-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(lavamoat/lavadome): update integration to improve security #25653
base: develop
Are you sure you want to change the base?
Conversation
Builds ready [4f4ac15]
Page Load Metrics (525 ± 368 ms)
Bundle size diffs
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #25653 +/- ##
========================================
Coverage 70.02% 70.02%
========================================
Files 1443 1443
Lines 50164 50164
Branches 14039 14039
========================================
Hits 35126 35126
Misses 15038 15038 ☔ View full report in Codecov by Sentry. |
Builds ready [a5260d2]
Page Load Metrics (72 ± 10 ms)
Bundle size diffs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
Updated integration with LavaDome to enhance security by refining CSP and ensuring correct import order.
- Updated
app/manifest/v2/chrome.json
to restrict font sources to'self'
. - Updated
app/manifest/v3/chrome.json
to align CSP with LavaDome's recommendations, restricting font sources to'self'
. - Added import for
@lavamoat/lavadome-react
at the top ofapp/scripts/ui.js
to ensure secure execution order.
3 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings
Builds ready [8c8e360]
Page Load Metrics (632 ± 480 ms)
Bundle size diffs
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
(updates since last review)
The pull request focuses on enhancing security through improved LavaDome integration and various other updates.
- Removed
test-e2e-swap-playwright
job in.circleci/config.yml
, potentially streamlining CI/CD but removing swap functionality tests. - Added
trim()
method todiffOutput
in.circleci/scripts/git-diff-develop.ts
for cleaner diff results. - Removed 'sendAToken' message key across multiple localization files, ensure no references remain to avoid runtime errors.
- Updated
background.js
to improve LavaDome integration and add test-specific functionality. - Introduced
FakeKeyringBridge
inapp/scripts/lib/hardware-keyring-builder-factory.ts
for testing purposes, ensure it doesn't affect production code.
75 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR Summary
(updates since last review)
The pull request focuses on enhancing security through improved LavaDome integration and various TypeScript conversions for better maintainability and type safety.
- Updated
lavamoat/browserify/mmi/policy.json
: Modified policy to directly allow@metamask-institutional/types
package. - Added
@metamask-institutional/types
dependency: Updatedpackage.json
to include this new dependency. - Converted multiple files to TypeScript: Files under
ui/components/institutional
andui/pages/confirmations
were converted to TypeScript for improved type safety. - Removed
interactive-replacement-token-modal.js
: This file was removed, indicating its functionality is no longer needed or has been moved. - Introduced
wrong-network-notification
component: Added new files for this component, including stories and tests, to ensure proper integration and functionality.
46 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings
Quality Gate passedIssues Measures |
Builds ready [6bdd808]
Page Load Metrics (509 ± 399 ms)
Bundle size diffs
|
6bdd808 passed successfully |
Quality Gate passedIssues Measures |
Builds ready [6338a91]
Page Load Metrics (1744 ± 91 ms)
Bundle size diffs
|
Address concerns under Safe Usage: