Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update walletconnect se-sdk #10103

Merged
merged 11 commits into from
Jul 17, 2024
Merged

feat: update walletconnect se-sdk #10103

merged 11 commits into from
Jul 17, 2024

Conversation

abretonc7s
Copy link
Contributor

@abretonc7s abretonc7s commented Jun 25, 2024
edited by sethkfman
Loading

Description

Update walletconnect se-sdk to latest 1.8.1

Related issues

Fixes:

Manual testing steps

  1. Documentation and evidence is include in the comments

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@abretonc7s abretonc7s self-assigned this Jun 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@abretonc7s abretonc7s added team-sdk SDK team WalletConnect WalletConnect related issue or bug labels Jun 25, 2024
@abretonc7s abretonc7s marked this pull request as ready for review June 25, 2024 08:56
@abretonc7s abretonc7s requested review from a team as code owners June 25, 2024 08:56
@socket-security Socket Security
Copy link

socket-security bot commented Jun 25, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@walletconnect/core@2.13.3, npm/@walletconnect/sign-client@2.13.3, npm/@walletconnect/types@2.13.3, npm/@walletconnect/utils@2.13.3, npm/@walletconnect/web3wallet@1.12.3

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@abretonc7s
Copy link
Contributor Author

@SocketSecurity ignore npm/@walletconnect/sign-client@2.13.3
@SocketSecurity ignore npm/@walletconnect/core@2.13.3
@SocketSecurity ignore npm/@walletconnect/types@2.13.3
@SocketSecurity ignore npm/@walletconnect/utils@2.13.3
@SocketSecurity ignore npm/@walletconnect/web3wallet@1.12.3

andreahaku
andreahaku previously approved these changes Jun 25, 2024
View reviewed changes
Copy link
Member

@andreahaku andreahaku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

elefantel
elefantel previously approved these changes Jun 25, 2024
View reviewed changes
Copy link
Contributor

@elefantel elefantel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@abretonc7s abretonc7s dismissed stale reviews from elefantel and andreahaku via e8e8016 June 26, 2024 10:18
@andreahaku andreahaku self-assigned this Jul 9, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Jul 15, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@walletconnect/se-sdk@1.8.1 Transitive: environment, filesystem, network, shell, unsafe +69 37.5 MB gancho_walletconnect
npm/@walletconnect/types@2.13.3 Transitive: environment, filesystem, network, shell, unsafe +40 12.9 MB lukaisailovic

🚮 Removed packages: npm/@walletconnect/se-sdk@1.8.0

View full report↗︎

@andreahaku andreahaku added Code Impact - Medium Average task code change that can relatively safely being applied to the codebase Priority - Medium Task with medium priority release-7.28.0 Issue or pull request that will be included in release 7.28.0 needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) needs-qa Any New Features that needs a full manual QA prior to being added to a release. and removed needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) labels Jul 15, 2024
@christopherferreira9 christopherferreira9 added No QA Needed Apply this label when your PR does not need any QA effort. and removed needs-qa Any New Features that needs a full manual QA prior to being added to a release. release-7.28.0 Issue or pull request that will be included in release 7.28.0 labels Jul 17, 2024
@christopherferreira9
Copy link
Contributor

QA was performed by the folks at WalletConnect themselves.

elefantel
elefantel previously approved these changes Jul 17, 2024
View reviewed changes
Copy link
Contributor

@elefantel elefantel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@christopherferreira9 christopherferreira9 added the Run Smoke E2E Triggers smoke e2e on Bitrise label Jul 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 17, 2024
edited by metamaskbot
Loading

https://bitrise.io/ Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: caaf925
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/faa81cc5-f6a3-429a-93f0-360fbd789a6c

Note

  • You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

@christopherferreira9
Copy link
Contributor

Test cases performed by WalletConnect:
image (2)

@sethkfman sethkfman removed the No QA Needed Apply this label when your PR does not need any QA effort. label Jul 17, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 17, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
6.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sethkfman
Copy link
Contributor

Team will be following up with unit testing ticket here. Deemed sufficiently tested by WC and internal team via manual testing.

sethkfman
sethkfman approved these changes Jul 17, 2024
View reviewed changes
Copy link
Contributor

@sethkfman sethkfman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@christopherferreira9 christopherferreira9 merged commit a9522c9 into main Jul 17, 2024
32 checks passed
@christopherferreira9 christopherferreira9 deleted the feat/wcupdate branch July 17, 2024 18:26
@github-actions github-actions bot locked and limited conversation to collaborators Jul 17, 2024
@metamaskbot metamaskbot added the release-7.28.0 Issue or pull request that will be included in release 7.28.0 label Jul 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sethkfman sethkfman sethkfman approved these changes

@elefantel elefantel elefantel approved these changes

@andreahaku andreahaku andreahaku left review comments

Assignees

@andreahaku andreahaku

@abretonc7s abretonc7s

Labels
Code Impact - Medium Average task code change that can relatively safely being applied to the codebase Priority - Medium Task with medium priority release-7.28.0 Issue or pull request that will be included in release 7.28.0 Run Smoke E2E Triggers smoke e2e on Bitrise team-sdk SDK team WalletConnect WalletConnect related issue or bug
Projects
PR review queue
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@abretonc7s @christopherferreira9 @sethkfman @andreahaku @elefantel @metamaskbot