Bump Browserify

[FrederikBolding]

Description

Bumps Browserify to the latest version, this allows us to start using readable-stream@v3 features and also dedupes some dependencies.

[FrederikBolding]

@metamaskbot update-policies

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@metamask/eslint-config-jest	9.0.0	None	+0	5.9 kB	gudahtt
@types/gulp-sourcemaps	0.0.35	None	+0	6.13 kB	types
@testing-library/react	10.4.9	eval, environment	+0	5.22 MB	testing-library-bot

🚮 Removed packages: browserify@16.5.2, mocha@9.2.2

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
New author	@metamask/eslint-config-jest	9.0.0	New Author: gudahtt Previous Author: rekmarks	package.json
Unmaintained	header-case	1.0.1	Last Publish: 12/2/2020, 12:32:04 AM	@truffle/codec@0.14.17, @truffle/decoder@5.5.0 via package.json

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What are unmaintained packages?

Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed.

Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @metamask/eslint-config-jest@9.0.0
• @SocketSecurity ignore header-case@1.0.1

[FrederikBolding]

@metamaskbot update-policies

[metamaskbot]

Policies updated

[metamaskbot]

Builds ready [80a1dcf]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1696 ± 138 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	106	242	153	35	17
		domContentLoaded	1398	2481	1696	286	138
		load	1398	2481	1696	286	138
		domInteractive	1398	2481	1696	286	138

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 340 Bytes (0.01%)
• ui: -13.88 KiB (-0.17%)
• common: 63.71 KiB (1.39%)

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (a3a99aa) 68.25% compared to head (b17b181) 68.25%.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #20946   +/-   ##
========================================
  Coverage    68.25%   68.25%           
========================================
  Files         1006     1006           
  Lines        40184    40184           
  Branches     10742    10742           
========================================
  Hits         27424    27424           
  Misses       12760    12760           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[jiexi]

Brought these changes into: #20917

So going to close this PR. Thank you, @FrederikBolding

[metamaskbot]

Builds ready [48bd458]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1446 ± 29 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	109	151	126	12	6
		domContentLoaded	1336	1541	1446	60	29
		load	1336	1541	1446	60	29
		domInteractive	1336	1541	1446	60	29

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 340 Bytes (0.01%)
• ui: -13.88 KiB (-0.17%)
• common: 63.71 KiB (1.39%)

[legobeat]

Reopened after chat with @jiexi . We agreed the browserify update is warranted to be done independently.

[legobeat]

@SocketSecurity ignore @metamask/eslint-config-jest@9.0.0

"new author" ok, unrelated

[legobeat]

@SocketSecurity ignore header-case@1.0.1

unmaintained ok; unrelated

[FrederikBolding]

@legobeat Updated description and re-ran failed CI. Should be good to review!

[metamaskbot]

Builds ready [b17b181]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1743 ± 78 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	122	213	159	26	12
		domContentLoaded	1527	2082	1740	159	76
		load	1527	2106	1743	163	78
		domInteractive	1527	2082	1740	159	76

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 340 Bytes (0.01%)
• ui: -13.88 KiB (-0.17%)
• common: 63.71 KiB (1.39%)

[legobeat]

Nice!