core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon MetaMask

chore: update to Jest 29 and fix tests

Open cryptodev-2s opened this issue 1 month ago • 2 comments

Explanation

References

Checklist

  • [ ] I've updated the test suite for new or updated code as appropriate
  • [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • [ ] I've communicated my changes to consumers by updating changelogs for packages I've changed
  • [ ] I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

[!NOTE] Upgrade Jest to v29 across the monorepo, update related deps (ts-jest, jsdom, types), and fix/refresh tests and snapshots accordingly.

  • Testing/Infra:
    • Upgrade jest to v29 repo-wide; bump ts-jest to v29, jest-environment-jsdom to v29, and @types/jest to v29.
  • Tests:
    • Refresh inline snapshots and expectations to new formatting.
    • Update/migrate test utilities and mocks (e.g., messenger call/publish typing, APIs) for Jest 29.
  • Dependencies:
    • Update related tooling (e.g., jsdom v20 and supporting packages) and refresh yarn.lock.

Written by Cursor Bugbot for commit 7ad5f4381f749c5cb3a3e7af8efc8590c1c92773. This will update automatically on new commits. Configure here.

cryptodev-2s avatar Nov 27 '25 21:11 cryptodev-2s

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedjest-environment-jsdom@​28.1.3 ⏵ 29.7.010010066 +190 -1100
Updatedjest@​28.1.3 ⏵ 29.7.01001006891100
Updated@​types/​jest@​29.5.12 ⏵ 29.5.141001007781100
Updated@​babel/​core@​7.26.0 ⏵ 7.28.5981008093100
Updatedts-jest@​28.0.8 ⏵ 29.4.597 +110094 +190100
Updatedeslint-plugin-jest@​28.10.0 ⏵ 29.2.199 +1100100 +199 +9100

View full report

socket-security[bot] avatar Nov 27 '25 21:11 socket-security[bot]

[!CAUTION] MetaMask internal reviewing guidelines:

  • Do not ignore-all
  • Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
  • Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
    @SocketSecurity ignore npm/PACKAGE@VERSION
Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Network access: npm @typescript-eslint/typescript-estree in module globalThis["fetch"]

Module: globalThis["fetch"]

Location: Package overview

From: ?npm/[email protected]npm/@typescript-eslint/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: npm @typescript-eslint/utils in module globalThis["fetch"]

Module: globalThis["fetch"]

Location: Package overview

From: package.jsonnpm/[email protected]npm/@typescript-eslint/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Publisher changed: npm create-jest is now published by simenb instead of cpojer

New Author: simenb

Previous Author: cpojer

From: ?npm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Publisher changed: npm handlebars is now published by jaylinski instead of knappi

New Author: jaylinski

Previous Author: knappi

From: packages/account-tree-controller/package.jsonnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security[bot] avatar Nov 27 '25 21:11 socket-security[bot]