Bump snaps packages

[FrederikBolding]

Description

Bump snaps packages to latest.

This release adds some under the hood support for a new keyring export. It also adds support for showing SVGs in snaps custom UI.

As part of bumping the packages we had to update TypeScript as well. We had a long-standing patch to TypeScript that could be easily replaced with a small patch to LavaMoat to enable overrideTaming. This feature is also set to be enabled in the next version of LavaMoat.

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@metamask/snaps-ui	3.0.0	None	+0	63.5 kB
@metamask/rpc-methods	3.0.0	None	+2	1.2 MB
@metamask/snaps-controllers	3.0.0	None	+4	7.4 MB
@metamask/snaps-utils	3.0.0	None	+1	718 kB	metamaskbot
typescript	4.4.4...4.5.5	None	+0/-0	64 MB	typescript-bot

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: @metamask/[email protected], @metamask/[email protected], @metamask/[email protected], @metamask/[email protected]

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

[metamaskbot]

Builds ready [a499bb1]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (897 ± 468 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	86	180	116	21	10
		domContentLoaded	68	146	102	22	11
		load	80	2363	897	975	468
		domInteractive	68	146	102	22	11

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 549 Bytes (0.01%)
• ui: 1.38 KiB (0.02%)
• common: 22.15 KiB (0.46%)

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (5236e02) 68.64% compared to head (a499bb1) 68.64%.
Report is 3 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #21255   +/-   ##
========================================
  Coverage    68.64%   68.64%           
========================================
  Files         1017     1017           
  Lines        40797    40797           
  Branches     10893    10893           
========================================
  Hits         28004    28004           
  Misses       12793    12793           

Files	Coverage Δ
shared/constants/snaps/permissions.ts	100.00% <ø> (ø)
.../metamask-template-renderer/safe-component-list.js	100.00% <ø> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[FrederikBolding]

@SocketSecurity ignore @metamask/[email protected]
@SocketSecurity ignore @metamask/[email protected]
@SocketSecurity ignore @metamask/[email protected]
@SocketSecurity ignore @metamask/[email protected]

We own these and they are published, not sure why Socket can't find them.

[legobeat]

Is it expected and accepted that we now use two different instances of snaps-controllers and thereby two distinct versions of snaps-execution-environment?

Old version is still used through @metamask/keyring-api and @metamask/eth-snap-keyring.

[danroc]

In the keyring-api, it was updated on version 1.0.0-rc.1 (pending approval to publish), and once it's released, I'll update the eth-snap-keyring too.

This should be part of #21246, which is stacked over this PR.

[FrederikBolding]

Yeah, this should be fine. snaps-controllers should only be used for types in keyring-api etc, it shouldn't be a problem. snaps-execution-environment isn't directly in use by the extension at all, as it uses the iframe hosted externally.