getAuthSession` is purely time-based: + +```typescript +async #getAuthSession(entropySourceId?: string): Promise { + const auth = await this.#options.storage.getLoginResponse(entropySourceId); + if (!validateLoginResponse(auth)) { + return null; + } + const currentTime = Date.now(); + const sessionAge = currentTime - auth.token.obtainedAt; + const refreshThreshold = auth.token.expiresIn * 1000 * 0.9; + + if (sessionAge < refreshThreshold) { + return auth; // Returns the token even if the server already rejects it + } + return null; +} +``` + +There is no event, callback, or messenger action that allows a consumer to signal "this token was rejected, please invalidate it." + +**Impact:** + +Once a token becomes invalid server-side (for any reason), it remains cached and returned to all callers for up to **90% of `expiresIn`**. For a 1-hour token, that is ~54 minutes of persistent 401 failures. + +--- + +### 4. Login Deduplication by `entropySourceId`, Not by Identity + +**Severity: High** | **File:** `flow-srp.ts` lines 236-260 + +The `#deferredLogin` mechanism correctly prevents concurrent logins for the **same `entropySourceId`**, but different `entropySourceId` values that resolve to the **same identity** (same public key) are treated as independent: + +```typescript +async #deferredLogin(entropySourceId?: string): Promise { + const loginKey = entropySourceId ?? '__default__'; + + const existingLogin = this.#ongoingLogins.get(loginKey); + if (existingLogin) { + return existingLogin; // Deduplicates same key + } + + const loginPromise = this.#loginWithRetry(entropySourceId); + this.#ongoingLogins.set(loginKey, loginPromise); + // ... +} +``` + +**The race condition:** + +On wallet unlock, multiple controllers subscribe to `KeyringController:unlock` and begin making requests: + +```mermaid +sequenceDiagram + participant Unlock as KeyringController:unlock + participant BWS as BackendWebSocketService + participant PMC as ProfileMetricsController + participant SRP as SRPJwtBearerAuth + participant AuthAPI as Auth API + participant OIDC as OIDC Server + + Unlock-->>BWS: unlock event + Unlock-->>PMC: unlock event (starts polling) + + par Concurrent token requests + BWS->>SRP: getAccessToken(undefined) + Note over SRP: loginKey = '__default__' + SRP->>AuthAPI: Login flow (nonce, auth, OIDC) + AuthAPI-->>SRP: Token T1 + and + PMC->>SRP: getAccessToken("abc123") + Note over SRP: loginKey = 'abc123' + Note over SRP: Different key! Not deduplicated. + SRP->>AuthAPI: Login flow (nonce, auth, OIDC) + AuthAPI-->>SRP: Token T2 + end + + Note over SRP: If "abc123" is the primary SRP,
both logins use the SAME identity
but produce DIFFERENT tokens. + Note over SRP: Server-side session rotation
could invalidate T1 when T2 is issued
(or vice versa). + + BWS->>BWS: Uses T1 (possibly revoked) + PMC->>PMC: Uses T2 (possibly revoked) +``` + +When `undefined` and a specific `entropySourceId` both map to the same underlying public key (which happens when that `entropySourceId` is the primary SRP), two independent login flows execute for the **same identity**. Depending on the OIDC server's behavior: + +- **If stateless JWTs**: both tokens are valid independently. No immediate issue, but unnecessary load. +- **If reference tokens with session rotation**: the second token issuance may invalidate the first, causing 401s for any consumer still using the first token. + +**Impact:** + +This race condition is the most likely **trigger** for the initial 401. The other issues (no invalidation, stale retries) then **amplify** the failure and **extend its duration**. + +--- + +### 5. 401s Are Retried But Never Succeed + +**Severity: Medium** | **File:** `create-service-policy.ts` lines 192-205, 276-286 + +The default service policy uses `retryFilterPolicy = handleAll`, which means **all errors** (including 401) trigger retries. However, the circuit breaker only considers errors with `httpStatus >= 500` as service failures: + +```typescript +const isServiceFailure = (error: unknown): boolean => { + if (typeof error === 'object' && error !== null && + 'httpStatus' in error && typeof error.httpStatus === 'number') { + return error.httpStatus >= 500; // 401 is NOT a service failure + } + return true; +}; +``` + +`ProfileMetricsService` uses default policy options (`policyOptions = {}`), so: + +- **Retry policy**: `handleAll` with `maxRetries = 3` -- 401s ARE retried (4 total attempts), all with the same stale token. +- **Circuit breaker**: `handleWhen(isServiceFailure)` with `maxConsecutiveFailures = 12` -- 401s do NOT count toward the circuit breaker. The breaker **never opens** for 401s. + +**Impact:** + +Each 10-second poll cycle that encounters a 401 wastes 4 HTTP requests (with exponential backoff delays), and the circuit breaker never intervenes. This continues indefinitely until the token expires naturally. + +--- + +## How the Issues Compound + +The five issues create a cascading failure loop: + +```mermaid +flowchart TD + A["Wallet Unlock"] --> B["Multiple controllers call
getBearerToken() concurrently"] + B --> C{"Race condition:
same identity, different keys"} + C -->|"Two logins for same identity"| D["Server may rotate session,
invalidating first token"] + D --> E["Stale token T1 cached in
srpSessionData"] + E --> F["ProfileMetricsService.submitMetrics()
obtains T1 ONCE, before retries"] + F --> G["PUT /profile/accounts with T1"] + G --> H["401 Unauthorized"] + H --> I["Retry with same T1
(3 more times)"] + I --> H + I -->|"All retries exhausted"| J["Error logged,
batch stays in syncQueue"] + J --> K["Next poll (10s later)"] + K --> L["getBearerToken() returns
same cached stale T1"] + L --> F + K -.->|"Eventually: sessionAge > 90% expiresIn"| M["Token considered expired"] + M --> N["Fresh login, new token"] + N --> O{"Another concurrent login
from different controller?"} + O -->|Yes| D + O -->|No| P["PUT succeeds, batch removed"] +``` + +**Timeline of a typical failure cycle:** + +1. **T=0s**: Wallet unlocks. BackendWebSocketService calls `getBearerToken(undefined)`, ProfileMetricsController starts polling. +2. **T=0-2s**: Two concurrent logins for the same identity (keys `'__default__'` and `"primary-srp-id"`). Server issues T1 and T2. T1 may be invalidated. +3. **T=10s**: First poll. `submitMetrics` obtains T1 (still cached, age < 90% threshold). PUT fails with 401. Retried 3 more times. All fail. +4. **T=20s, 30s, ...**: Same cycle repeats every 10 seconds. 4 wasted requests per cycle. +5. **T = 90% of expiresIn**: Token T1 finally expires in cache. Fresh login produces T3. +6. **T = 90% + 10s**: If no concurrent login interferes, PUT succeeds. If another controller triggers a concurrent login, the cycle may restart. + +--- + +## Can a 401 Lock the User? + +### Temporary Lock: YES + +A 401-producing token remains cached in `srpSessionData` until the time-based expiry threshold is reached (`sessionAge > expiresIn * 1000 * 0.9`). During this window: + +- Every call to `getBearerToken(entropySourceId)` returns the same stale token. +- Every `submitMetrics` call fails with 401 (4 attempts each). +- Failed batches remain in `syncQueue` and are retried on the next poll cycle. + +**Lock duration** = remaining time until 90% of `expiresIn` from `obtainedAt`. + +For example, if the OIDC token has `expiresIn = 3600` (1 hour) and is invalidated at T=5 minutes: +- Remaining lock = `(3600 * 0.9) - 300` = **2940 seconds (~49 minutes)** of continuous 401 failures. + +### Permanent Lock: NO + +There is no persistent error state that prevents future authentication: + +- `syncQueue` retains failed batches -- they are always retried. +- Tokens eventually expire and trigger fresh logins. +- `performSignOut()` clears `srpSessionData`, and new logins start fresh. +- No error counter or flag gates future `getBearerToken` calls. + +### Repeating Lock: POSSIBLE + +If the conditions that caused the initial 401 (concurrent logins for the same identity) recur on each token refresh, the user can enter a repeating cycle: + +1. Token refreshed -> concurrent login invalidates it -> 401 for ~90% of TTL +2. Token refreshed again -> same thing happens -> another ~90% TTL lock +3. Repeat + +This would make `ProfileMetricsController` **effectively non-functional** for the affected user, even though there is no formal "lock" state. + +--- + +## Suggested Fixes + +### Implemented: Resolve `undefined` `entropySourceId` at the `AuthenticationController` boundary + +**Priority: Critical** | **Files:** `AuthenticationController.ts`, `flow-srp.ts`, `authentication.ts`, `flow-siwe.ts` + +**Status: Implemented** -- This single fix addresses root causes #1 (token silently discarded) and #4 (dedup race condition) with **zero consumer code changes**. + +#### The approach + +Instead of fixing the storage bug and deduplication race separately, we resolve `undefined` `entropySourceId` to the actual primary SRP entropy source ID at the earliest possible point -- inside `AuthenticationController`, before it reaches `SRPJwtBearerAuth`. + +A new private method `#getPrimaryEntropySourceId()` resolves the primary entropy source ID by calling the message-signing snap's `getAllPublicKeys` method (which always returns the primary SRP as the first entry). The result is cached in memory for the lifetime of the controller instance. + +```typescript +#cachedPrimaryEntropySourceId?: string; + +async #getPrimaryEntropySourceId(): Promise { + if (this.#cachedPrimaryEntropySourceId) { + return this.#cachedPrimaryEntropySourceId; + } + const allPublicKeys = await this.#snapGetAllPublicKeys(); + this.#cachedPrimaryEntropySourceId = allPublicKeys[0][0]; + return this.#cachedPrimaryEntropySourceId; +} +``` + +`getBearerToken`, `getSessionProfile`, and `getUserProfileLineage` all resolve `undefined` before delegating: + +```typescript +public async getBearerToken(entropySourceId?: string): Promise { + this.#assertIsUnlocked('getBearerToken'); + const resolvedId = + entropySourceId ?? (await this.#getPrimaryEntropySourceId()); + return await this.#auth.getAccessToken(resolvedId); +} +``` + +#### Why this works + +This single change implicitly fixes the two root causes that **trigger** the 401s: + +1. **Storage bug (root cause #1) eliminated**: `#setLoginResponseToState` always receives a defined `entropySourceId` now, so the `if (entropySourceId)` guard always passes. Tokens are always stored. `isSignedIn` is always set. + +2. **Dedup race (root cause #4) eliminated**: `getBearerToken(undefined)` and `getBearerToken("primary-srp-id")` now resolve to the same concrete ID before reaching `SRPJwtBearerAuth`. The `#deferredLogin` deduplication key is the same for both, so only one login fires. No more two-token race against the OIDC server. + +3. **Zero consumer changes**: All callers (`ProfileMetricsService`, `BackendWebSocketService`, `NotificationServicesController`, etc.) continue passing `undefined` or specific IDs as before. The resolution is entirely internal to `AuthenticationController`. + +#### Design note: why not use `srpSessionData` as a fast path? + +An earlier version tried to use `Object.keys(srpSessionData)[0]` as a fast path before falling back to the snap. This was rejected because if a secondary SRP authenticates first (e.g., `ProfileMetricsController` processes secondary SRP accounts before the primary), the first key in `srpSessionData` would be the secondary SRP -- not the primary. The snap's `getAllPublicKeys` is the only authoritative source for which SRP is primary. + +### Fix 2: Client-side JWT `exp` claim validation + +**Files changed**: `flow-srp.ts`, `flow-siwe.ts`, `validate-login-response.ts` + +Backend analysis confirmed that the 401s are caused by **expired tokens** -- some as old as 6 months -- being sent from recent extension versions. The client-side TTL check (`obtainedAt`/`expiresIn`) should prevent this, but can be bypassed if the persisted `expiresIn` value is corrupted to an astronomically large number. There is no runtime validation at any stage of the `srpSessionData` hydration chain (OIDC response → state storage → restoration from `chrome.storage.local`). + +As a robust defensive measure, `#getAuthSession` in both `SRPJwtBearerAuth` and `SIWEJwtBearerAuth` now decodes the JWT's `exp` claim and rejects tokens that have actually expired, regardless of what `obtainedAt`/`expiresIn` say: + +```typescript +// In validate-login-response.ts +export function isAccessTokenExpired(accessToken: string): boolean { + try { + const parts = accessToken.split('.'); + if (parts.length !== 3) { + return true; + } + const base64 = (parts[1] as string) + .replace(/-/gu, '+') + .replace(/_/gu, '/'); + const { exp } = JSON.parse(atob(base64)); + return typeof exp !== 'number' || exp * 1000 <= Date.now(); + } catch { + return true; + } +} +``` + +Used in `#getAuthSession` after the existing TTL check passes: + +```typescript +if (sessionAge < refreshThreshold) { + if (isAccessTokenExpired(auth.token.accessToken)) { + return null; // JWT actually expired — force fresh login + } + return auth; +} +``` + +#### Why this works + +- Acts as a "belt-and-suspenders" guard: even if `expiresIn` is corrupted and the TTL check passes, the JWT's own `exp` claim (set by the OIDC server) provides ground truth. +- No changes to persistence behavior (`srpSessionData` remains persisted). +- No consumer code changes required. +- Gracefully handles malformed tokens (missing `exp`, bad base64, wrong structure) by treating them as expired. + +### Remaining: Consumer-side hardening (future work) + +The remaining root causes (#2, #3, #5) relate to how consumers handle 401s **after** they occur. With the fixes above, the primary triggers for 401s are eliminated, but these consumer-side improvements would provide defense-in-depth against any future source of token invalidation (server-side revocation, natural expiry edge cases, etc.): + +- **Root cause #2** (token outside retry loop): Move token acquisition inside `policy.execute()` in `ProfileMetricsService.submitMetrics` so each retry gets a fresh token. +- **Root cause #3** (no invalidation on 401): Add an `invalidateToken` messenger action to `AuthenticationController` that consumers can call when they receive a 401, forcing a fresh login on the next `getBearerToken` call. +- **Root cause #5** (401 retried with same token): Either exclude 401 from retries (if token stays outside the loop) or let retries naturally succeed (if token moves inside the loop per fix #2). + +These are lower priority now that the triggers are eliminated, but should be addressed for robustness. + +--- + +## Summary Table + +| Issue | Type | Severity | Causes 401? | Extends 401? | Status | +|-------|------|----------|-------------|--------------|--------| +| Token discarded for `undefined` entropySourceId | Bug | High | Indirectly (excess logins) | No | **Fixed** -- resolve `undefined` to primary ID | +| Dedup by entropySourceId not identity | Race condition | High | Yes (trigger) | No | **Fixed** -- same resolution eliminates the race | +| Stale cached tokens bypass TTL check | Bug | Critical | Yes (direct cause) | Yes | **Fixed** -- JWT `exp` claim validation | +| Token outside retry loop | Design flaw | Critical | No | Yes (4x amplification) | Future work | +| No invalidation on 401 | Design flaw | Critical | No | Yes (lock for 90% TTL) | Future work | +| 401 retried with same token | Design flaw | Medium | No | Yes (wastes requests) | Future work | diff --git a/packages/profile-sync-controller/CHANGELOG.md b/packages/profile-sync-controller/CHANGELOG.md index e81fbf41bed..dc3e463e061 100644 --- a/packages/profile-sync-controller/CHANGELOG.md +++ b/packages/profile-sync-controller/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- feat: bump `accounts` deps + use new `AccountProvider.createAccounts` ([#7857](https://github.com/MetaMask/core/pull/7857)) + ### Added - Expose missing public `UserStorageController` methods through its messenger ([#7976](https://github.com/MetaMask/core/pull/7976/)) diff --git a/packages/rate-limit-controller/CHANGELOG.md b/packages/rate-limit-controller/CHANGELOG.md index 9538c7cb4f7..eb787d76e55 100644 --- a/packages/rate-limit-controller/CHANGELOG.md +++ b/packages/rate-limit-controller/CHANGELOG.md @@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) +- chore(lint): Fix suppressed ESLint errors in `rate-limit-controller` package ([#7431](https://github.com/MetaMask/core/pull/7431)) +- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) +- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) +- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) +- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) + ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/sample-controllers/CHANGELOG.md b/packages/sample-controllers/CHANGELOG.md index c94d2034643..73066f207a7 100644 --- a/packages/sample-controllers/CHANGELOG.md +++ b/packages/sample-controllers/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [4.0.3] ### Changed diff --git a/packages/seedless-onboarding-controller/CHANGELOG.md b/packages/seedless-onboarding-controller/CHANGELOG.md index 64ce4032900..4590038b532 100644 --- a/packages/seedless-onboarding-controller/CHANGELOG.md +++ b/packages/seedless-onboarding-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ## [8.1.0] ### Changed diff --git a/packages/selected-network-controller/CHANGELOG.md b/packages/selected-network-controller/CHANGELOG.md index 3415f438df3..c48087bc11e 100644 --- a/packages/selected-network-controller/CHANGELOG.md +++ b/packages/selected-network-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/shield-controller/CHANGELOG.md b/packages/shield-controller/CHANGELOG.md index 582dc331538..2e6f31fd5b6 100644 --- a/packages/shield-controller/CHANGELOG.md +++ b/packages/shield-controller/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) +- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) + ### Changed - Bump `@metamask/transaction-controller` from `^62.12.0` to `^62.21.0` ([#7802](https://github.com/MetaMask/core/pull/7802), [#7832](https://github.com/MetaMask/core/pull/7832), [#7854](https://github.com/MetaMask/core/pull/7854), [#7872](https://github.com/MetaMask/core/pull/7872), [#7897](https://github.com/MetaMask/core/pull/7897), [#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/storage-service/CHANGELOG.md b/packages/storage-service/CHANGELOG.md index b936a614f6a..fbf3e3dfbdf 100644 --- a/packages/storage-service/CHANGELOG.md +++ b/packages/storage-service/CHANGELOG.md @@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) + ## [1.0.0] ### Added diff --git a/packages/subscription-controller/CHANGELOG.md b/packages/subscription-controller/CHANGELOG.md index 7c27fd17fdd..5c212298abd 100644 --- a/packages/subscription-controller/CHANGELOG.md +++ b/packages/subscription-controller/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) +- chore(subscription-controller): replace Sinon with Jest fake timers ([#7974](https://github.com/MetaMask/core/pull/7974)) +- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) +- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) + ### Changed - Bump `@metamask/transaction-controller` from `^62.16.0` to `^62.21.0` ([#7897](https://github.com/MetaMask/core/pull/7897), [#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/user-operation-controller/CHANGELOG.md b/packages/user-operation-controller/CHANGELOG.md index b3deaf6dbb2..52d875f56c0 100644 --- a/packages/user-operation-controller/CHANGELOG.md +++ b/packages/user-operation-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Uncategorized + +- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) + ### Changed - Bump `@metamask/transaction-controller` from `^62.17.1` to `^62.21.0` ([#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) From 3a0a62b838682f6832cab5e67b42b2937058eef9 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:24:51 +0100 Subject: [PATCH 2/9] Update Release 857.0.0 --- package.json | 2 +- packages/account-tree-controller/package.json | 2 +- packages/address-book-controller/CHANGELOG.md | 9 ----- packages/analytics-controller/CHANGELOG.md | 8 ----- packages/announcement-controller/CHANGELOG.md | 11 ------ packages/app-metadata-controller/CHANGELOG.md | 11 ------ packages/approval-controller/CHANGELOG.md | 12 ------- packages/assets-controllers/package.json | 2 +- packages/base-controller/CHANGELOG.md | 19 ----------- packages/bridge-controller/package.json | 2 +- .../bridge-status-controller/package.json | 2 +- packages/build-utils/CHANGELOG.md | 12 ------- .../chain-agnostic-permission/CHANGELOG.md | 8 ----- packages/claims-controller/CHANGELOG.md | 8 ----- packages/claims-controller/package.json | 2 +- packages/client-controller/CHANGELOG.md | 5 --- packages/compliance-controller/CHANGELOG.md | 4 --- packages/composable-controller/CHANGELOG.md | 19 ----------- .../config-registry-controller/package.json | 2 +- packages/connectivity-controller/CHANGELOG.md | 8 ----- packages/controller-utils/CHANGELOG.md | 4 --- packages/core-backend/package.json | 2 +- packages/eip-5792-middleware/CHANGELOG.md | 4 --- .../CHANGELOG.md | 15 -------- .../CHANGELOG.md | 7 ---- packages/ens-controller/CHANGELOG.md | 4 --- packages/error-reporting-service/CHANGELOG.md | 7 ---- packages/eth-block-tracker/CHANGELOG.md | 9 ----- packages/eth-json-rpc-middleware/CHANGELOG.md | 8 ----- packages/eth-json-rpc-provider/CHANGELOG.md | 9 ----- packages/foundryup/CHANGELOG.md | 11 ------ packages/gas-fee-controller/CHANGELOG.md | 4 --- packages/json-rpc-engine/CHANGELOG.md | 12 +++---- .../json-rpc-middleware-stream/CHANGELOG.md | 34 ++++++------------- packages/keyring-controller/CHANGELOG.md | 8 ----- packages/logging-controller/CHANGELOG.md | 8 ----- packages/message-manager/CHANGELOG.md | 9 ----- packages/messenger/CHANGELOG.md | 13 ------- .../multichain-api-middleware/CHANGELOG.md | 5 --- packages/name-controller/CHANGELOG.md | 13 ------- packages/network-controller/CHANGELOG.md | 4 --- .../CHANGELOG.md | 5 ++- .../package.json | 4 +-- packages/permission-controller/CHANGELOG.md | 7 ---- .../permission-log-controller/CHANGELOG.md | 14 -------- packages/perps-controller/CHANGELOG.md | 5 --- packages/perps-controller/package.json | 2 +- packages/phishing-controller/CHANGELOG.md | 5 --- packages/polling-controller/CHANGELOG.md | 4 --- .../profile-metrics-controller/CHANGELOG.md | 5 ++- .../profile-metrics-controller/package.json | 4 +-- packages/profile-sync-controller/CHANGELOG.md | 5 ++- packages/profile-sync-controller/package.json | 2 +- packages/rate-limit-controller/CHANGELOG.md | 12 ------- packages/sample-controllers/CHANGELOG.md | 4 --- .../CHANGELOG.md | 4 --- .../selected-network-controller/CHANGELOG.md | 4 --- packages/shield-controller/CHANGELOG.md | 7 ---- packages/storage-service/CHANGELOG.md | 7 ---- packages/subscription-controller/CHANGELOG.md | 5 ++- packages/subscription-controller/package.json | 4 +-- .../user-operation-controller/CHANGELOG.md | 4 --- yarn.lock | 24 ++++++------- 63 files changed, 60 insertions(+), 415 deletions(-) diff --git a/package.json b/package.json index e6c78e034f7..e0afbec200c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/core-monorepo", - "version": "856.0.0", + "version": "857.0.0", "private": true, "description": "Monorepo for packages shared between MetaMask clients", "repository": { diff --git a/packages/account-tree-controller/package.json b/packages/account-tree-controller/package.json index 31dee9add50..76549e50ab7 100644 --- a/packages/account-tree-controller/package.json +++ b/packages/account-tree-controller/package.json @@ -53,7 +53,7 @@ "@metamask/keyring-controller": "^25.1.0", "@metamask/messenger": "^0.3.0", "@metamask/multichain-account-service": "^7.1.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/snaps-controllers": "^17.2.0", "@metamask/snaps-sdk": "^10.3.0", "@metamask/snaps-utils": "^11.7.0", diff --git a/packages/address-book-controller/CHANGELOG.md b/packages/address-book-controller/CHANGELOG.md index f84a99dd637..d63149d6172 100644 --- a/packages/address-book-controller/CHANGELOG.md +++ b/packages/address-book-controller/CHANGELOG.md @@ -7,15 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Re-enable `@typescript-eslint/prefer-optional-chain` ([#7314](https://github.com/MetaMask/core/pull/7314)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/analytics-controller/CHANGELOG.md b/packages/analytics-controller/CHANGELOG.md index 01ef60fe270..6e5a0aa0ee9 100644 --- a/packages/analytics-controller/CHANGELOG.md +++ b/packages/analytics-controller/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/announcement-controller/CHANGELOG.md b/packages/announcement-controller/CHANGELOG.md index d1db69e9749..010dd83339e 100644 --- a/packages/announcement-controller/CHANGELOG.md +++ b/packages/announcement-controller/CHANGELOG.md @@ -7,17 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Fix suppressed errors in `@metamask/accouncement-controller` ([#7630](https://github.com/MetaMask/core/pull/7630)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ## [8.0.0] ### Changed diff --git a/packages/app-metadata-controller/CHANGELOG.md b/packages/app-metadata-controller/CHANGELOG.md index 67078131df7..0be977bc879 100644 --- a/packages/app-metadata-controller/CHANGELOG.md +++ b/packages/app-metadata-controller/CHANGELOG.md @@ -7,17 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: remove unused `sinon` `devDependency` from 4 packages ([#7915](https://github.com/MetaMask/core/pull/7915)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ## [2.0.0] ### Changed diff --git a/packages/approval-controller/CHANGELOG.md b/packages/approval-controller/CHANGELOG.md index 0b99fd5fe8b..44c6a2e5415 100644 --- a/packages/approval-controller/CHANGELOG.md +++ b/packages/approval-controller/CHANGELOG.md @@ -7,18 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: remove unused `sinon` `devDependency` from 4 packages ([#7915](https://github.com/MetaMask/core/pull/7915)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/assets-controllers/package.json b/packages/assets-controllers/package.json index 5b0d05109c4..0c541375c51 100644 --- a/packages/assets-controllers/package.json +++ b/packages/assets-controllers/package.json @@ -73,7 +73,7 @@ "@metamask/phishing-controller": "^16.3.0", "@metamask/polling-controller": "^16.0.3", "@metamask/preferences-controller": "^23.0.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/rpc-errors": "^7.0.2", "@metamask/snaps-controllers": "^17.2.0", "@metamask/snaps-sdk": "^10.3.0", diff --git a/packages/base-controller/CHANGELOG.md b/packages/base-controller/CHANGELOG.md index 0bdb8a728e7..58b12894418 100644 --- a/packages/base-controller/CHANGELOG.md +++ b/packages/base-controller/CHANGELOG.md @@ -7,25 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(base-controller): replace `Sinon` with `Jest` mocks ([#7962](https://github.com/MetaMask/core/pull/7962)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- Release/752.0.0 ([#7642](https://github.com/MetaMask/core/pull/7642)) -- chore(lint): Fix suppressed ESLint errors in `base-controller` package ([#7443](https://github.com/MetaMask/core/pull/7443)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- Release/687.0.0 ([#7202](https://github.com/MetaMask/core/pull/7202)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/bridge-controller/package.json b/packages/bridge-controller/package.json index 5e7d2ef446d..1dbc96820a9 100644 --- a/packages/bridge-controller/package.json +++ b/packages/bridge-controller/package.json @@ -64,7 +64,7 @@ "@metamask/multichain-network-controller": "^3.0.5", "@metamask/network-controller": "^30.0.0", "@metamask/polling-controller": "^16.0.3", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/remote-feature-flag-controller": "^4.1.0", "@metamask/snaps-controllers": "^17.2.0", "@metamask/transaction-controller": "^62.21.0", diff --git a/packages/bridge-status-controller/package.json b/packages/bridge-status-controller/package.json index 60d0e0ede70..f42cf2ffc30 100644 --- a/packages/bridge-status-controller/package.json +++ b/packages/bridge-status-controller/package.json @@ -55,7 +55,7 @@ "@metamask/keyring-controller": "^25.1.0", "@metamask/network-controller": "^30.0.0", "@metamask/polling-controller": "^16.0.3", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/snaps-controllers": "^17.2.0", "@metamask/superstruct": "^3.1.0", "@metamask/transaction-controller": "^62.21.0", diff --git a/packages/build-utils/CHANGELOG.md b/packages/build-utils/CHANGELOG.md index 6530d572f6e..e7d9bee9390 100644 --- a/packages/build-utils/CHANGELOG.md +++ b/packages/build-utils/CHANGELOG.md @@ -7,18 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `build-utils` package ([#7460](https://github.com/MetaMask/core/pull/7460)) -- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/chain-agnostic-permission/CHANGELOG.md b/packages/chain-agnostic-permission/CHANGELOG.md index 4ba295ea51a..c5bc1a1e959 100644 --- a/packages/chain-agnostic-permission/CHANGELOG.md +++ b/packages/chain-agnostic-permission/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- feat: bump `accounts` deps + use new `AccountProvider.createAccounts` ([#7857](https://github.com/MetaMask/core/pull/7857)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/controller-utils` from `^11.17.0` to `^11.19.0` ([#7583](https://github.com/MetaMask/core/pull/7583), [#7995](https://github.com/MetaMask/core/pull/7995)) diff --git a/packages/claims-controller/CHANGELOG.md b/packages/claims-controller/CHANGELOG.md index 43ae373e2e0..4282ca2ab8c 100644 --- a/packages/claims-controller/CHANGELOG.md +++ b/packages/claims-controller/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/profile-sync-controller` from `^27.0.0` to `^27.1.0` ([#7849](https://github.com/MetaMask/core/pull/7849)) diff --git a/packages/claims-controller/package.json b/packages/claims-controller/package.json index 7c1ed1c3d67..535910869e9 100644 --- a/packages/claims-controller/package.json +++ b/packages/claims-controller/package.json @@ -55,7 +55,7 @@ "devDependencies": { "@metamask/auto-changelog": "^3.4.4", "@metamask/keyring-controller": "^25.1.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@ts-bridge/cli": "^0.6.4", "@types/jest": "^29.5.14", "deepmerge": "^4.2.2", diff --git a/packages/client-controller/CHANGELOG.md b/packages/client-controller/CHANGELOG.md index d0c834c03e1..f9fdba129a0 100644 --- a/packages/client-controller/CHANGELOG.md +++ b/packages/client-controller/CHANGELOG.md @@ -7,11 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) - ## [1.0.0] ### Added diff --git a/packages/compliance-controller/CHANGELOG.md b/packages/compliance-controller/CHANGELOG.md index 41ff8607c1e..70286bdf42f 100644 --- a/packages/compliance-controller/CHANGELOG.md +++ b/packages/compliance-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [1.0.1] ## [1.0.0] diff --git a/packages/composable-controller/CHANGELOG.md b/packages/composable-controller/CHANGELOG.md index 8642b726906..e450350d850 100644 --- a/packages/composable-controller/CHANGELOG.md +++ b/packages/composable-controller/CHANGELOG.md @@ -7,25 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(composable-controller): replace `Sinon` with `Jest` mocks ([#7964](https://github.com/MetaMask/core/pull/7964)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- Release/752.0.0 ([#7642](https://github.com/MetaMask/core/pull/7642)) -- chore(lint): Fix suppressed ESLint errors in `composable-controller` package ([#7462](https://github.com/MetaMask/core/pull/7462)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- Release/687.0.0 ([#7202](https://github.com/MetaMask/core/pull/7202)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ## [12.0.0] ### Changed diff --git a/packages/config-registry-controller/package.json b/packages/config-registry-controller/package.json index e2338590110..54dd05b506a 100644 --- a/packages/config-registry-controller/package.json +++ b/packages/config-registry-controller/package.json @@ -53,7 +53,7 @@ "@metamask/keyring-controller": "^25.1.0", "@metamask/messenger": "^0.3.0", "@metamask/polling-controller": "^16.0.3", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/remote-feature-flag-controller": "^4.1.0", "@metamask/superstruct": "^3.1.0", "@metamask/utils": "^11.9.0", diff --git a/packages/connectivity-controller/CHANGELOG.md b/packages/connectivity-controller/CHANGELOG.md index 4d31f3b4239..72bfa6f8965 100644 --- a/packages/connectivity-controller/CHANGELOG.md +++ b/packages/connectivity-controller/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Added - Add `init` method to asynchronously fetch and set the initial connectivity status from the adapter ([#7679](https://github.com/MetaMask/core/pull/7679)) diff --git a/packages/controller-utils/CHANGELOG.md b/packages/controller-utils/CHANGELOG.md index b3dfc563bba..42f17286cda 100644 --- a/packages/controller-utils/CHANGELOG.md +++ b/packages/controller-utils/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [11.19.0] ### Added diff --git a/packages/core-backend/package.json b/packages/core-backend/package.json index baabe3f1644..b6ae1609385 100644 --- a/packages/core-backend/package.json +++ b/packages/core-backend/package.json @@ -52,7 +52,7 @@ "@metamask/controller-utils": "^11.19.0", "@metamask/keyring-controller": "^25.1.0", "@metamask/messenger": "^0.3.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/utils": "^11.9.0", "@tanstack/query-core": "^5.62.16", "uuid": "^8.3.2" diff --git a/packages/eip-5792-middleware/CHANGELOG.md b/packages/eip-5792-middleware/CHANGELOG.md index 354c19f6fc8..80e8e612971 100644 --- a/packages/eip-5792-middleware/CHANGELOG.md +++ b/packages/eip-5792-middleware/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: mark getAccounts → getPermittedAccountsForOrigin rename as breaking in eip-5792-middleware changelog ([#8060](https://github.com/MetaMask/core/pull/8060)) - ### Changed - Bump `@metamask/transaction-controller` from `^62.19.0` to `^62.21.0` ([#8104](https://github.com/MetaMask/core/pull/8104)), ([#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md b/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md index babc2f89b1e..7d7cf3a33d9 100644 --- a/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md +++ b/packages/eip-7702-internal-rpc-middleware/CHANGELOG.md @@ -7,21 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `eip-7702-internal-rpc-middleware` package ([#7476](https://github.com/MetaMask/core/pull/7476)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) -- Release/650.0.0 ([#7003](https://github.com/MetaMask/core/pull/7003)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/eip1193-permission-middleware/CHANGELOG.md b/packages/eip1193-permission-middleware/CHANGELOG.md index bffe2df4bf7..8fd45d27b1c 100644 --- a/packages/eip1193-permission-middleware/CHANGELOG.md +++ b/packages/eip1193-permission-middleware/CHANGELOG.md @@ -7,13 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/ens-controller/CHANGELOG.md b/packages/ens-controller/CHANGELOG.md index 02a4b2fbf69..34722c1ce0c 100644 --- a/packages/ens-controller/CHANGELOG.md +++ b/packages/ens-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [19.0.3] ### Changed diff --git a/packages/error-reporting-service/CHANGELOG.md b/packages/error-reporting-service/CHANGELOG.md index 4e10f3e8ddd..30bd6cda37d 100644 --- a/packages/error-reporting-service/CHANGELOG.md +++ b/packages/error-reporting-service/CHANGELOG.md @@ -7,13 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ## [3.0.1] ### Changed diff --git a/packages/eth-block-tracker/CHANGELOG.md b/packages/eth-block-tracker/CHANGELOG.md index 1483e8e2592..ae0f0a89d1a 100644 --- a/packages/eth-block-tracker/CHANGELOG.md +++ b/packages/eth-block-tracker/CHANGELOG.md @@ -7,15 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- Release 840.0.0 ([#8078](https://github.com/MetaMask/core/pull/8078)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- Release 795.0.0 ([#7856](https://github.com/MetaMask/core/pull/7856)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ## [15.0.1] ### Changed diff --git a/packages/eth-json-rpc-middleware/CHANGELOG.md b/packages/eth-json-rpc-middleware/CHANGELOG.md index d6f9a705581..3cc7f136156 100644 --- a/packages/eth-json-rpc-middleware/CHANGELOG.md +++ b/packages/eth-json-rpc-middleware/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- fix: Clone `JsonRpcEngineV2` results to prevent returning frozen objects ([#8077](https://github.com/MetaMask/core/pull/8077)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- Release/825.0.0 ([#7996](https://github.com/MetaMask/core/pull/7996)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.1` to `^10.2.3` ([#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/eth-json-rpc-provider/CHANGELOG.md b/packages/eth-json-rpc-provider/CHANGELOG.md index 322a40dff6f..857f7333d9a 100644 --- a/packages/eth-json-rpc-provider/CHANGELOG.md +++ b/packages/eth-json-rpc-provider/CHANGELOG.md @@ -7,15 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `eth-json-rpc-provider` package ([#7497](https://github.com/MetaMask/core/pull/7497)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/foundryup/CHANGELOG.md b/packages/foundryup/CHANGELOG.md index 900cdcbd067..f6ce1417dc3 100644 --- a/packages/foundryup/CHANGELOG.md +++ b/packages/foundryup/CHANGELOG.md @@ -7,17 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ## [1.0.1] ### Fixed diff --git a/packages/gas-fee-controller/CHANGELOG.md b/packages/gas-fee-controller/CHANGELOG.md index fefa5b9b4ab..8b11eeb249b 100644 --- a/packages/gas-fee-controller/CHANGELOG.md +++ b/packages/gas-fee-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [26.0.3] ### Changed diff --git a/packages/json-rpc-engine/CHANGELOG.md b/packages/json-rpc-engine/CHANGELOG.md index 05c45ed72ef..f6208f42f22 100644 --- a/packages/json-rpc-engine/CHANGELOG.md +++ b/packages/json-rpc-engine/CHANGELOG.md @@ -305,9 +305,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [7.2.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.1.1...@metamask/json-rpc-engine@7.2.0 [7.1.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.1.0...@metamask/json-rpc-engine@7.1.1 [7.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@7.0.0...@metamask/json-rpc-engine@7.1.0 -[7.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@6.1.0...@metamask/json-rpc-engine@7.0.0 -[6.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@6.0.0...@metamask/json-rpc-engine@6.1.0 -[6.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.4.0...@metamask/json-rpc-engine@6.0.0 -[5.4.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.3.0...@metamask/json-rpc-engine@5.4.0 -[5.3.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-engine@5.2.0...@metamask/json-rpc-engine@5.3.0 -[5.2.0]: https://github.com/MetaMask/core/releases/tag/@metamask/json-rpc-engine@5.2.0 +[7.0.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@6.1.0...@metamask/json-rpc-engine@7.0.0 +[6.1.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@6.0.0...json-rpc-engine@6.1.0 +[6.0.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.4.0...json-rpc-engine@6.0.0 +[5.4.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.3.0...json-rpc-engine@5.4.0 +[5.3.0]: https://github.com/MetaMask/core/compare/json-rpc-engine@5.2.0...json-rpc-engine@5.3.0 +[5.2.0]: https://github.com/MetaMask/core/releases/tag/json-rpc-engine@5.2.0 diff --git a/packages/json-rpc-middleware-stream/CHANGELOG.md b/packages/json-rpc-middleware-stream/CHANGELOG.md index 86b4c7b411b..b135bfdc0c0 100644 --- a/packages/json-rpc-middleware-stream/CHANGELOG.md +++ b/packages/json-rpc-middleware-stream/CHANGELOG.md @@ -7,20 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `json-rpc-middleware-stream` package ([#7463](https://github.com/MetaMask/core/pull/7463)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) @@ -238,13 +224,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [7.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.2...@metamask/json-rpc-middleware-stream@7.0.0 [6.0.2]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.1...@metamask/json-rpc-middleware-stream@6.0.2 [6.0.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@6.0.0...@metamask/json-rpc-middleware-stream@6.0.1 -[6.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@5.0.1...@metamask/json-rpc-middleware-stream@6.0.0 -[5.0.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@5.0.0...@metamask/json-rpc-middleware-stream@5.0.1 -[5.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.3...@metamask/json-rpc-middleware-stream@5.0.0 -[4.2.3]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.2...@metamask/json-rpc-middleware-stream@4.2.3 -[4.2.2]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.1...@metamask/json-rpc-middleware-stream@4.2.2 -[4.2.1]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.2.0...@metamask/json-rpc-middleware-stream@4.2.1 -[4.2.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.1.0...@metamask/json-rpc-middleware-stream@4.2.0 -[4.1.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@4.0.0...@metamask/json-rpc-middleware-stream@4.1.0 -[4.0.0]: https://github.com/MetaMask/core/compare/@metamask/json-rpc-middleware-stream@3.0.0...@metamask/json-rpc-middleware-stream@4.0.0 -[3.0.0]: https://github.com/MetaMask/core/releases/tag/@metamask/json-rpc-middleware-stream@3.0.0 +[6.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@5.0.1...@metamask/json-rpc-middleware-stream@6.0.0 +[5.0.1]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@5.0.0...json-rpc-middleware-stream@5.0.1 +[5.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.3...json-rpc-middleware-stream@5.0.0 +[4.2.3]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.2...json-rpc-middleware-stream@4.2.3 +[4.2.2]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.1...json-rpc-middleware-stream@4.2.2 +[4.2.1]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.2.0...json-rpc-middleware-stream@4.2.1 +[4.2.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.1.0...json-rpc-middleware-stream@4.2.0 +[4.1.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@4.0.0...json-rpc-middleware-stream@4.1.0 +[4.0.0]: https://github.com/MetaMask/core/compare/json-rpc-middleware-stream@3.0.0...json-rpc-middleware-stream@4.0.0 +[3.0.0]: https://github.com/MetaMask/core/releases/tag/json-rpc-middleware-stream@3.0.0 diff --git a/packages/keyring-controller/CHANGELOG.md b/packages/keyring-controller/CHANGELOG.md index 592130e6e38..f918e01ef62 100644 --- a/packages/keyring-controller/CHANGELOG.md +++ b/packages/keyring-controller/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(keyring-controller): replace `Sinon` with `Jest` mocks ([#7965](https://github.com/MetaMask/core/pull/7965)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/keyring-api` from `^21.0.0` to `^21.5.0` ([#7857](https://github.com/MetaMask/core/pull/7857)) diff --git a/packages/logging-controller/CHANGELOG.md b/packages/logging-controller/CHANGELOG.md index 63a4d2b328a..b6b854f4078 100644 --- a/packages/logging-controller/CHANGELOG.md +++ b/packages/logging-controller/CHANGELOG.md @@ -7,14 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) - ### Changed - Bump `@metamask/controller-utils` from `^11.16.0` to `^11.19.0` ([#7534](https://github.com/MetaMask/core/pull/7534), [#7583](https://github.com/MetaMask/core/pull/7583), [#7995](https://github.com/MetaMask/core/pull/7995)) diff --git a/packages/message-manager/CHANGELOG.md b/packages/message-manager/CHANGELOG.md index 6a6ca02797b..d9f4178ed47 100644 --- a/packages/message-manager/CHANGELOG.md +++ b/packages/message-manager/CHANGELOG.md @@ -7,15 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Re-enable `@typescript-eslint/no-unnecessary-type-assertions` ([#7296](https://github.com/MetaMask/core/pull/7296)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/messenger/CHANGELOG.md b/packages/messenger/CHANGELOG.md index ac4bb0d8865..00371d21c6d 100644 --- a/packages/messenger/CHANGELOG.md +++ b/packages/messenger/CHANGELOG.md @@ -7,19 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(messenger): replace `Sinon` with `Jest` mocks ([#7959](https://github.com/MetaMask/core/pull/7959)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore: Fix suppressed lint errors in `@metamask/messenger` ([#7421](https://github.com/MetaMask/core/pull/7421)) -- chore: Re-enable `@typescript-eslint/prefer-optional-chain` ([#7314](https://github.com/MetaMask/core/pull/7314)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ## [0.3.0] ### Added diff --git a/packages/multichain-api-middleware/CHANGELOG.md b/packages/multichain-api-middleware/CHANGELOG.md index 31eacd7b5f2..49ee195743c 100644 --- a/packages/multichain-api-middleware/CHANGELOG.md +++ b/packages/multichain-api-middleware/CHANGELOG.md @@ -7,11 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- Release/855.0.0 ([#8140](https://github.com/MetaMask/core/pull/8140)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/name-controller/CHANGELOG.md b/packages/name-controller/CHANGELOG.md index 70d5d8b797d..b822a94f617 100644 --- a/packages/name-controller/CHANGELOG.md +++ b/packages/name-controller/CHANGELOG.md @@ -7,19 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) -- Release/650.0.0 ([#7003](https://github.com/MetaMask/core/pull/7003)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/network-controller/CHANGELOG.md b/packages/network-controller/CHANGELOG.md index fc480d6a81f..ab316dc3f32 100644 --- a/packages/network-controller/CHANGELOG.md +++ b/packages/network-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/notification-services-controller/CHANGELOG.md b/packages/notification-services-controller/CHANGELOG.md index 091ca6a6b76..19802f48706 100644 --- a/packages/notification-services-controller/CHANGELOG.md +++ b/packages/notification-services-controller/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [22.1.0] + ### Uncategorized - feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) @@ -671,7 +673,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@22.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@22.1.0...HEAD +[22.1.0]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@22.0.0...@metamask/notification-services-controller@22.1.0 [22.0.0]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@21.0.0...@metamask/notification-services-controller@22.0.0 [21.0.0]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@20.0.0...@metamask/notification-services-controller@21.0.0 [20.0.0]: https://github.com/MetaMask/core/compare/@metamask/notification-services-controller@19.0.0...@metamask/notification-services-controller@20.0.0 diff --git a/packages/notification-services-controller/package.json b/packages/notification-services-controller/package.json index df96c71d311..1874f780ec3 100644 --- a/packages/notification-services-controller/package.json +++ b/packages/notification-services-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/notification-services-controller", - "version": "22.0.0", + "version": "22.1.0", "description": "Manages New MetaMask decentralized Notification system", "keywords": [ "MetaMask", @@ -104,7 +104,7 @@ "@metamask/controller-utils": "^11.19.0", "@metamask/keyring-controller": "^25.1.0", "@metamask/messenger": "^0.3.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/utils": "^11.9.0", "bignumber.js": "^9.1.2", "firebase": "^11.2.0", diff --git a/packages/permission-controller/CHANGELOG.md b/packages/permission-controller/CHANGELOG.md index b896f194496..46262073622 100644 --- a/packages/permission-controller/CHANGELOG.md +++ b/packages/permission-controller/CHANGELOG.md @@ -7,13 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.0` to `^10.2.3` ([#7642](https://github.com/MetaMask/core/pull/7642), [#7856](https://github.com/MetaMask/core/pull/7856), [#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/permission-log-controller/CHANGELOG.md b/packages/permission-log-controller/CHANGELOG.md index fd372c211b2..7295a29619b 100644 --- a/packages/permission-log-controller/CHANGELOG.md +++ b/packages/permission-log-controller/CHANGELOG.md @@ -7,20 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `permission-log-controller` package ([#7489](https://github.com/MetaMask/core/pull/7489)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- Revert "Release 687.0.0" ([#7201](https://github.com/MetaMask/core/pull/7201)) -- Release 687.0.0 ([#7190](https://github.com/MetaMask/core/pull/7190)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/perps-controller/CHANGELOG.md b/packages/perps-controller/CHANGELOG.md index 2bd6cc8a380..38b363d2826 100644 --- a/packages/perps-controller/CHANGELOG.md +++ b/packages/perps-controller/CHANGELOG.md @@ -7,11 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- Release/855.0.0 ([#8140](https://github.com/MetaMask/core/pull/8140)) -- Release/847.0.0 ([#8104](https://github.com/MetaMask/core/pull/8104)) - ## [1.0.0] ### Added diff --git a/packages/perps-controller/package.json b/packages/perps-controller/package.json index b439f87d432..c509d0ce501 100644 --- a/packages/perps-controller/package.json +++ b/packages/perps-controller/package.json @@ -64,7 +64,7 @@ "@metamask/keyring-controller": "^25.1.0", "@metamask/keyring-internal-api": "^10.0.0", "@metamask/network-controller": "^30.0.0", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/remote-feature-flag-controller": "^4.1.0", "@metamask/transaction-controller": "^62.21.0", "@ts-bridge/cli": "^0.6.4", diff --git a/packages/phishing-controller/CHANGELOG.md b/packages/phishing-controller/CHANGELOG.md index 4f72b3839c1..2ddfd9077a0 100644 --- a/packages/phishing-controller/CHANGELOG.md +++ b/packages/phishing-controller/CHANGELOG.md @@ -7,11 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(phishing-controller): replace `Sinon` with `Jest` mocks and fake timers ([#7972](https://github.com/MetaMask/core/pull/7972)) - ### Changed - Bump `@metamask/transaction-controller` from `^62.17.0` to `^62.21.0` ([#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/polling-controller/CHANGELOG.md b/packages/polling-controller/CHANGELOG.md index 7672121fd38..116687d265d 100644 --- a/packages/polling-controller/CHANGELOG.md +++ b/packages/polling-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [16.0.3] ### Changed diff --git a/packages/profile-metrics-controller/CHANGELOG.md b/packages/profile-metrics-controller/CHANGELOG.md index 7bb88f18809..82cacc10ab1 100644 --- a/packages/profile-metrics-controller/CHANGELOG.md +++ b/packages/profile-metrics-controller/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [3.0.3] + ### Fixed - Move bearer token acquisition inside the retry loop in `ProfileMetricsService.submitMetrics` so each retry attempt fetches a fresh token instead of reusing a potentially stale one ([#8144](https://github.com/MetaMask/core/pull/8144)) @@ -70,7 +72,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release ([#7194](https://github.com/MetaMask/core/pull/7194), [#7196](https://github.com/MetaMask/core/pull/7196), [#7263](https://github.com/MetaMask/core/pull/7263)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@3.0.2...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@3.0.3...HEAD +[3.0.3]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@3.0.2...@metamask/profile-metrics-controller@3.0.3 [3.0.2]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@3.0.1...@metamask/profile-metrics-controller@3.0.2 [3.0.1]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@3.0.0...@metamask/profile-metrics-controller@3.0.1 [3.0.0]: https://github.com/MetaMask/core/compare/@metamask/profile-metrics-controller@2.0.0...@metamask/profile-metrics-controller@3.0.0 diff --git a/packages/profile-metrics-controller/package.json b/packages/profile-metrics-controller/package.json index 25358c3fb49..628b736d70f 100644 --- a/packages/profile-metrics-controller/package.json +++ b/packages/profile-metrics-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/profile-metrics-controller", - "version": "3.0.2", + "version": "3.0.3", "description": "Sample package to illustrate best practices for controllers", "keywords": [ "MetaMask", @@ -54,7 +54,7 @@ "@metamask/keyring-controller": "^25.1.0", "@metamask/messenger": "^0.3.0", "@metamask/polling-controller": "^16.0.3", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/transaction-controller": "^62.21.0", "@metamask/utils": "^11.9.0", "async-mutex": "^0.5.0" diff --git a/packages/profile-sync-controller/CHANGELOG.md b/packages/profile-sync-controller/CHANGELOG.md index dc3e463e061..05b404e3184 100644 --- a/packages/profile-sync-controller/CHANGELOG.md +++ b/packages/profile-sync-controller/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [28.0.0] + ### Uncategorized - chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) @@ -827,7 +829,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@27.1.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@28.0.0...HEAD +[28.0.0]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@27.1.0...@metamask/profile-sync-controller@28.0.0 [27.1.0]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@27.0.0...@metamask/profile-sync-controller@27.1.0 [27.0.0]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@26.0.0...@metamask/profile-sync-controller@27.0.0 [26.0.0]: https://github.com/MetaMask/core/compare/@metamask/profile-sync-controller@25.1.2...@metamask/profile-sync-controller@26.0.0 diff --git a/packages/profile-sync-controller/package.json b/packages/profile-sync-controller/package.json index fa4503a3b8b..20ce37d212a 100644 --- a/packages/profile-sync-controller/package.json +++ b/packages/profile-sync-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/profile-sync-controller", - "version": "27.1.0", + "version": "28.0.0", "description": "The profile sync helps developers synchronize data across multiple clients and devices in a privacy-preserving way. All data saved in the user storage database is encrypted client-side to preserve privacy. The user storage provides a modular design, giving developers the flexibility to construct and manage their storage spaces in a way that best suits their needs", "keywords": [ "MetaMask", diff --git a/packages/rate-limit-controller/CHANGELOG.md b/packages/rate-limit-controller/CHANGELOG.md index eb787d76e55..9538c7cb4f7 100644 --- a/packages/rate-limit-controller/CHANGELOG.md +++ b/packages/rate-limit-controller/CHANGELOG.md @@ -7,18 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) -- chore(lint): Fix suppressed ESLint errors in `rate-limit-controller` package ([#7431](https://github.com/MetaMask/core/pull/7431)) -- chore: Update ESLint config packages to v15 ([#7305](https://github.com/MetaMask/core/pull/7305)) -- chore: Fix all auto-fixable ESLint warnings ([#7105](https://github.com/MetaMask/core/pull/7105)) -- chore: Update `typescript` to v5.3 ([#7081](https://github.com/MetaMask/core/pull/7081)) -- fix: Fix build script not working because of missing `@ts-bridge/cli` dependency ([#7040](https://github.com/MetaMask/core/pull/7040)) - ### Changed - Upgrade `@metamask/utils` from `^11.8.1` to `^11.9.0` ([#7511](https://github.com/MetaMask/core/pull/7511)) diff --git a/packages/sample-controllers/CHANGELOG.md b/packages/sample-controllers/CHANGELOG.md index 73066f207a7..c94d2034643 100644 --- a/packages/sample-controllers/CHANGELOG.md +++ b/packages/sample-controllers/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [4.0.3] ### Changed diff --git a/packages/seedless-onboarding-controller/CHANGELOG.md b/packages/seedless-onboarding-controller/CHANGELOG.md index 4590038b532..64ce4032900 100644 --- a/packages/seedless-onboarding-controller/CHANGELOG.md +++ b/packages/seedless-onboarding-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ## [8.1.0] ### Changed diff --git a/packages/selected-network-controller/CHANGELOG.md b/packages/selected-network-controller/CHANGELOG.md index c48087bc11e..3415f438df3 100644 --- a/packages/selected-network-controller/CHANGELOG.md +++ b/packages/selected-network-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ### Changed - Bump `@metamask/json-rpc-engine` from `^10.2.2` to `^10.2.3` ([#8078](https://github.com/MetaMask/core/pull/8078)) diff --git a/packages/shield-controller/CHANGELOG.md b/packages/shield-controller/CHANGELOG.md index 2e6f31fd5b6..582dc331538 100644 --- a/packages/shield-controller/CHANGELOG.md +++ b/packages/shield-controller/CHANGELOG.md @@ -7,13 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- chore: upgrade Jest-related packages to latest 27.x versions ([#7792](https://github.com/MetaMask/core/pull/7792)) - ### Changed - Bump `@metamask/transaction-controller` from `^62.12.0` to `^62.21.0` ([#7802](https://github.com/MetaMask/core/pull/7802), [#7832](https://github.com/MetaMask/core/pull/7832), [#7854](https://github.com/MetaMask/core/pull/7854), [#7872](https://github.com/MetaMask/core/pull/7872), [#7897](https://github.com/MetaMask/core/pull/7897), [#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/packages/storage-service/CHANGELOG.md b/packages/storage-service/CHANGELOG.md index fbf3e3dfbdf..b936a614f6a 100644 --- a/packages/storage-service/CHANGELOG.md +++ b/packages/storage-service/CHANGELOG.md @@ -7,13 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: Update `generate-method-action-types` script to be used in a single package ([#7983](https://github.com/MetaMask/core/pull/7983)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) - ## [1.0.0] ### Added diff --git a/packages/subscription-controller/CHANGELOG.md b/packages/subscription-controller/CHANGELOG.md index 5c212298abd..f80336e2dbc 100644 --- a/packages/subscription-controller/CHANGELOG.md +++ b/packages/subscription-controller/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [6.0.1] + ### Uncategorized - feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) @@ -307,7 +309,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump `@metamask/controller-utils` from `^11.12.0` to `^11.14.0` ([#6620](https://github.com/MetaMask/core/pull/6620), [#6629](https://github.com/MetaMask/core/pull/6629)) - Bump `@metamask/utils` from `^11.4.2` to `^11.8.0` ([#6588](https://github.com/MetaMask/core/pull/6588)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@6.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@6.0.1...HEAD +[6.0.1]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@6.0.0...@metamask/subscription-controller@6.0.1 [6.0.0]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@5.4.2...@metamask/subscription-controller@6.0.0 [5.4.2]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@5.4.1...@metamask/subscription-controller@5.4.2 [5.4.1]: https://github.com/MetaMask/core/compare/@metamask/subscription-controller@5.4.0...@metamask/subscription-controller@5.4.1 diff --git a/packages/subscription-controller/package.json b/packages/subscription-controller/package.json index 3d2cec1a5b1..309983534b3 100644 --- a/packages/subscription-controller/package.json +++ b/packages/subscription-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/subscription-controller", - "version": "6.0.0", + "version": "6.0.1", "description": "Handle user subscription", "keywords": [ "MetaMask", @@ -51,7 +51,7 @@ "@metamask/controller-utils": "^11.19.0", "@metamask/messenger": "^0.3.0", "@metamask/polling-controller": "^16.0.3", - "@metamask/profile-sync-controller": "^27.1.0", + "@metamask/profile-sync-controller": "^28.0.0", "@metamask/transaction-controller": "^62.21.0", "@metamask/utils": "^11.9.0", "bignumber.js": "^9.1.2" diff --git a/packages/user-operation-controller/CHANGELOG.md b/packages/user-operation-controller/CHANGELOG.md index 52d875f56c0..b3deaf6dbb2 100644 --- a/packages/user-operation-controller/CHANGELOG.md +++ b/packages/user-operation-controller/CHANGELOG.md @@ -7,10 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) - ### Changed - Bump `@metamask/transaction-controller` from `^62.17.1` to `^62.21.0` ([#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) diff --git a/yarn.lock b/yarn.lock index 828e068e9bd..8824f837542 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2535,7 +2535,7 @@ __metadata: "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/messenger": "npm:^0.3.0" "@metamask/multichain-account-service": "npm:^7.1.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/providers": "npm:^22.1.0" "@metamask/snaps-controllers": "npm:^17.2.0" "@metamask/snaps-sdk": "npm:^10.3.0" @@ -2840,7 +2840,7 @@ __metadata: "@metamask/phishing-controller": "npm:^16.3.0" "@metamask/polling-controller": "npm:^16.0.3" "@metamask/preferences-controller": "npm:^23.0.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/providers": "npm:^22.1.0" "@metamask/rpc-errors": "npm:^7.0.2" "@metamask/snaps-controllers": "npm:^17.2.0" @@ -3003,7 +3003,7 @@ __metadata: "@metamask/multichain-network-controller": "npm:^3.0.5" "@metamask/network-controller": "npm:^30.0.0" "@metamask/polling-controller": "npm:^16.0.3" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/remote-feature-flag-controller": "npm:^4.1.0" "@metamask/snaps-controllers": "npm:^17.2.0" "@metamask/superstruct": "npm:^3.1.0" @@ -3039,7 +3039,7 @@ __metadata: "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/network-controller": "npm:^30.0.0" "@metamask/polling-controller": "npm:^16.0.3" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/snaps-controllers": "npm:^17.2.0" "@metamask/superstruct": "npm:^3.1.0" "@metamask/transaction-controller": "npm:^62.21.0" @@ -3119,7 +3119,7 @@ __metadata: "@metamask/controller-utils": "npm:^11.19.0" "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/messenger": "npm:^0.3.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/utils": "npm:^11.9.0" "@ts-bridge/cli": "npm:^0.6.4" "@types/jest": "npm:^29.5.14" @@ -3207,7 +3207,7 @@ __metadata: "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/messenger": "npm:^0.3.0" "@metamask/polling-controller": "npm:^16.0.3" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/remote-feature-flag-controller": "npm:^4.1.0" "@metamask/superstruct": "npm:^3.1.0" "@metamask/utils": "npm:^11.9.0" @@ -3292,7 +3292,7 @@ __metadata: "@metamask/controller-utils": "npm:^11.19.0" "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/messenger": "npm:^0.3.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/utils": "npm:^11.9.0" "@tanstack/query-core": "npm:^5.62.16" "@ts-bridge/cli": "npm:^0.6.4" @@ -4581,7 +4581,7 @@ __metadata: "@metamask/controller-utils": "npm:^11.19.0" "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/messenger": "npm:^0.3.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/utils": "npm:^11.9.0" "@ts-bridge/cli": "npm:^0.6.4" "@types/jest": "npm:^29.5.14" @@ -4689,7 +4689,7 @@ __metadata: "@metamask/keyring-internal-api": "npm:^10.0.0" "@metamask/messenger": "npm:^0.3.0" "@metamask/network-controller": "npm:^30.0.0" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/remote-feature-flag-controller": "npm:^4.1.0" "@metamask/transaction-controller": "npm:^62.21.0" "@metamask/utils": "npm:^11.9.0" @@ -4800,7 +4800,7 @@ __metadata: "@metamask/keyring-internal-api": "npm:^10.0.0" "@metamask/messenger": "npm:^0.3.0" "@metamask/polling-controller": "npm:^16.0.3" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/transaction-controller": "npm:^62.21.0" "@metamask/utils": "npm:^11.9.0" "@ts-bridge/cli": "npm:^0.6.4" @@ -4817,7 +4817,7 @@ __metadata: languageName: unknown linkType: soft -"@metamask/profile-sync-controller@npm:^27.1.0, @metamask/profile-sync-controller@workspace:packages/profile-sync-controller": +"@metamask/profile-sync-controller@npm:^28.0.0, @metamask/profile-sync-controller@workspace:packages/profile-sync-controller": version: 0.0.0-use.local resolution: "@metamask/profile-sync-controller@workspace:packages/profile-sync-controller" dependencies: @@ -5302,7 +5302,7 @@ __metadata: "@metamask/controller-utils": "npm:^11.19.0" "@metamask/messenger": "npm:^0.3.0" "@metamask/polling-controller": "npm:^16.0.3" - "@metamask/profile-sync-controller": "npm:^27.1.0" + "@metamask/profile-sync-controller": "npm:^28.0.0" "@metamask/transaction-controller": "npm:^62.21.0" "@metamask/utils": "npm:^11.9.0" "@ts-bridge/cli": "npm:^0.6.4" From 5f98e3f8994507b3018dafae1c22fb8e57c2b147 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:26:04 +0100 Subject: [PATCH 3/9] fix: remove file --- .../INVESTIGATION-401.md | 655 ------------------ 1 file changed, 655 deletions(-) delete mode 100644 packages/profile-metrics-controller/INVESTIGATION-401.md diff --git a/packages/profile-metrics-controller/INVESTIGATION-401.md b/packages/profile-metrics-controller/INVESTIGATION-401.md deleted file mode 100644 index 80af4bd6005..00000000000 --- a/packages/profile-metrics-controller/INVESTIGATION-401.md +++ /dev/null @@ -1,655 +0,0 @@ -# ProfileMetricsController 401 Investigation Report - -## Table of Contents - -- [Executive Summary](#executive-summary) -- [Architecture Overview](#architecture-overview) -- [Authentication Flow](#authentication-flow) -- [Why Are We Getting 401s?](#why-are-we-getting-401s) -- [Root Causes (Detailed)](#root-causes-detailed) - - [1. Token Silently Discarded for Undefined entropySourceId](#1-token-silently-discarded-for-undefined-entropysourceid) - - [2. Bearer Token Obtained Outside the Retry Loop](#2-bearer-token-obtained-outside-the-retry-loop) - - [3. No Token Invalidation on Downstream 401](#3-no-token-invalidation-on-downstream-401) - - [4. Login Deduplication by entropySourceId Not by Identity](#4-login-deduplication-by-entropysourceid-not-by-identity) - - [5. 401s Are Retried But Never Succeed](#5-401s-are-retried-but-never-succeed) -- [How the Issues Compound](#how-the-issues-compound) -- [Can a 401 Lock the User?](#can-a-401-lock-the-user) -- [Suggested Fixes](#suggested-fixes) - ---- - -## Executive Summary - -`ProfileMetricsController` polls on a 10-second interval and calls `PUT /api/v2/profile/accounts` with a bearer token obtained from `AuthenticationController`. Approximately 60% of users are receiving HTTP 401 responses on this endpoint. - -Five compounding issues were identified in the client-side authentication and retry infrastructure. Together, they create a scenario where: - -1. An invalid/stale token can enter the system (via race conditions or expiry-edge timing). -2. That token is retried 4 times with no chance of success (token captured outside retry loop). -3. The invalid token is never evicted from cache (no invalidation on 401). -4. The polling loop keeps hitting the same stale token every 10 seconds. -5. This continues for up to 90% of the token's `expiresIn` lifetime before a refresh occurs. - -The user is **temporarily locked** (minutes to potentially hours, depending on token TTL) but **not permanently locked** -- tokens eventually expire and are refreshed. - ---- - -## Architecture Overview - -```mermaid -flowchart TD - subgraph consumers [Token Consumers on Unlock] - PMC["ProfileMetricsController
(polls every 10s)"] - PMS["ProfileMetricsService"] - BWS["BackendWebSocketService"] - NSC["NotificationServicesController"] - NSPC["NotificationServicesPushController"] - TBC["TokenBalancesController"] - BC["BridgeController"] - BSC["BridgeStatusController"] - CS["ClaimsService"] - end - - subgraph auth [Authentication Layer] - AC["AuthenticationController"] - SRP["SRPJwtBearerAuth
(flow-srp.ts)"] - OIDC["OIDC Token Endpoint
/oauth2/token"] - AuthAPI["Auth API
/api/v2/srp/login"] - end - - subgraph storage [Token Storage] - STATE["Controller State
srpSessionData"] - end - - PMC -->|"submitMetrics()"| PMS - PMS -->|"getBearerToken(entropySourceId)"| AC - BWS -->|"getBearerToken(undefined)"| AC - NSC -->|"getBearerToken(undefined)"| AC - NSPC -->|"getBearerToken(undefined)"| AC - TBC -->|"getBearerToken(undefined)"| AC - BC -->|"getBearerToken(undefined)"| AC - BSC -->|"getBearerToken(undefined)"| AC - CS -->|"getBearerToken(undefined)"| AC - AC -->|"getAccessToken()"| SRP - SRP -->|"read/write session"| STATE - SRP -->|"getNonce + authenticate"| AuthAPI - SRP -->|"exchange for access token"| OIDC - PMS -->|"PUT /profile/accounts"| ProfileAPI["Auth API
/api/v2/profile/accounts"] -``` - -Key observation: **~8 controllers** call `getBearerToken(undefined)` (no `entropySourceId`), while `ProfileMetricsService` calls `getBearerToken(entropySourceId)` with a **specific** entropy source ID. Both paths go through the same `SRPJwtBearerAuth` instance, but they are deduplicated independently. - ---- - -## Authentication Flow - -When `getBearerToken(entropySourceId?)` is called, this is the full chain of events: - -```mermaid -sequenceDiagram - participant Caller - participant AC as AuthenticationController - participant SRP as SRPJwtBearerAuth - participant State as srpSessionData - participant Snap as Message Signing Snap - participant AuthAPI as Auth API - participant OIDC as OIDC Server - participant ProfileAPI as Profile API - - Caller->>AC: getBearerToken(entropySourceId?) - AC->>AC: assertIsUnlocked() - AC->>SRP: getAccessToken(entropySourceId?) - - SRP->>State: getLoginResponse(entropySourceId?) - alt Session found and age < 90% of expiresIn - State-->>SRP: cached LoginResponse - SRP-->>AC: accessToken - AC-->>Caller: accessToken - else No session or expired - SRP->>SRP: deferredLogin(entropySourceId?) - Note over SRP: loginKey = entropySourceId ?? '__default__' - alt Ongoing login exists for this key - SRP-->>SRP: await existing promise - else No ongoing login - SRP->>Snap: getPublicKey(entropySourceId?) - Snap-->>SRP: publicKey - SRP->>AuthAPI: getNonce(publicKey) - AuthAPI-->>SRP: nonce - SRP->>Snap: signMessage("metamask:{nonce}:{publicKey}") - Snap-->>SRP: signature - SRP->>AuthAPI: authenticate(rawMessage, signature) - AuthAPI-->>SRP: authToken + profile - SRP->>OIDC: authorizeOIDC(authToken) - OIDC-->>SRP: accessToken + expiresIn - SRP->>State: setLoginResponse(result, entropySourceId?) - Note over State: BUG: if entropySourceId is
undefined, NOTHING is stored - end - SRP-->>AC: accessToken - AC-->>Caller: accessToken - end - - Caller->>ProfileAPI: PUT /profile/accounts (Bearer accessToken) - ProfileAPI-->>Caller: 200 OK or 401 Unauthorized -``` - ---- - -## Why Are We Getting 401s? - -The short answer has two parts: - -1. **What triggers the 401?** Likely one of two things (possibly both): the same user identity authenticates twice concurrently through different code paths and the server invalidates the earlier token (see below), or the token simply expires naturally and the client is caught in the edge of the 90% TTL window. - -2. **Why can't we recover?** This is the real problem. **It does not matter what causes the 401.** Whether the token was invalidated by a concurrent login, expired naturally, or was revoked server-side for any reason -- the outcome is identical. The client has no mechanism to respond to a 401 by re-authenticating. A well-behaved OAuth2 client would detect the 401, invalidate the cached token, re-authenticate, and retry with a fresh token. The current implementation does none of that. It retries with the same dead token, never tells `AuthenticationController` the token was rejected, and keeps serving the dead token from cache for up to 90% of its TTL. **The client is fundamentally unable to recover from any 401, regardless of cause.** - -Below is the most likely sequence that produces the initial 401, step by step. But keep in mind: even if the trigger is something else entirely (e.g., normal token expiry, server-side revocation), the persistence and amplification mechanisms described in Steps 4-5 apply identically. - -### Step 1 -- Wallet unlocks, multiple controllers wake up at once - -When the wallet unlocks, `KeyringController:unlock` fires. Several controllers react simultaneously: - -- **BackendWebSocketService**, **NotificationServicesPushController**, **TokenBalancesController**, and others all call `getBearerToken()` with **no** `entropySourceId` (i.e. `undefined`). -- **ProfileMetricsController** starts polling and eventually calls `getBearerToken("abc-entropy-id")` with the **specific** entropy source ID of each account batch. - -Both calls go through the same `SRPJwtBearerAuth` instance. - -### Step 2 -- Two independent logins fire for the same identity - -`SRPJwtBearerAuth.#deferredLogin` is supposed to prevent concurrent logins, but it deduplicates by `entropySourceId`, not by the actual identity (public key): - -```typescript -const loginKey = entropySourceId ?? '__default__'; -// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -// getBearerToken(undefined) → loginKey = '__default__' -// getBearerToken("abc-entropy") → loginKey = 'abc-entropy' -// -// Different keys → NOT deduplicated → two full login flows proceed. -``` - -Critically, when `"abc-entropy"` is the **primary SRP** (which it almost always is), both `getIdentifier(undefined)` and `getIdentifier("abc-entropy")` resolve to the **same public key**. Two independent login flows run against the auth server for the exact same identity: - -| Login flow | `entropySourceId` | `loginKey` | Identity (public key) | -|---|---|---|---| -| Flow A (8+ controllers) | `undefined` | `'__default__'` | Primary SRP key | -| Flow B (ProfileMetricsService) | `"abc-entropy"` | `'abc-entropy'` | Primary SRP key (same!) | - -Each flow independently calls `getNonce` -> `authenticate` -> `authorizeOIDC`, producing two distinct OIDC access tokens for the same identity. - -### Step 3 -- The auth server invalidates the earlier token - -The OIDC/auth server issues token **T1** (for flow A) and then token **T2** (for flow B) -- or vice versa depending on timing. When the server performs session rotation (standard practice for security), it invalidates the previously issued token for that identity. The token that happened to be issued first is now dead. - -> **This is the moment the 401 is born.** One of the two tokens is now server-side invalid, but the client has no idea. - -### Step 4 -- The dead token gets cached, the valid one gets discarded - -Here is where the `#setLoginResponseToState` bug makes everything worse: - -- **Flow B** (`entropySourceId = "abc-entropy"`): Token T2 is **stored** in `srpSessionData["abc-entropy"]`. This is the token ProfileMetricsController will use. -- **Flow A** (`entropySourceId = undefined`): Token T1 should be stored too, but `#setLoginResponseToState` has an `if (entropySourceId)` guard that **silently discards it** when `entropySourceId` is falsy. T1 vanishes. - -If T2 was issued first and T1 invalidated it, ProfileMetricsController is fine (it uses T2). But if T1 was issued **second** and invalidated T2, ProfileMetricsController is stuck with a dead T2 in its cache. - -Because the `undefined` path never caches its token, **every subsequent call** to `getBearerToken(undefined)` triggers a fresh login for the same identity -- continuously creating new tokens that can keep invalidating whatever ProfileMetricsController has cached. The race condition isn't a one-time event; it recurs on every poll cycle where another controller also needs a token. - -### Step 5 -- No recovery, no circuit breaker, no escape - -Once ProfileMetricsController has a dead token cached: - -1. `submitMetrics` obtains the dead token **once**, before the retry loop. -2. All 4 retry attempts use the same dead token. All return 401. -3. The `AuthenticationController` is never told the token was rejected. The dead token stays in `srpSessionData`. -4. The circuit breaker only trips on 5xx errors. 401 is invisible to it. -5. 10 seconds later, the next poll cycle starts. `getBearerToken("abc-entropy")` reads the same dead token from cache (still within the 90% TTL window). Same 401s. -6. This repeats every 10 seconds, wasting 4 requests per cycle, **for up to 90% of the token's lifetime** (potentially ~49 minutes for a 1-hour token). -7. When the token finally expires by age, a fresh login happens. If another controller races it again, the cycle restarts. - -### Visual summary - -```mermaid -flowchart LR - subgraph trigger ["THE TRIGGER"] - A["Wallet unlocks"] --> B["~8 controllers call
getBearerToken(undefined)"] - A --> C["ProfileMetricsService calls
getBearerToken('abc-entropy')"] - B --> D["Login flow A
key: '__default__'"] - C --> E["Login flow B
key: 'abc-entropy'"] - D --> F["Same public key!"] - E --> F - F --> G["Two OIDC tokens issued
for same identity"] - G --> H["Server invalidates
the earlier token"] - end - - subgraph persist ["THE PERSISTENCE"] - H --> I["Dead token cached in
srpSessionData"] - I --> J["No invalidation
on 401"] - J --> K["Retries use
same dead token"] - K --> L["Circuit breaker
ignores 401"] - L --> M["Locked for up to
90% of token TTL"] - end - - subgraph recur ["THE RECURRENCE"] - M --> N["Token expires by age"] - N --> O{"Another concurrent
login from undefined path?"} - O -->|"Yes (likely)"| H - O -->|"No"| P["Success"] - end -``` - -### Why ~60% of users? - -The 60% failure rate aligns with users who have **at least one mnemonic-based account** (the vast majority). For these users, `ProfileMetricsService` calls `getBearerToken` with a specific `entropySourceId`, while other controllers call it with `undefined`. Since `undefined` maps to the same primary SRP identity, the race condition fires. Users who only have imported/hardware accounts (no mnemonic entropy source) would use the `undefined` path exclusively -- no conflicting login keys, no race condition. But because the `undefined` path never caches its token, these users still suffer from repeated unnecessary logins (issue #1), which can cause rate limiting and transient failures, though not the persistent 401 lock. - ---- - -## Root Causes (Detailed) - -### 1. Token Silently Discarded for Undefined `entropySourceId` - -**Severity: High** | **File:** `AuthenticationController.ts` lines 286-306 - -When `#setLoginResponseToState` is called with `entropySourceId = undefined`, the entire storage operation is silently skipped: - -```typescript -async #setLoginResponseToState( - loginResponse: LoginResponse, - entropySourceId?: string, -) { - const metaMetricsId = await this.#metametrics.getMetaMetricsId(); - this.update((state) => { - if (entropySourceId) { // <-- undefined is falsy, entire block skipped - state.isSignedIn = true; - if (!state.srpSessionData) { - state.srpSessionData = {}; - } - state.srpSessionData[entropySourceId] = { - ...loginResponse, - profile: { ...loginResponse.profile, metaMetricsId }, - }; - } - // When entropySourceId is undefined: NOTHING happens. - // The token is silently discarded. isSignedIn is not set. - }); -} -``` - -**How does `undefined` get there?** - -In `ProfileMetricsController._executePoll` (line 291-292), accounts without a mnemonic entropy source are grouped under the key `'null'`: - -```typescript -entropySourceId: entropySourceId === 'null' ? null : entropySourceId, -``` - -Then in `ProfileMetricsService.submitMetrics` (line 203): - -```typescript -data.entropySourceId ?? undefined // null ?? undefined → undefined -``` - -So `getBearerToken(undefined)` is called. This also happens for the ~8 other controllers that never pass an `entropySourceId` at all (BackendWebSocketService, NotificationServicesController, TokenBalancesController, BridgeController, etc.). - -**Impact:** - -- Every `getBearerToken(undefined)` call that needs a fresh login produces a valid token, but **never caches it**. -- The companion read path (`#getLoginResponseFromState(undefined)`) tries `Object.values(srpSessionData)[0]`, which returns the first stored session (typically from `performSignIn`). If `performSignIn` hasn't been called yet, or all stored sessions have expired, there is no fallback -- a fresh login is triggered every single time. -- This causes excessive authentication traffic to the auth API, increasing the probability of hitting rate limits (429) and amplifying the race condition described in issue #4. - ---- - -### 2. Bearer Token Obtained Outside the Retry Loop - -**Severity: Critical** | **File:** `ProfileMetricsService.ts` lines 200-226 - -The bearer token is obtained **once**, before the retry policy executes, and is captured in the closure: - -```typescript -async submitMetrics(data: ProfileMetricsSubmitMetricsRequest): Promise { - // Token obtained HERE, ONCE, before retries - const authToken = await this.#messenger.call( - 'AuthenticationController:getBearerToken', - data.entropySourceId ?? undefined, - ); - await this.#policy.execute(async () => { - // All retry attempts use the SAME authToken from the closure - const url = new URL(`${this.#baseURL}/profile/accounts`); - const localResponse = await this.#fetch(url, { - method: 'PUT', - headers: { - Authorization: `Bearer ${authToken}`, // same stale token on every retry - // ... - }, - // ... - }); - if (!localResponse.ok) { - throw new HttpError(localResponse.status, /* ... */); - } - }); -} -``` - -**Impact:** - -If the token is invalid at the time of the first request, all 4 attempts (1 initial + 3 retries from the default `maxRetries = 3`) fail with 401. There is no mechanism to refresh the token between retries. - ---- - -### 3. No Token Invalidation on Downstream 401 - -**Severity: Critical** | **Files:** `flow-srp.ts` lines 174-191, `AuthenticationController.ts` lines 265-284 - -When `/api/v2/profile/accounts` returns HTTP 401, the `AuthenticationController` is **never notified**. The stale token remains in `srpSessionData` and keeps being served to callers. - -The token validity check in `#getAuthSession` is purely time-based: - -```typescript -async #getAuthSession(entropySourceId?: string): Promise { - const auth = await this.#options.storage.getLoginResponse(entropySourceId); - if (!validateLoginResponse(auth)) { - return null; - } - const currentTime = Date.now(); - const sessionAge = currentTime - auth.token.obtainedAt; - const refreshThreshold = auth.token.expiresIn * 1000 * 0.9; - - if (sessionAge < refreshThreshold) { - return auth; // Returns the token even if the server already rejects it - } - return null; -} -``` - -There is no event, callback, or messenger action that allows a consumer to signal "this token was rejected, please invalidate it." - -**Impact:** - -Once a token becomes invalid server-side (for any reason), it remains cached and returned to all callers for up to **90% of `expiresIn`**. For a 1-hour token, that is ~54 minutes of persistent 401 failures. - ---- - -### 4. Login Deduplication by `entropySourceId`, Not by Identity - -**Severity: High** | **File:** `flow-srp.ts` lines 236-260 - -The `#deferredLogin` mechanism correctly prevents concurrent logins for the **same `entropySourceId`**, but different `entropySourceId` values that resolve to the **same identity** (same public key) are treated as independent: - -```typescript -async #deferredLogin(entropySourceId?: string): Promise { - const loginKey = entropySourceId ?? '__default__'; - - const existingLogin = this.#ongoingLogins.get(loginKey); - if (existingLogin) { - return existingLogin; // Deduplicates same key - } - - const loginPromise = this.#loginWithRetry(entropySourceId); - this.#ongoingLogins.set(loginKey, loginPromise); - // ... -} -``` - -**The race condition:** - -On wallet unlock, multiple controllers subscribe to `KeyringController:unlock` and begin making requests: - -```mermaid -sequenceDiagram - participant Unlock as KeyringController:unlock - participant BWS as BackendWebSocketService - participant PMC as ProfileMetricsController - participant SRP as SRPJwtBearerAuth - participant AuthAPI as Auth API - participant OIDC as OIDC Server - - Unlock-->>BWS: unlock event - Unlock-->>PMC: unlock event (starts polling) - - par Concurrent token requests - BWS->>SRP: getAccessToken(undefined) - Note over SRP: loginKey = '__default__' - SRP->>AuthAPI: Login flow (nonce, auth, OIDC) - AuthAPI-->>SRP: Token T1 - and - PMC->>SRP: getAccessToken("abc123") - Note over SRP: loginKey = 'abc123' - Note over SRP: Different key! Not deduplicated. - SRP->>AuthAPI: Login flow (nonce, auth, OIDC) - AuthAPI-->>SRP: Token T2 - end - - Note over SRP: If "abc123" is the primary SRP,
both logins use the SAME identity
but produce DIFFERENT tokens. - Note over SRP: Server-side session rotation
could invalidate T1 when T2 is issued
(or vice versa). - - BWS->>BWS: Uses T1 (possibly revoked) - PMC->>PMC: Uses T2 (possibly revoked) -``` - -When `undefined` and a specific `entropySourceId` both map to the same underlying public key (which happens when that `entropySourceId` is the primary SRP), two independent login flows execute for the **same identity**. Depending on the OIDC server's behavior: - -- **If stateless JWTs**: both tokens are valid independently. No immediate issue, but unnecessary load. -- **If reference tokens with session rotation**: the second token issuance may invalidate the first, causing 401s for any consumer still using the first token. - -**Impact:** - -This race condition is the most likely **trigger** for the initial 401. The other issues (no invalidation, stale retries) then **amplify** the failure and **extend its duration**. - ---- - -### 5. 401s Are Retried But Never Succeed - -**Severity: Medium** | **File:** `create-service-policy.ts` lines 192-205, 276-286 - -The default service policy uses `retryFilterPolicy = handleAll`, which means **all errors** (including 401) trigger retries. However, the circuit breaker only considers errors with `httpStatus >= 500` as service failures: - -```typescript -const isServiceFailure = (error: unknown): boolean => { - if (typeof error === 'object' && error !== null && - 'httpStatus' in error && typeof error.httpStatus === 'number') { - return error.httpStatus >= 500; // 401 is NOT a service failure - } - return true; -}; -``` - -`ProfileMetricsService` uses default policy options (`policyOptions = {}`), so: - -- **Retry policy**: `handleAll` with `maxRetries = 3` -- 401s ARE retried (4 total attempts), all with the same stale token. -- **Circuit breaker**: `handleWhen(isServiceFailure)` with `maxConsecutiveFailures = 12` -- 401s do NOT count toward the circuit breaker. The breaker **never opens** for 401s. - -**Impact:** - -Each 10-second poll cycle that encounters a 401 wastes 4 HTTP requests (with exponential backoff delays), and the circuit breaker never intervenes. This continues indefinitely until the token expires naturally. - ---- - -## How the Issues Compound - -The five issues create a cascading failure loop: - -```mermaid -flowchart TD - A["Wallet Unlock"] --> B["Multiple controllers call
getBearerToken() concurrently"] - B --> C{"Race condition:
same identity, different keys"} - C -->|"Two logins for same identity"| D["Server may rotate session,
invalidating first token"] - D --> E["Stale token T1 cached in
srpSessionData"] - E --> F["ProfileMetricsService.submitMetrics()
obtains T1 ONCE, before retries"] - F --> G["PUT /profile/accounts with T1"] - G --> H["401 Unauthorized"] - H --> I["Retry with same T1
(3 more times)"] - I --> H - I -->|"All retries exhausted"| J["Error logged,
batch stays in syncQueue"] - J --> K["Next poll (10s later)"] - K --> L["getBearerToken() returns
same cached stale T1"] - L --> F - K -.->|"Eventually: sessionAge > 90% expiresIn"| M["Token considered expired"] - M --> N["Fresh login, new token"] - N --> O{"Another concurrent login
from different controller?"} - O -->|Yes| D - O -->|No| P["PUT succeeds, batch removed"] -``` - -**Timeline of a typical failure cycle:** - -1. **T=0s**: Wallet unlocks. BackendWebSocketService calls `getBearerToken(undefined)`, ProfileMetricsController starts polling. -2. **T=0-2s**: Two concurrent logins for the same identity (keys `'__default__'` and `"primary-srp-id"`). Server issues T1 and T2. T1 may be invalidated. -3. **T=10s**: First poll. `submitMetrics` obtains T1 (still cached, age < 90% threshold). PUT fails with 401. Retried 3 more times. All fail. -4. **T=20s, 30s, ...**: Same cycle repeats every 10 seconds. 4 wasted requests per cycle. -5. **T = 90% of expiresIn**: Token T1 finally expires in cache. Fresh login produces T3. -6. **T = 90% + 10s**: If no concurrent login interferes, PUT succeeds. If another controller triggers a concurrent login, the cycle may restart. - ---- - -## Can a 401 Lock the User? - -### Temporary Lock: YES - -A 401-producing token remains cached in `srpSessionData` until the time-based expiry threshold is reached (`sessionAge > expiresIn * 1000 * 0.9`). During this window: - -- Every call to `getBearerToken(entropySourceId)` returns the same stale token. -- Every `submitMetrics` call fails with 401 (4 attempts each). -- Failed batches remain in `syncQueue` and are retried on the next poll cycle. - -**Lock duration** = remaining time until 90% of `expiresIn` from `obtainedAt`. - -For example, if the OIDC token has `expiresIn = 3600` (1 hour) and is invalidated at T=5 minutes: -- Remaining lock = `(3600 * 0.9) - 300` = **2940 seconds (~49 minutes)** of continuous 401 failures. - -### Permanent Lock: NO - -There is no persistent error state that prevents future authentication: - -- `syncQueue` retains failed batches -- they are always retried. -- Tokens eventually expire and trigger fresh logins. -- `performSignOut()` clears `srpSessionData`, and new logins start fresh. -- No error counter or flag gates future `getBearerToken` calls. - -### Repeating Lock: POSSIBLE - -If the conditions that caused the initial 401 (concurrent logins for the same identity) recur on each token refresh, the user can enter a repeating cycle: - -1. Token refreshed -> concurrent login invalidates it -> 401 for ~90% of TTL -2. Token refreshed again -> same thing happens -> another ~90% TTL lock -3. Repeat - -This would make `ProfileMetricsController` **effectively non-functional** for the affected user, even though there is no formal "lock" state. - ---- - -## Suggested Fixes - -### Implemented: Resolve `undefined` `entropySourceId` at the `AuthenticationController` boundary - -**Priority: Critical** | **Files:** `AuthenticationController.ts`, `flow-srp.ts`, `authentication.ts`, `flow-siwe.ts` - -**Status: Implemented** -- This single fix addresses root causes #1 (token silently discarded) and #4 (dedup race condition) with **zero consumer code changes**. - -#### The approach - -Instead of fixing the storage bug and deduplication race separately, we resolve `undefined` `entropySourceId` to the actual primary SRP entropy source ID at the earliest possible point -- inside `AuthenticationController`, before it reaches `SRPJwtBearerAuth`. - -A new private method `#getPrimaryEntropySourceId()` resolves the primary entropy source ID by calling the message-signing snap's `getAllPublicKeys` method (which always returns the primary SRP as the first entry). The result is cached in memory for the lifetime of the controller instance. - -```typescript -#cachedPrimaryEntropySourceId?: string; - -async #getPrimaryEntropySourceId(): Promise { - if (this.#cachedPrimaryEntropySourceId) { - return this.#cachedPrimaryEntropySourceId; - } - const allPublicKeys = await this.#snapGetAllPublicKeys(); - this.#cachedPrimaryEntropySourceId = allPublicKeys[0][0]; - return this.#cachedPrimaryEntropySourceId; -} -``` - -`getBearerToken`, `getSessionProfile`, and `getUserProfileLineage` all resolve `undefined` before delegating: - -```typescript -public async getBearerToken(entropySourceId?: string): Promise { - this.#assertIsUnlocked('getBearerToken'); - const resolvedId = - entropySourceId ?? (await this.#getPrimaryEntropySourceId()); - return await this.#auth.getAccessToken(resolvedId); -} -``` - -#### Why this works - -This single change implicitly fixes the two root causes that **trigger** the 401s: - -1. **Storage bug (root cause #1) eliminated**: `#setLoginResponseToState` always receives a defined `entropySourceId` now, so the `if (entropySourceId)` guard always passes. Tokens are always stored. `isSignedIn` is always set. - -2. **Dedup race (root cause #4) eliminated**: `getBearerToken(undefined)` and `getBearerToken("primary-srp-id")` now resolve to the same concrete ID before reaching `SRPJwtBearerAuth`. The `#deferredLogin` deduplication key is the same for both, so only one login fires. No more two-token race against the OIDC server. - -3. **Zero consumer changes**: All callers (`ProfileMetricsService`, `BackendWebSocketService`, `NotificationServicesController`, etc.) continue passing `undefined` or specific IDs as before. The resolution is entirely internal to `AuthenticationController`. - -#### Design note: why not use `srpSessionData` as a fast path? - -An earlier version tried to use `Object.keys(srpSessionData)[0]` as a fast path before falling back to the snap. This was rejected because if a secondary SRP authenticates first (e.g., `ProfileMetricsController` processes secondary SRP accounts before the primary), the first key in `srpSessionData` would be the secondary SRP -- not the primary. The snap's `getAllPublicKeys` is the only authoritative source for which SRP is primary. - -### Fix 2: Client-side JWT `exp` claim validation - -**Files changed**: `flow-srp.ts`, `flow-siwe.ts`, `validate-login-response.ts` - -Backend analysis confirmed that the 401s are caused by **expired tokens** -- some as old as 6 months -- being sent from recent extension versions. The client-side TTL check (`obtainedAt`/`expiresIn`) should prevent this, but can be bypassed if the persisted `expiresIn` value is corrupted to an astronomically large number. There is no runtime validation at any stage of the `srpSessionData` hydration chain (OIDC response → state storage → restoration from `chrome.storage.local`). - -As a robust defensive measure, `#getAuthSession` in both `SRPJwtBearerAuth` and `SIWEJwtBearerAuth` now decodes the JWT's `exp` claim and rejects tokens that have actually expired, regardless of what `obtainedAt`/`expiresIn` say: - -```typescript -// In validate-login-response.ts -export function isAccessTokenExpired(accessToken: string): boolean { - try { - const parts = accessToken.split('.'); - if (parts.length !== 3) { - return true; - } - const base64 = (parts[1] as string) - .replace(/-/gu, '+') - .replace(/_/gu, '/'); - const { exp } = JSON.parse(atob(base64)); - return typeof exp !== 'number' || exp * 1000 <= Date.now(); - } catch { - return true; - } -} -``` - -Used in `#getAuthSession` after the existing TTL check passes: - -```typescript -if (sessionAge < refreshThreshold) { - if (isAccessTokenExpired(auth.token.accessToken)) { - return null; // JWT actually expired — force fresh login - } - return auth; -} -``` - -#### Why this works - -- Acts as a "belt-and-suspenders" guard: even if `expiresIn` is corrupted and the TTL check passes, the JWT's own `exp` claim (set by the OIDC server) provides ground truth. -- No changes to persistence behavior (`srpSessionData` remains persisted). -- No consumer code changes required. -- Gracefully handles malformed tokens (missing `exp`, bad base64, wrong structure) by treating them as expired. - -### Remaining: Consumer-side hardening (future work) - -The remaining root causes (#2, #3, #5) relate to how consumers handle 401s **after** they occur. With the fixes above, the primary triggers for 401s are eliminated, but these consumer-side improvements would provide defense-in-depth against any future source of token invalidation (server-side revocation, natural expiry edge cases, etc.): - -- **Root cause #2** (token outside retry loop): Move token acquisition inside `policy.execute()` in `ProfileMetricsService.submitMetrics` so each retry gets a fresh token. -- **Root cause #3** (no invalidation on 401): Add an `invalidateToken` messenger action to `AuthenticationController` that consumers can call when they receive a 401, forcing a fresh login on the next `getBearerToken` call. -- **Root cause #5** (401 retried with same token): Either exclude 401 from retries (if token stays outside the loop) or let retries naturally succeed (if token moves inside the loop per fix #2). - -These are lower priority now that the triggers are eliminated, but should be addressed for robustness. - ---- - -## Summary Table - -| Issue | Type | Severity | Causes 401? | Extends 401? | Status | -|-------|------|----------|-------------|--------------|--------| -| Token discarded for `undefined` entropySourceId | Bug | High | Indirectly (excess logins) | No | **Fixed** -- resolve `undefined` to primary ID | -| Dedup by entropySourceId not identity | Race condition | High | Yes (trigger) | No | **Fixed** -- same resolution eliminates the race | -| Stale cached tokens bypass TTL check | Bug | Critical | Yes (direct cause) | Yes | **Fixed** -- JWT `exp` claim validation | -| Token outside retry loop | Design flaw | Critical | No | Yes (4x amplification) | Future work | -| No invalidation on 401 | Design flaw | Critical | No | Yes (lock for 90% TTL) | Future work | -| 401 retried with same token | Design flaw | Medium | No | Yes (wastes requests) | Future work | From 158d4e88351176acc77aae0abfc3233fe353c9a9 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:37:09 +0100 Subject: [PATCH 4/9] fix: update package and changelog files --- packages/account-tree-controller/CHANGELOG.md | 9 ++++++++- packages/account-tree-controller/package.json | 2 +- packages/assets-controllers/CHANGELOG.md | 9 ++++++++- packages/assets-controllers/package.json | 2 +- packages/bridge-controller/CHANGELOG.md | 9 ++++++++- packages/bridge-controller/package.json | 2 +- packages/bridge-status-controller/CHANGELOG.md | 9 ++++++++- packages/bridge-status-controller/package.json | 2 +- packages/claims-controller/CHANGELOG.md | 7 +++++-- packages/claims-controller/package.json | 2 +- packages/config-registry-controller/CHANGELOG.md | 9 ++++++++- packages/config-registry-controller/package.json | 2 +- packages/core-backend/CHANGELOG.md | 9 ++++++++- packages/core-backend/package.json | 2 +- packages/notification-services-controller/CHANGELOG.md | 8 +------- packages/perps-controller/CHANGELOG.md | 9 ++++++++- packages/perps-controller/package.json | 2 +- packages/profile-metrics-controller/CHANGELOG.md | 4 ++++ packages/profile-sync-controller/CHANGELOG.md | 7 ------- packages/subscription-controller/CHANGELOG.md | 9 +-------- 20 files changed, 75 insertions(+), 39 deletions(-) diff --git a/packages/account-tree-controller/CHANGELOG.md b/packages/account-tree-controller/CHANGELOG.md index 227532117dd..05fe49e6c77 100644 --- a/packages/account-tree-controller/CHANGELOG.md +++ b/packages/account-tree-controller/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [5.0.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [5.0.0] ### Added @@ -462,7 +468,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release ([#5847](https://github.com/MetaMask/core/pull/5847)) - Grouping accounts into 3 main categories: Entropy source, Snap ID, keyring types. -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@5.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@5.0.1...HEAD +[5.0.1]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@5.0.0...@metamask/account-tree-controller@5.0.1 [5.0.0]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@4.1.1...@metamask/account-tree-controller@5.0.0 [4.1.1]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@4.1.0...@metamask/account-tree-controller@4.1.1 [4.1.0]: https://github.com/MetaMask/core/compare/@metamask/account-tree-controller@4.0.0...@metamask/account-tree-controller@4.1.0 diff --git a/packages/account-tree-controller/package.json b/packages/account-tree-controller/package.json index 76549e50ab7..6ef42b35621 100644 --- a/packages/account-tree-controller/package.json +++ b/packages/account-tree-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/account-tree-controller", - "version": "5.0.0", + "version": "5.0.1", "description": "Controller to group account together based on some pre-defined rules", "keywords": [ "MetaMask", diff --git a/packages/assets-controllers/CHANGELOG.md b/packages/assets-controllers/CHANGELOG.md index 4785c88105e..e7314de9b14 100644 --- a/packages/assets-controllers/CHANGELOG.md +++ b/packages/assets-controllers/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [100.2.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [100.2.0] ### Added @@ -2773,7 +2779,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Use Ethers for AssetsContractController ([#845](https://github.com/MetaMask/core/pull/845)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.2.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.2.1...HEAD +[100.2.1]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.2.0...@metamask/assets-controllers@100.2.1 [100.2.0]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.1.0...@metamask/assets-controllers@100.2.0 [100.1.0]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.0.3...@metamask/assets-controllers@100.1.0 [100.0.3]: https://github.com/MetaMask/core/compare/@metamask/assets-controllers@100.0.2...@metamask/assets-controllers@100.0.3 diff --git a/packages/assets-controllers/package.json b/packages/assets-controllers/package.json index 0c541375c51..a7f2b0e2e6e 100644 --- a/packages/assets-controllers/package.json +++ b/packages/assets-controllers/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/assets-controllers", - "version": "100.2.0", + "version": "100.2.1", "description": "Controllers which manage interactions involving ERC-20, ERC-721, and ERC-1155 tokens (including NFTs)", "keywords": [ "MetaMask", diff --git a/packages/bridge-controller/CHANGELOG.md b/packages/bridge-controller/CHANGELOG.md index 95785df5972..5c2fd994e31 100644 --- a/packages/bridge-controller/CHANGELOG.md +++ b/packages/bridge-controller/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [69.0.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [69.0.0] ### Added @@ -1232,7 +1238,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release ([#5317](https://github.com/MetaMask/core/pull/5317)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@69.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@69.0.1...HEAD +[69.0.1]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@69.0.0...@metamask/bridge-controller@69.0.1 [69.0.0]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@68.0.0...@metamask/bridge-controller@69.0.0 [68.0.0]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@67.4.0...@metamask/bridge-controller@68.0.0 [67.4.0]: https://github.com/MetaMask/core/compare/@metamask/bridge-controller@67.3.0...@metamask/bridge-controller@67.4.0 diff --git a/packages/bridge-controller/package.json b/packages/bridge-controller/package.json index 1dbc96820a9..2c7507255de 100644 --- a/packages/bridge-controller/package.json +++ b/packages/bridge-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/bridge-controller", - "version": "69.0.0", + "version": "69.0.1", "description": "Manages bridge-related quote fetching functionality for MetaMask", "keywords": [ "MetaMask", diff --git a/packages/bridge-status-controller/CHANGELOG.md b/packages/bridge-status-controller/CHANGELOG.md index 83992a951c2..27944d4a5be 100644 --- a/packages/bridge-status-controller/CHANGELOG.md +++ b/packages/bridge-status-controller/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [68.0.2] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [68.0.1] ### Changed @@ -1003,7 +1009,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial release ([#5317](https://github.com/MetaMask/core/pull/5317)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@68.0.1...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@68.0.2...HEAD +[68.0.2]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@68.0.1...@metamask/bridge-status-controller@68.0.2 [68.0.1]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@68.0.0...@metamask/bridge-status-controller@68.0.1 [68.0.0]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@67.0.1...@metamask/bridge-status-controller@68.0.0 [67.0.1]: https://github.com/MetaMask/core/compare/@metamask/bridge-status-controller@67.0.0...@metamask/bridge-status-controller@67.0.1 diff --git a/packages/bridge-status-controller/package.json b/packages/bridge-status-controller/package.json index f42cf2ffc30..61a85b0843c 100644 --- a/packages/bridge-status-controller/package.json +++ b/packages/bridge-status-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/bridge-status-controller", - "version": "68.0.1", + "version": "68.0.2", "description": "Manages bridge-related status fetching functionality for MetaMask", "keywords": [ "MetaMask", diff --git a/packages/claims-controller/CHANGELOG.md b/packages/claims-controller/CHANGELOG.md index 4282ca2ab8c..28c4cf73dca 100644 --- a/packages/claims-controller/CHANGELOG.md +++ b/packages/claims-controller/CHANGELOG.md @@ -7,9 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.4.3] + ### Changed -- Bump `@metamask/profile-sync-controller` from `^27.0.0` to `^27.1.0` ([#7849](https://github.com/MetaMask/core/pull/7849)) +- Bump `@metamask/profile-sync-controller` from `^27.0.0` to `^28.0.0` ([#7849](https://github.com/MetaMask/core/pull/7849), [#8162](https://github.com/MetaMask/core/pull/8162)) - Bump `@metamask/controller-utils` from `^11.18.0` to `^11.19.0` ([#7995](https://github.com/MetaMask/core/pull/7995)) ## [0.4.2] @@ -80,7 +82,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `generateMessageForClaimSignature`: generate message to sign for the claim signature. - `verifyClaimSignature`: verify claim signature produced by user. -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.4.2...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.4.3...HEAD +[0.4.3]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.4.2...@metamask/claims-controller@0.4.3 [0.4.2]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.4.1...@metamask/claims-controller@0.4.2 [0.4.1]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.4.0...@metamask/claims-controller@0.4.1 [0.4.0]: https://github.com/MetaMask/core/compare/@metamask/claims-controller@0.3.1...@metamask/claims-controller@0.4.0 diff --git a/packages/claims-controller/package.json b/packages/claims-controller/package.json index 535910869e9..1aae0ce7d4f 100644 --- a/packages/claims-controller/package.json +++ b/packages/claims-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/claims-controller", - "version": "0.4.2", + "version": "0.4.3", "description": "Controller handling shield subscription claims logic", "keywords": [ "MetaMask", diff --git a/packages/config-registry-controller/CHANGELOG.md b/packages/config-registry-controller/CHANGELOG.md index e848faae8e3..ad904e3613e 100644 --- a/packages/config-registry-controller/CHANGELOG.md +++ b/packages/config-registry-controller/CHANGELOG.md @@ -7,11 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.1.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [0.1.0] ### Added - Initial release ([#7668](https://github.com/MetaMask/core/pull/7668), [#7809](https://github.com/MetaMask/core/pull/7809)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/config-registry-controller@0.1.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/config-registry-controller@0.1.1...HEAD +[0.1.1]: https://github.com/MetaMask/core/compare/@metamask/config-registry-controller@0.1.0...@metamask/config-registry-controller@0.1.1 [0.1.0]: https://github.com/MetaMask/core/releases/tag/@metamask/config-registry-controller@0.1.0 diff --git a/packages/config-registry-controller/package.json b/packages/config-registry-controller/package.json index 54dd05b506a..59eefba4520 100644 --- a/packages/config-registry-controller/package.json +++ b/packages/config-registry-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/config-registry-controller", - "version": "0.1.0", + "version": "0.1.1", "description": "Manages configuration registry for MetaMask", "keywords": [ "MetaMask", diff --git a/packages/core-backend/CHANGELOG.md b/packages/core-backend/CHANGELOG.md index d7868619c3b..04774889465 100644 --- a/packages/core-backend/CHANGELOG.md +++ b/packages/core-backend/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [6.1.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [6.1.0] ### Added @@ -232,7 +238,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - **Type definitions** - Comprehensive TypeScript types for transactions, balances, WebSocket messages, and service configurations - **Logging infrastructure** - Structured logging with module-specific loggers for debugging and monitoring -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/core-backend@6.1.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/core-backend@6.1.1...HEAD +[6.1.1]: https://github.com/MetaMask/core/compare/@metamask/core-backend@6.1.0...@metamask/core-backend@6.1.1 [6.1.0]: https://github.com/MetaMask/core/compare/@metamask/core-backend@6.0.0...@metamask/core-backend@6.1.0 [6.0.0]: https://github.com/MetaMask/core/compare/@metamask/core-backend@5.1.1...@metamask/core-backend@6.0.0 [5.1.1]: https://github.com/MetaMask/core/compare/@metamask/core-backend@5.1.0...@metamask/core-backend@5.1.1 diff --git a/packages/core-backend/package.json b/packages/core-backend/package.json index b6ae1609385..7b562857818 100644 --- a/packages/core-backend/package.json +++ b/packages/core-backend/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/core-backend", - "version": "6.1.0", + "version": "6.1.1", "description": "Core backend services for MetaMask", "keywords": [ "MetaMask", diff --git a/packages/notification-services-controller/CHANGELOG.md b/packages/notification-services-controller/CHANGELOG.md index 19802f48706..fe18b5a9016 100644 --- a/packages/notification-services-controller/CHANGELOG.md +++ b/packages/notification-services-controller/CHANGELOG.md @@ -9,18 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [22.1.0] -### Uncategorized - -- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) - ### Changed - Debounce `KeyringController:stateChange` handler to reduce redundant notification subscription calls during rapid account syncing ([#7980](https://github.com/MetaMask/core/pull/7980)) - Filter out Product Account announcements notifications older than 3 months ([#7884](https://github.com/MetaMask/core/pull/7884)) - Bump `@metamask/controller-utils` from `^11.18.0` to `^11.19.0` ([#7995](https://github.com/MetaMask/core/pull/7995)) +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [22.0.0] diff --git a/packages/perps-controller/CHANGELOG.md b/packages/perps-controller/CHANGELOG.md index 38b363d2826..ae4707a08ad 100644 --- a/packages/perps-controller/CHANGELOG.md +++ b/packages/perps-controller/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.0.1] + +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [1.0.0] ### Added @@ -42,5 +48,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump `@metamask/controller-utils` from `^11.18.0` to `^11.19.0` ([#7995](https://github.com/MetaMask/core/pull/7995)) -[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/perps-controller@1.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/perps-controller@1.0.1...HEAD +[1.0.1]: https://github.com/MetaMask/core/compare/@metamask/perps-controller@1.0.0...@metamask/perps-controller@1.0.1 [1.0.0]: https://github.com/MetaMask/core/releases/tag/@metamask/perps-controller@1.0.0 diff --git a/packages/perps-controller/package.json b/packages/perps-controller/package.json index c509d0ce501..2151050c7d9 100644 --- a/packages/perps-controller/package.json +++ b/packages/perps-controller/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/perps-controller", - "version": "1.0.0", + "version": "1.0.1", "description": "Controller for perpetual trading functionality in MetaMask", "keywords": [ "MetaMask", diff --git a/packages/profile-metrics-controller/CHANGELOG.md b/packages/profile-metrics-controller/CHANGELOG.md index 82cacc10ab1..feefdcd7f86 100644 --- a/packages/profile-metrics-controller/CHANGELOG.md +++ b/packages/profile-metrics-controller/CHANGELOG.md @@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [3.0.3] +### Changed + +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ### Fixed - Move bearer token acquisition inside the retry loop in `ProfileMetricsService.submitMetrics` so each retry attempt fetches a fresh token instead of reusing a potentially stale one ([#8144](https://github.com/MetaMask/core/pull/8144)) diff --git a/packages/profile-sync-controller/CHANGELOG.md b/packages/profile-sync-controller/CHANGELOG.md index 05b404e3184..d6fb920714a 100644 --- a/packages/profile-sync-controller/CHANGELOG.md +++ b/packages/profile-sync-controller/CHANGELOG.md @@ -9,13 +9,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [28.0.0] -### Uncategorized - -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) -- feat: bump `accounts` deps + use new `AccountProvider.createAccounts` ([#7857](https://github.com/MetaMask/core/pull/7857)) - ### Added - Expose missing public `UserStorageController` methods through its messenger ([#7976](https://github.com/MetaMask/core/pull/7976/)) diff --git a/packages/subscription-controller/CHANGELOG.md b/packages/subscription-controller/CHANGELOG.md index f80336e2dbc..afe3abb2370 100644 --- a/packages/subscription-controller/CHANGELOG.md +++ b/packages/subscription-controller/CHANGELOG.md @@ -9,19 +9,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [6.0.1] -### Uncategorized - -- feat!: Expose Accounts-owned controller/service methods through messenger ([#7976](https://github.com/MetaMask/core/pull/7976)) -- chore: secure PUBLISH_PREVIEW_NPM_TOKEN with GitHub environment ([#8011](https://github.com/MetaMask/core/pull/8011)) -- chore(subscription-controller): replace Sinon with Jest fake timers ([#7974](https://github.com/MetaMask/core/pull/7974)) -- chore: upgrade `typedoc` from `^0.24.8` to `^0.25.13` ([#7898](https://github.com/MetaMask/core/pull/7898)) -- chore: migrate Jest from v27 to v29 ([#7894](https://github.com/MetaMask/core/pull/7894)) - ### Changed - Bump `@metamask/transaction-controller` from `^62.16.0` to `^62.21.0` ([#7897](https://github.com/MetaMask/core/pull/7897), [#7996](https://github.com/MetaMask/core/pull/7996), [#8005](https://github.com/MetaMask/core/pull/8005), [#8031](https://github.com/MetaMask/core/pull/8031), [#8104](https://github.com/MetaMask/core/pull/8104), [#8140](https://github.com/MetaMask/core/pull/8140)) - Bump `@metamask/polling-controller` from `^16.0.2` to `^16.0.3` ([#7996](https://github.com/MetaMask/core/pull/7996)) - Bump `@metamask/controller-utils` from `^11.18.0` to `^11.19.0` ([#7995](https://github.com/MetaMask/core/pull/7995)) +- Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [6.0.0] From e9d637953a508d2bcfd36d82091a84629cd69b09 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:43:56 +0100 Subject: [PATCH 5/9] fix: constraints --- packages/assets-controller/package.json | 6 +++--- packages/assets-controllers/package.json | 4 ++-- packages/bridge-controller/package.json | 2 +- packages/bridge-status-controller/package.json | 2 +- packages/earn-controller/package.json | 2 +- packages/perps-controller/package.json | 2 +- packages/transaction-controller/package.json | 2 +- packages/transaction-pay-controller/package.json | 6 +++--- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/assets-controller/package.json b/packages/assets-controller/package.json index b6db9e7bbf4..f511e14a490 100644 --- a/packages/assets-controller/package.json +++ b/packages/assets-controller/package.json @@ -51,12 +51,12 @@ "@ethereumjs/util": "^9.1.0", "@ethersproject/abi": "^5.7.0", "@ethersproject/providers": "^5.7.0", - "@metamask/account-tree-controller": "^5.0.0", - "@metamask/assets-controllers": "^100.2.0", + "@metamask/account-tree-controller": "^5.0.1", + "@metamask/assets-controllers": "^100.2.1", "@metamask/base-controller": "^9.0.0", "@metamask/client-controller": "^1.0.0", "@metamask/controller-utils": "^11.19.0", - "@metamask/core-backend": "^6.1.0", + "@metamask/core-backend": "^6.1.1", "@metamask/keyring-api": "^21.5.0", "@metamask/keyring-controller": "^25.1.0", "@metamask/keyring-internal-api": "^10.0.0", diff --git a/packages/assets-controllers/package.json b/packages/assets-controllers/package.json index a7f2b0e2e6e..e2eed841856 100644 --- a/packages/assets-controllers/package.json +++ b/packages/assets-controllers/package.json @@ -54,13 +54,13 @@ "@ethersproject/contracts": "^5.7.0", "@ethersproject/providers": "^5.7.0", "@metamask/abi-utils": "^2.0.3", - "@metamask/account-tree-controller": "^5.0.0", + "@metamask/account-tree-controller": "^5.0.1", "@metamask/accounts-controller": "^37.0.0", "@metamask/approval-controller": "^8.0.0", "@metamask/base-controller": "^9.0.0", "@metamask/contract-metadata": "^2.4.0", "@metamask/controller-utils": "^11.19.0", - "@metamask/core-backend": "^6.1.0", + "@metamask/core-backend": "^6.1.1", "@metamask/eth-query": "^4.0.0", "@metamask/keyring-api": "^21.5.0", "@metamask/keyring-controller": "^25.1.0", diff --git a/packages/bridge-controller/package.json b/packages/bridge-controller/package.json index 2c7507255de..a653335a554 100644 --- a/packages/bridge-controller/package.json +++ b/packages/bridge-controller/package.json @@ -54,7 +54,7 @@ "@ethersproject/providers": "^5.7.0", "@metamask/accounts-controller": "^37.0.0", "@metamask/assets-controller": "^2.3.0", - "@metamask/assets-controllers": "^100.2.0", + "@metamask/assets-controllers": "^100.2.1", "@metamask/base-controller": "^9.0.0", "@metamask/controller-utils": "^11.19.0", "@metamask/gas-fee-controller": "^26.0.3", diff --git a/packages/bridge-status-controller/package.json b/packages/bridge-status-controller/package.json index 61a85b0843c..5d06bf1df1d 100644 --- a/packages/bridge-status-controller/package.json +++ b/packages/bridge-status-controller/package.json @@ -49,7 +49,7 @@ "dependencies": { "@metamask/accounts-controller": "^37.0.0", "@metamask/base-controller": "^9.0.0", - "@metamask/bridge-controller": "^69.0.0", + "@metamask/bridge-controller": "^69.0.1", "@metamask/controller-utils": "^11.19.0", "@metamask/gas-fee-controller": "^26.0.3", "@metamask/keyring-controller": "^25.1.0", diff --git a/packages/earn-controller/package.json b/packages/earn-controller/package.json index 0e85c12e0d3..ac31a0169db 100644 --- a/packages/earn-controller/package.json +++ b/packages/earn-controller/package.json @@ -49,7 +49,7 @@ "dependencies": { "@ethersproject/bignumber": "^5.7.0", "@ethersproject/providers": "^5.7.0", - "@metamask/account-tree-controller": "^5.0.0", + "@metamask/account-tree-controller": "^5.0.1", "@metamask/base-controller": "^9.0.0", "@metamask/controller-utils": "^11.19.0", "@metamask/keyring-api": "^21.5.0", diff --git a/packages/perps-controller/package.json b/packages/perps-controller/package.json index 2151050c7d9..359c527524e 100644 --- a/packages/perps-controller/package.json +++ b/packages/perps-controller/package.json @@ -59,7 +59,7 @@ "uuid": "^8.3.2" }, "devDependencies": { - "@metamask/account-tree-controller": "^5.0.0", + "@metamask/account-tree-controller": "^5.0.1", "@metamask/auto-changelog": "^3.4.4", "@metamask/keyring-controller": "^25.1.0", "@metamask/keyring-internal-api": "^10.0.0", diff --git a/packages/transaction-controller/package.json b/packages/transaction-controller/package.json index 5f76a26291f..07e73ea040d 100644 --- a/packages/transaction-controller/package.json +++ b/packages/transaction-controller/package.json @@ -58,7 +58,7 @@ "@metamask/approval-controller": "^8.0.0", "@metamask/base-controller": "^9.0.0", "@metamask/controller-utils": "^11.19.0", - "@metamask/core-backend": "^6.1.0", + "@metamask/core-backend": "^6.1.1", "@metamask/eth-query": "^4.0.0", "@metamask/gas-fee-controller": "^26.0.3", "@metamask/messenger": "^0.3.0", diff --git a/packages/transaction-pay-controller/package.json b/packages/transaction-pay-controller/package.json index fc83d598788..321f82ce10e 100644 --- a/packages/transaction-pay-controller/package.json +++ b/packages/transaction-pay-controller/package.json @@ -51,10 +51,10 @@ "@ethersproject/abi": "^5.7.0", "@ethersproject/contracts": "^5.7.0", "@ethersproject/providers": "^5.7.0", - "@metamask/assets-controllers": "^100.2.0", + "@metamask/assets-controllers": "^100.2.1", "@metamask/base-controller": "^9.0.0", - "@metamask/bridge-controller": "^69.0.0", - "@metamask/bridge-status-controller": "^68.0.1", + "@metamask/bridge-controller": "^69.0.1", + "@metamask/bridge-status-controller": "^68.0.2", "@metamask/controller-utils": "^11.19.0", "@metamask/gas-fee-controller": "^26.0.3", "@metamask/messenger": "^0.3.0", From 338a36db6764c2f39240ebd495b24835f1ee33dd Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:46:57 +0100 Subject: [PATCH 6/9] fix: update unreleased packages changelog entries --- packages/assets-controller/CHANGELOG.md | 6 ++++++ packages/earn-controller/CHANGELOG.md | 4 ++++ packages/transaction-controller/CHANGELOG.md | 4 ++++ packages/transaction-pay-controller/CHANGELOG.md | 6 ++++++ 4 files changed, 20 insertions(+) diff --git a/packages/assets-controller/CHANGELOG.md b/packages/assets-controller/CHANGELOG.md index 8afe9e5030c..883af9829dc 100644 --- a/packages/assets-controller/CHANGELOG.md +++ b/packages/assets-controller/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Bump `@metamask/account-tree-controller` from `^5.0.0` to `^5.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/assets-controllers` from `^100.2.0` to `^100.2.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/core-backend` from `^6.1.0` to `^6.1.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [2.3.0] ### Added diff --git a/packages/earn-controller/CHANGELOG.md b/packages/earn-controller/CHANGELOG.md index 569b83d0792..f52de2fae17 100644 --- a/packages/earn-controller/CHANGELOG.md +++ b/packages/earn-controller/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Bump `@metamask/account-tree-controller` from `^5.0.0` to `^5.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [11.1.2] ### Changed diff --git a/packages/transaction-controller/CHANGELOG.md b/packages/transaction-controller/CHANGELOG.md index c8449895024..c08026f94c1 100644 --- a/packages/transaction-controller/CHANGELOG.md +++ b/packages/transaction-controller/CHANGELOG.md @@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Use effective recipient (decoded from tx data for token transfers) when checking for existing transactions in first-time interaction logic ([#8130](https://github.com/MetaMask/core/pull/8130)) +### Changed + +- Bump `@metamask/core-backend` from `^6.1.0` to `^6.1.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [62.21.0] ### Added diff --git a/packages/transaction-pay-controller/CHANGELOG.md b/packages/transaction-pay-controller/CHANGELOG.md index a6f68b75bc3..84e234ea6d7 100644 --- a/packages/transaction-pay-controller/CHANGELOG.md +++ b/packages/transaction-pay-controller/CHANGELOG.md @@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Support gasless Relay deposits via `execute` endpoint ([#8133](https://github.com/MetaMask/core/pull/8133)) +### Changed + +- Bump `@metamask/assets-controllers` from `^100.2.0` to `^100.2.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/bridge-controller` from `^69.0.0` to `^69.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/bridge-status-controller` from `^68.0.1` to `^68.0.2` ([#8162](https://github.com/MetaMask/core/pull/8162)) + ## [16.4.1] ### Changed From d9268af5b92bdddc34733640eb5fdf3f5a44acc1 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:52:17 +0100 Subject: [PATCH 7/9] fix: update changelog --- packages/transaction-controller/CHANGELOG.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/transaction-controller/CHANGELOG.md b/packages/transaction-controller/CHANGELOG.md index c08026f94c1..9fe72bb8725 100644 --- a/packages/transaction-controller/CHANGELOG.md +++ b/packages/transaction-controller/CHANGELOG.md @@ -11,14 +11,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add optional `sourceHash` field to `MetamaskPayMetadata` for tracking source chain transaction hashes when no local transaction exists ([#8133](https://github.com/MetaMask/core/pull/8133)) -### Fixed - -- Use effective recipient (decoded from tx data for token transfers) when checking for existing transactions in first-time interaction logic ([#8130](https://github.com/MetaMask/core/pull/8130)) - ### Changed - Bump `@metamask/core-backend` from `^6.1.0` to `^6.1.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +### Fixed + +- Use effective recipient (decoded from tx data for token transfers) when checking for existing transactions in first-time interaction logic ([#8130](https://github.com/MetaMask/core/pull/8130)) + ## [62.21.0] ### Added From 3bb3e0dcb66f77915067b92b328bf8c54dccc65a Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 15:56:23 +0100 Subject: [PATCH 8/9] fix: update yarn.lock --- yarn.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/yarn.lock b/yarn.lock index 8824f837542..a62da89cf91 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2523,7 +2523,7 @@ __metadata: languageName: node linkType: hard -"@metamask/account-tree-controller@npm:^5.0.0, @metamask/account-tree-controller@workspace:packages/account-tree-controller": +"@metamask/account-tree-controller@npm:^5.0.1, @metamask/account-tree-controller@workspace:packages/account-tree-controller": version: 0.0.0-use.local resolution: "@metamask/account-tree-controller@workspace:packages/account-tree-controller" dependencies: @@ -2766,13 +2766,13 @@ __metadata: "@ethereumjs/util": "npm:^9.1.0" "@ethersproject/abi": "npm:^5.7.0" "@ethersproject/providers": "npm:^5.7.0" - "@metamask/account-tree-controller": "npm:^5.0.0" - "@metamask/assets-controllers": "npm:^100.2.0" + "@metamask/account-tree-controller": "npm:^5.0.1" + "@metamask/assets-controllers": "npm:^100.2.1" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/client-controller": "npm:^1.0.0" "@metamask/controller-utils": "npm:^11.19.0" - "@metamask/core-backend": "npm:^6.1.0" + "@metamask/core-backend": "npm:^6.1.1" "@metamask/keyring-api": "npm:^21.5.0" "@metamask/keyring-controller": "npm:^25.1.0" "@metamask/keyring-internal-api": "npm:^10.0.0" @@ -2804,7 +2804,7 @@ __metadata: languageName: unknown linkType: soft -"@metamask/assets-controllers@npm:^100.2.0, @metamask/assets-controllers@workspace:packages/assets-controllers": +"@metamask/assets-controllers@npm:^100.2.1, @metamask/assets-controllers@workspace:packages/assets-controllers": version: 0.0.0-use.local resolution: "@metamask/assets-controllers@workspace:packages/assets-controllers" dependencies: @@ -2817,14 +2817,14 @@ __metadata: "@ethersproject/providers": "npm:^5.7.0" "@metamask/abi-utils": "npm:^2.0.3" "@metamask/account-api": "npm:^1.0.0" - "@metamask/account-tree-controller": "npm:^5.0.0" + "@metamask/account-tree-controller": "npm:^5.0.1" "@metamask/accounts-controller": "npm:^37.0.0" "@metamask/approval-controller": "npm:^8.0.0" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/contract-metadata": "npm:^2.4.0" "@metamask/controller-utils": "npm:^11.19.0" - "@metamask/core-backend": "npm:^6.1.0" + "@metamask/core-backend": "npm:^6.1.1" "@metamask/eth-query": "npm:^4.0.0" "@metamask/ethjs-provider-http": "npm:^0.3.0" "@metamask/keyring-api": "npm:^21.5.0" @@ -2980,7 +2980,7 @@ __metadata: languageName: unknown linkType: soft -"@metamask/bridge-controller@npm:^69.0.0, @metamask/bridge-controller@workspace:packages/bridge-controller": +"@metamask/bridge-controller@npm:^69.0.1, @metamask/bridge-controller@workspace:packages/bridge-controller": version: 0.0.0-use.local resolution: "@metamask/bridge-controller@workspace:packages/bridge-controller" dependencies: @@ -2991,7 +2991,7 @@ __metadata: "@ethersproject/providers": "npm:^5.7.0" "@metamask/accounts-controller": "npm:^37.0.0" "@metamask/assets-controller": "npm:^2.3.0" - "@metamask/assets-controllers": "npm:^100.2.0" + "@metamask/assets-controllers": "npm:^100.2.1" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/controller-utils": "npm:^11.19.0" @@ -3026,14 +3026,14 @@ __metadata: languageName: unknown linkType: soft -"@metamask/bridge-status-controller@npm:^68.0.1, @metamask/bridge-status-controller@workspace:packages/bridge-status-controller": +"@metamask/bridge-status-controller@npm:^68.0.2, @metamask/bridge-status-controller@workspace:packages/bridge-status-controller": version: 0.0.0-use.local resolution: "@metamask/bridge-status-controller@workspace:packages/bridge-status-controller" dependencies: "@metamask/accounts-controller": "npm:^37.0.0" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" - "@metamask/bridge-controller": "npm:^69.0.0" + "@metamask/bridge-controller": "npm:^69.0.1" "@metamask/controller-utils": "npm:^11.19.0" "@metamask/gas-fee-controller": "npm:^26.0.3" "@metamask/keyring-controller": "npm:^25.1.0" @@ -3283,7 +3283,7 @@ __metadata: languageName: unknown linkType: soft -"@metamask/core-backend@npm:^6.1.0, @metamask/core-backend@workspace:packages/core-backend": +"@metamask/core-backend@npm:^6.1.1, @metamask/core-backend@workspace:packages/core-backend": version: 0.0.0-use.local resolution: "@metamask/core-backend@workspace:packages/core-backend" dependencies: @@ -3434,7 +3434,7 @@ __metadata: dependencies: "@ethersproject/bignumber": "npm:^5.7.0" "@ethersproject/providers": "npm:^5.7.0" - "@metamask/account-tree-controller": "npm:^5.0.0" + "@metamask/account-tree-controller": "npm:^5.0.1" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/controller-utils": "npm:^11.19.0" @@ -4681,7 +4681,7 @@ __metadata: resolution: "@metamask/perps-controller@workspace:packages/perps-controller" dependencies: "@metamask/abi-utils": "npm:^2.0.3" - "@metamask/account-tree-controller": "npm:^5.0.0" + "@metamask/account-tree-controller": "npm:^5.0.1" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/controller-utils": "npm:^11.19.0" @@ -5366,7 +5366,7 @@ __metadata: "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" "@metamask/controller-utils": "npm:^11.19.0" - "@metamask/core-backend": "npm:^6.1.0" + "@metamask/core-backend": "npm:^6.1.1" "@metamask/eth-block-tracker": "npm:^15.0.0" "@metamask/eth-json-rpc-provider": "npm:^6.0.0" "@metamask/eth-query": "npm:^4.0.0" @@ -5412,11 +5412,11 @@ __metadata: "@ethersproject/abi": "npm:^5.7.0" "@ethersproject/contracts": "npm:^5.7.0" "@ethersproject/providers": "npm:^5.7.0" - "@metamask/assets-controllers": "npm:^100.2.0" + "@metamask/assets-controllers": "npm:^100.2.1" "@metamask/auto-changelog": "npm:^3.4.4" "@metamask/base-controller": "npm:^9.0.0" - "@metamask/bridge-controller": "npm:^69.0.0" - "@metamask/bridge-status-controller": "npm:^68.0.1" + "@metamask/bridge-controller": "npm:^69.0.1" + "@metamask/bridge-status-controller": "npm:^68.0.2" "@metamask/controller-utils": "npm:^11.19.0" "@metamask/gas-fee-controller": "npm:^26.0.3" "@metamask/messenger": "npm:^0.3.0" From fb50a38ce1eaf714f50cea9d245b82b08f4010c2 Mon Sep 17 00:00:00 2001 From: Mathieu Artu Date: Tue, 10 Mar 2026 16:50:19 +0100 Subject: [PATCH 9/9] fix: update CHANGELOGs --- packages/assets-controllers/CHANGELOG.md | 2 ++ packages/bridge-controller/CHANGELOG.md | 1 + packages/bridge-status-controller/CHANGELOG.md | 1 + packages/perps-controller/CHANGELOG.md | 1 + 4 files changed, 5 insertions(+) diff --git a/packages/assets-controllers/CHANGELOG.md b/packages/assets-controllers/CHANGELOG.md index e7314de9b14..b6f95e270ad 100644 --- a/packages/assets-controllers/CHANGELOG.md +++ b/packages/assets-controllers/CHANGELOG.md @@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/account-tree-controller` from `^5.0.0` to `^5.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/core-backend` from `^6.1.0` to `^6.1.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [100.2.0] diff --git a/packages/bridge-controller/CHANGELOG.md b/packages/bridge-controller/CHANGELOG.md index 5c2fd994e31..68a682c0b22 100644 --- a/packages/bridge-controller/CHANGELOG.md +++ b/packages/bridge-controller/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/assets-controllers` from `^100.2.0` to `^100.2.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [69.0.0] diff --git a/packages/bridge-status-controller/CHANGELOG.md b/packages/bridge-status-controller/CHANGELOG.md index 27944d4a5be..eb64e5a7770 100644 --- a/packages/bridge-status-controller/CHANGELOG.md +++ b/packages/bridge-status-controller/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/bridge-controller` from `^69.0.0` to `^69.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [68.0.1] diff --git a/packages/perps-controller/CHANGELOG.md b/packages/perps-controller/CHANGELOG.md index ae4707a08ad..ef11baa20b2 100644 --- a/packages/perps-controller/CHANGELOG.md +++ b/packages/perps-controller/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Bump `@metamask/profile-sync-controller` from `^27.1.0` to `^28.0.0` ([#8162](https://github.com/MetaMask/core/pull/8162)) +- Bump `@metamask/account-tree-controller` from `^5.0.0` to `^5.0.1` ([#8162](https://github.com/MetaMask/core/pull/8162)) ## [1.0.0]