Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add notifications sdk/actions interactions - 2/7 #10297

Closed
wants to merge 16 commits into from
Closed

feat: add notifications sdk/actions interactions - 2/7 #10297

wants to merge 16 commits into from

Conversation

Jonathansoufer
Copy link
Contributor

Description

This PR aims to add all the actions and controllers connections to be used as a foundation of all UI and flows of notifications features. There's no UI change at this stage.

Related issues

Fixes:

Manual testing steps

  1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@Jonathansoufer Jonathansoufer self-assigned this Jul 14, 2024
@Jonathansoufer Jonathansoufer requested review from a team as code owners July 14, 2024 15:47
@github-actions GitHub Actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@Jonathansoufer Jonathansoufer added No QA Needed Apply this label when your PR does not need any QA effort. team-mobile-platform team-notifications Notifications team labels Jul 14, 2024
@Jonathansoufer Jonathansoufer changed the title Feat/add notifications sdk interactions feat: add notifications sdk/actions interactions - 1/7 Jul 14, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Jul 14, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@contentful/rich-text-types@16.6.1 None 0 138 kB contentful-ecosystem
npm/@metamask/notification-services-controller@0.1.1 network Transitive: environment, filesystem +106 116 MB metamaskbot
npm/@metamask/profile-sync-controller@0.1.2 network Transitive: environment +25 21.3 MB metamaskbot
npm/@noble/ciphers@0.5.3 None 0 624 kB paulmillr
npm/@protobufjs/aspromise@1.1.2 None 0 9.05 kB dcode
npm/@types/node@20.14.10 None +1 2.16 MB types
npm/apg-js@4.4.0 filesystem 0 1.46 MB ldthomas
npm/contentful@10.12.8 environment, eval, filesystem, network +9 5.6 MB contentful-ecosystem
npm/foreach@2.0.6 None 0 8.73 kB manuelstofer
npm/loglevel@1.9.1 None 0 639 kB pimterry

🚮 Removed packages: npm/@types/node@20.12.8, npm/contentful@10.8.7

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Jul 14, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Network access npm/@protobufjs/fetch@1.1.0 🚫
Network access npm/faye-websocket@0.11.4 🚫
Network access npm/faye-websocket@0.11.4 🚫
Network access npm/websocket-driver@0.7.4 🚫
New author npm/@metamask/obs-store@9.0.0 🚫
Network access npm/@grpc/grpc-js@1.9.15 🚫
Network access npm/@grpc/grpc-js@1.9.15 🚫
Network access npm/@grpc/grpc-js@1.9.15 🚫
Network access npm/@grpc/grpc-js@1.9.15 🚫
Network access npm/@grpc/grpc-js@1.9.15 🚫
Network access npm/protobufjs@7.3.2 🚫
Install scripts npm/protobufjs@7.3.2
  • Install script: postinstall
  • Source: node scripts/postinstall
 🚫
Network access npm/ethers@6.13.1 🚫
Network access npm/ethers@6.13.1 🚫
Network access npm/ethers@6.13.1 🚫
Network access npm/@metamask/notification-services-controller@0.1.1 🚫
Network access npm/@metamask/profile-sync-controller@0.1.2 🚫
Network access npm/@firebase/analytics@0.10.5 🚫
Network access npm/@firebase/app-check@0.8.5 🚫
Network access npm/@firebase/auth@1.7.5 🚫
Network access npm/@firebase/auth@1.7.5 🚫
Network access npm/@firebase/functions@0.11.6 🚫
Network access npm/@firebase/installations@0.6.8 🚫
Network access npm/@firebase/messaging@0.12.10 🚫
Network access npm/@firebase/performance@0.6.8 🚫
Network access npm/@firebase/remote-config@0.4.8 🚫
Network access npm/@firebase/vertexai-preview@0.0.3 🚫

View full report↗︎

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@protobufjs/fetch@1.1.0
  • @SocketSecurity ignore npm/faye-websocket@0.11.4
  • @SocketSecurity ignore npm/websocket-driver@0.7.4
  • @SocketSecurity ignore npm/@metamask/obs-store@9.0.0
  • @SocketSecurity ignore npm/@grpc/grpc-js@1.9.15
  • @SocketSecurity ignore npm/protobufjs@7.3.2
  • @SocketSecurity ignore npm/ethers@6.13.1
  • @SocketSecurity ignore npm/@metamask/notification-services-controller@0.1.1
  • @SocketSecurity ignore npm/@metamask/profile-sync-controller@0.1.2
  • @SocketSecurity ignore npm/@firebase/analytics@0.10.5
  • @SocketSecurity ignore npm/@firebase/app-check@0.8.5
  • @SocketSecurity ignore npm/@firebase/auth@1.7.5
  • @SocketSecurity ignore npm/@firebase/functions@0.11.6
  • @SocketSecurity ignore npm/@firebase/installations@0.6.8
  • @SocketSecurity ignore npm/@firebase/messaging@0.12.10
  • @SocketSecurity ignore npm/@firebase/performance@0.6.8
  • @SocketSecurity ignore npm/@firebase/remote-config@0.4.8
  • @SocketSecurity ignore npm/@firebase/vertexai-preview@0.0.3

@metamaskbot metamaskbot added the team-snaps-platform Snaps Platform team label Jul 14, 2024
@Jonathansoufer Jonathansoufer changed the title feat: add notifications sdk/actions interactions - 1/7 feat: add notifications sdk/actions interactions - 2/7 Jul 14, 2024
@Jonathansoufer Jonathansoufer changed the title feat: add notifications sdk/actions interactions - 2/7 feat: add notifications sdk/actions interactions - 1/7 Jul 14, 2024
@Jonathansoufer Jonathansoufer changed the title feat: add notifications sdk/actions interactions - 1/7 feat: add notifications sdk/actions interactions - 2/7 Jul 15, 2024
@Jonathansoufer Jonathansoufer deleted the feat/add-notifications-sdk-interactions branch July 15, 2024 08:25
@github-actions github-actions bot locked and limited conversation to collaborators Jul 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@Jonathansoufer Jonathansoufer

Labels
No QA Needed Apply this label when your PR does not need any QA effort. team-mobile-platform team-notifications Notifications team team-snaps-platform Snaps Platform team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jonathansoufer @metamaskbot