MetaMask
feat: PPOM Version update to download files only before transaction
Description
Blockaid - download files from CDN only when transaction is received and we do not have updated files in storage.
Related issues
Fixes: MetaMask/MetaMask-planning#2110
Manual testing steps
- To to test dapp
- Submit transaction and check file downloads
- Check by switching between various networks, submitting multiple transactions.
Screenshots/Recordings
NA
Pre-merge author checklist
- [X] I’ve followed MetaMask Coding Standards.
- [X] I've clearly explained what problem this PR is solving and how it is solved.
- [X] I've linked related issues
- [X] I've included manual testing steps
- [ ] I've included screenshots/recordings if applicable
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using JSDoc format if applicable
- [X] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
- [X] I’ve properly set the pull request status:
- [X] In case it's not yet "ready for review", I've set it to "draft".
- [ ] In case it's "ready for review", I've changed it from "draft" to "non-draft".
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 50.00000% with 1 lines in your changes are missing coverage. Please review.
Project coverage is 45.55%. Comparing base (
6e8f3a0) to head (a7efa99).
| Files | Patch % | Lines |
|---|---|---|
| ...ngs/SecuritySettings/Sections/BlockaidSettings.tsx | 0.00% | 1 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #8668 +/- ##
==========================================
- Coverage 45.58% 45.55% -0.04%
==========================================
Files 1276 1273 -3
Lines 31302 31253 -49
Branches 3202 3192 -10
==========================================
- Hits 14270 14237 -33
+ Misses 16186 16176 -10
+ Partials 846 840 -6
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
E2E test started on Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/13e3e73c-944e-4ab0-861e-e160f985c34e You can also kick off another Bitrise E2E smoke test by removing and re-applying the (Run Smoke E2E) label
This PR also fixes https://app.zenhub.com/workspaces/-confirmations-secure-ux-6245e6e2348677001213b8d2/issues/gh/metamask/metamask-mobile/8797
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
hi there, I'm seeing a weird behaviour when I disable and enable the feature in settings: basically when I try to enable it, I see a Send transaction popup. Do you think this might be related to this PR? It seems to work fine on main. I cannot fully test the feature due to this issue, which prevents me to enable it back :thinking:
https://github.com/MetaMask/metamask-mobile/assets/54408225/2821fdb6-cf1d-4ec3-813e-eaf424352c2d
hey @jpuri I confirm I continue to see the behaviour I mentioned above in this branch
Bitrise
❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌
Commit hash: f8a9b9cf471b6c7f9b8e2048548edc611904acc0 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/50986b22-5284-4987-82c4-806c57980c9b
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
after QAing the PR it looks like the behaviour is as expected:
- :green_circle: The first tx/signature will get all the cdn requests
- :green_circle: After we've performed a 1st tx, the cdn request for versions will be done on every or signature
https://github.com/MetaMask/metamask-mobile/assets/54408225/83a37bea-62dd-4709-a701-0bbd9e4c25b2
- When I close the wallet, if I reopen it again and trigger a tx/signature, all the cdn requests are perfromed on the first tx/signature. I guess that's also expected?
https://github.com/MetaMask/metamask-mobile/assets/54408225/8e5f4fdc-a9c9-45dc-b74f-7d714712bafa
https://github.com/MetaMask/metamask-mobile/assets/54408225/6e158a87-a51e-4024-b46c-fc150917a5e9
- :question: Did we remove the Android friction for the toggle? Was this intentional?
https://github.com/MetaMask/metamask-mobile/assets/54408225/b5a66af4-4efe-4f74-97e8-d4a4323fe212
We do have this in the current main branch
Aside from the question, if needs to be clarified, the rest looks good @jpuri
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@metamask/[email protected] | Transitive: environment, filesystem, network, unsafe | +46 |
9.32 MB | metamaskbot |
🚮 Removed packages: npm/@metamask/[email protected]
Bitrise
✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅
Commit hash: 9e6d8619d13d5758722a1e5bea8f2c8c6968c6fe Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/486b6cee-9038-48a1-b0b4-c83efbed5d94
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Hey @seaona : thanks a lot for detailed QA. So much useful. Please check my replies:
When I close the wallet, if I reopen it again and trigger a tx/signature, all the cdn requests are perfromed on the first tx/signature. I guess that's also expected?
This is not expected in fact I could not replicate. Re-opening app should not download the files again unless the versions have been updated.
❓ Did we remove the Android friction for the toggle? Was this intentional?
Yes this is expected and now we do not initialise PPOM instance when we enable the preference, but we do that only when first transaction is received after enabling the preference.
Could we update ppom version to v1.4.5 as a separate PR so we possibly cherry pick it to an earlier release, @jpuri ?
Could we update ppom version to v1.4.5 as a separate PR so we possibly cherry pick it to an earlier release, @jpuri ?
Sure @bschorchit , let me do that.
PR to update ppom npm package in mobile repo: https://github.com/MetaMask/metamask-mobile/pull/9053
When I close the wallet, if I reopen it again and trigger a tx/signature, all the cdn requests are perfromed on the first tx/signature. I guess that's also expected?
I've tried again and cannot repro. I think what I'm seeing now it's expected: when I close the app and re-open it again, I only see 1 request which fetches the version https://static.cx.metamask.io/api/v1/confirmations/ppom/ppom_version.json?_=1711441255281. Since no version has changed, I only see this one request.
I think that's correct :+1:
https://github.com/MetaMask/metamask-mobile/assets/54408225/93b05aa3-1207-4414-a10a-b6655198fe12
Bitrise
✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅
Commit hash: d408254e871209d1b3b2973f26e3cdc2c0869cc5 Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/5ab5560d-5547-4578-86b2-3d7609306bee
[!NOTE]
- You can kick off another
pr_smoke_e2e_pipelineon Bitrise by removing and re-applying theRun Smoke E2Elabel on the pull request
Quality Gate passed
Issues
2 New issues
0 Accepted issues
Measures
0 Security Hotspots
50.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}