Skip to content

Latest commit

 

History

History
274 lines (230 loc) · 19.1 KB

CHANGELOG.md

File metadata and controls

274 lines (230 loc) · 19.1 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Changed

  • Fix validation of primary type for signTypedDataV3 and signTypedDataV4 (#353)
    • It was updated to handle undefined input

Changed

  • Bump @metamask/eth-block-tracker from ^11.0.3 to ^11.0.4 (#351)
  • Bump @metamask/eth-json-rpc-provider from ^4.1.5 to ^4.1.7 (#351)
  • Bump @metamask/eth-sig-util from ^7.0.3 to ^8.1.2 (#351)
  • Bump @metamask/json-rpc-engine from ^10.0.0 to ^10.0.2 (#351)
  • Bump @metamask/rpc-errors from ^7.0.0 to ^7.0.2 (#351)
  • Bump @metamask/utils from ^9.1.0 to ^11.0.1 (#351)

Changed

  • Improved validation of primary type for signTypedDataV3 and signTypedDataV4 (#350)

Changed

  • Bump @metamask/eth-block-tracker from ^11.0.1 to ^11.0.3 (#347)

Changed

  • BREAKING: Update @metamask/rpc-errors from ^6.3.1 to ^7.0.0 (#342)
  • BREAKING: Update @metamask/json-rpc-engine from ^9.0.2 to ^10.0.0 (#342)
  • Bump @metamask/eth-json-rpc-provider from ^4.1.1 to ^4.1.5 (#342)

Removed

  • BREAKING: Remove eth_sign support (#320)
    • The functions ethSign and processEthSignMessage have been removed

Fixed

  • Allow the string "cosmos" in the "verifyingContract" field of EIP-712 signatures (#333)
    • This change was made to support Ethermint's EIP-712 implementation, which was broken by validation added in v14.0.0

Fixed

  • Request validation should not throw if verifyingContract is not defined in typed signature (#328)

Changed

  • BREAKING: Adapt to EIP-1193 provider changes by replacing the deprecated sendAsync method with the request method (#317)
    • BREAKING: Refactor providerAsMiddleware and middleware functions retryOnEmpty, block-ref to use the request method.
  • Bump @metamask/eth-block-tracker from ^10.0.0 to ^11.0.1 (#323)
  • Bump @metamask/eth-json-rpc-provider from ^4.0.0 to ^4.1.1 (#323, #317)
  • Bump @metamask/eth-sig-util from ^7.0.0 to ^7.0.3 (#323)
  • Bump @metamask/json-rpc-engine from ^9.0.0 to ^9.0.2 (#323)
  • Bump @metamask/rpc-errors from ^6.0.0 to ^6.3.1 (#323)
  • Bump @metamask/utils from ^8.1.0 to ^9.1.0 (#323)

Security

  • BREAKING: Typed signature validation only replaces 0X prefix with 0x, and contract address normalization is removed for decimal and octal values (#318)
    • Threat actors have been manipulating eth_signTypedData_v4 fields to cause failures in blockaid's detectors.
    • Extension crashes with an error when performing Malicious permit with a non-0x prefixed integer address.
    • This fixes an issue where the key value row or petname component disappears if a signed address is prefixed by "0X" instead of "0x".

Changed

  • BREAKING: Drop support for Node.js v16; add support for Node.js v20, v22 (#312)
  • Update @metamask/eth-json-rpc-provider from ^3.0.2 to ^4.0.0 (#313)
  • Update @metamask/eth-block-tracker from ^9.0.3 to ^10.0.0 (#313)
  • Update @metamask/json-rpc-engine from ^8.0.2 to ^9.0.0 (#313)

Fixed

  • Update @metamask/eth-block-tracker from ^9.0.2 to ^9.0.3 (#306)
    • Use updated versions of @metamask/eth-json-rpc-engine and @metamask/eth-json-rpc-provider
  • Update @metamask/eth-json-rpc-provider from ^2.1.0 to ^3.0.2 (#306)
    • Use updated version of @metamask/eth-json-rpc-engine
  • Update @metamask/json-rpc-engine from ^7.1.1 to ^8.0.2 (#306)
    • Maintenance updates

Fixed

  • Update from eth-block-tracker@^8.0.0 to @metamask/eth-block-tracker@^9.0.2 (#303)
    • Mitigates polling-loop related concurrency issue in the block tracker.

Added

  • Add signatureMethod property to MessageParams (#273)
  • Add version property to eth_signTypedData message params (#282)

Changed

  • Update message types (#282)

Changed

  • Bump @metamask/json-rpc-engine from 7.1.1 to 7.2.0 (#256)
  • Bump @metamask/utils from 8.1.0 to 8.2.0 (#258)
  • Bump @metamask/rpc-errors from 6.0.0 to 6.1.0 (#253)
  • Bump @metamask/eth-json-rpc-provider from 2.1.0 to 2.2.0 (#252)
  • Update retryOnEmpty middleware to not retry "execution reverted" errors (#254)

Fixed

  • Fix signTransaction and sendTransaction so it preserves transaction data instead of overwriting it (#263)

Changed

  • BREAKING: Minimum Node.js version is now v16 (#243)
  • BREAKING: Bump @metamask/utils from ^5.0.2 to ^8.1.0 (#241)
  • BREAKING: Bump @metamask/eth-json-rpc-provider from ^1.0.0 to ^2.1.0 (#245)
  • BREAKING: Migrate from eth-rpc-errors ^4.0.3 to @metamask/rpc-errors ^6.0.0 (#245)
  • BREAKING: Migrate from json-rpc-engine ^6.1.0 to @metamask/json-rpc-engine ^7.1.1 (#245)
  • Bump @metamask/eth-sig-util from ^6.0.0 to ^7.0.0 (#248)
  • Bump @metamask/eth-block-tracker from ^7.0.1 to ^8.0.0 (#245)
  • Replace deep-cloning implemantation clone with klona/full(#250)

Changed

  • Bump @metamask/eth-sig-util from ^5.0.0 to ^6.0.0 (#236)

Changed

  • Bump @metamask/utils from ^3.5.0 to ^5.0.2 (#201)
  • Bump eth-block-tracker from ^7.0.0 to ^7.0.1 (#204)

Changed

  • BREAKING: Update eth-block-tracker to v7 (#196, #188)
    • This changes the expected type of the blockTracker parameter for the following functions:
      • createBlockCacheMiddleware
      • createBlockRefMiddleware
      • createBlockRefRewriteMiddleware
      • createBlockTrackerInspectorMiddleware
      • createRetryOnEmptyMiddleware
    • Only the type change is breaking; there is no functional change here.
  • BREAKING: Add new required parameters for the fetch middleware (#192, #190)
    • The required parameters are fetch and btoa. Previously we would either use the global by that name (if one existed), or a polyfill. Those polyfills have been removed.
  • Replace json-stable-stringify with safe-stable-stringify (#104)
    • This should slightly improve performance of the inlight cache and block cache middleware

Removed

  • BREAKING: Remove providerFromEngine and providerFromMiddleware (#194)
    • These are now provided by the package @metamask/eth-json-rpc-provider instead
  • BREAKING: Remove unnecessary suppressUnauthorized option (#193)

Fixed

  • BREAKING: Fix types for createWalletMiddleware (#111)
    • This middleware had previously included a number of errors, where the type contradicted the Ethereum JSON-RPC specification and how we've been using this middleware in practice. They should all now match the specification.

Changed

  • BREAKING: Rename the package from eth-json-rpc-middleware to @metamask/eth-json-rpc-middleware (#180)
  • Change all middleware request and response types to unknown (#183)
    • This more accurately reflects the expectations of the middleware, and the way they had been used. This was required to more easily compose this middleware with others that had non-matching types.
  • The block cache and the inflight cache middleware types have been updated to include the skipCache request property (#178)
    • This property was always supported, but it was missing from the type.

Changed

  • Update @metamask/eth-sig-util from v3 to v5 (#133, #150)
  • Remove unused dependencies (#133)

Fixed

  • Fix block-ref middleware, and prevent it from making a duplicate request (#151)
  • Fix retryOnEmpty middleware and prevent it from making duplicate requests (#147)

Added

  • Add logging (#140)
    • You will not be able to see log messages by default, but you can turn them on for this library by setting the DEBUG environment variable to metamask:eth-json-rpc-middleware:* or metamask:*.

Changed

  • BREAKING: Require Node >= 14 (#137)

Added

  • Expose SafeEventEmitterProvider type (#127)

Fixed

  • Move eth-block-tracker from devDependencies to dependencies (#125)
    • We depend upon this package only for types.

Added

  • Added suppressUnauthorized param to getAccounts (#116)

Security

  • Bump node-fetch to resolve vulnerability (#115)

Fixed

  • Restore support for query strings in fetch middleware (#109)
    • As of v7.0.0, query strings were silently dropped from RPC URLs passed in. Now they are preserved, as was the case in v6.0.0.

8.0.0 - 2021-11-04

Added

  • BREAKING: Add eth_signTransaction support (#96)
    • We consider this breaking because a wallet application may not support this method, and would have to explicitly block it until its implications can be adequately represented to the user.
  • Add send method to provider and ethersProviderAsMiddleware (#97)

7.0.1 - 2021-03-26

Fixed

  • blockTrackerInspectorMiddleware (#88)
    • Due to an error introduced in #68, this middleware would sometimes hang indefinitely.

7.0.0 - 2021-03-25

Added

  • TypeScript types (#68)

Changed

  • (BREAKING) Move middleware files to /src folder (#60)
  • (BREAKING) Convert all exports to named (#81)
  • Migrate to TypeScript (#68)
  • Replace url dependency with native URL global (#67)
  • Ask bundlers to ignore Node-specific depedencies in browser environments (#78, #84)
  • Removed various unused production dependencies (#10, #80)

Removed

  • (BREAKING) Parity middleware (#63)
    • Previously imported as eth-json-rpc-middleware/wallet-parity.js
  • (BREAKING) Scaffold middleware (#60)
    • This was just a re-export from json-rpc-engine.

Fixed

  • retryOnEmpty middleware error messages (#58)
    • They were referencing a different middleware.
  • Default unrecognized methods to never be cached (#66)
  • Only publish necessary files (#70)
  • Robustify providerFromEngine callback parameter validation (#76)
    • Previously, it only errored if the parameter was falsy. Now, it will error if it is not a function.
    • Passing the previous implementation a truthy, non-function value would cause fatal downstream errors.
  • Prevent caching unrecognized requests (#75)
    • Previously, nonsense values were sometimes cached, resulting in an ugly state and possibly a minor performance penalty.

6.0.0 - 2020-09-22

Changed

  • (BREAKING) Delete VM middleware (#56)
    • Previously imported as eth-json-rpc-middleware/vm.js

5.1.0 - 2020-09-22

Changed