Merge remote-tracking branch 'origin/main' into refactor/app-components-v5-compat

Author: DDDDDanica

CHANGELOG.md

@@ -7,6 +7,74 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [13.6.0]
+
+### Added
+
+- Integrated Backend WebSocket Service and Account Activity Service for real-time balance updates (feature-flagged) (#36819)
+- Added Bitcoin provider feature flag support for runtime control via addBitcoinAccount flag (#36676)
+- Adds network logo and native token logo for Plasma Mainnet network (#36456)
+- Show skeleton loader when loading status for Shield Coverage (#36888)
+- Added support for the Irish (Gaeilge) language (#36088)
+- Added user's eligibility check for shield subscription Added an option to submit user subscription event from (#36835)
+  the shield entry modal
+- Added support for Hourly, Bi-Weekly (14 days), Monthly (30 days), and Yearly (365 days) duration periods. (#36706)
+- Added shield subscription error toasts (#36718)
+- Create add funds modal (#36592)
+- Added new toast component (#36408)
+- Add file upload component (#35779)
+- Auto turn on some settings when shield is active (#36343)
+- Bitcoin v1.3.0 release. (#36753)
+- Integrated Shield Entry Modal with SubscriptionController (#36588)
+  Upgraded SubscriptionController to `v1.0.0`.
+  Added `ShieldSubscriptionContext` to watch subscription
+  status
+- Added snap accounts link and account watcher option to multichain account list (#36717)
+- Added new label to BTC assets in the Tokens tab (#36574)
+- Added Bitcoin network support for Bridge functionality (#35597)
+- Enable BIP44 Bitcoin accounts (#36510)
+- Make token detail chart % change when changing time frames and hovering (#36664)
+- Add claims submission form (#35790)
+- Show user account instead of payer address in transaction shield (#36610)
+  fix translation date for crypto insufficient funding
+- Adds hide and pin options to account item menu (#37012)
+
+### Fixed
+
+- Fixed a bug that was causing the same token to be added twice from search (#36727)
+- Improve perceived performance after importing a new SRP (#36882)
+- Empty select rpc modal (#36876)
+- Replace eye icon with a hover interaction to hide balances (#36543)
+- Fixed a bug causing users to still see tokens with zero balance when the setting "hideTokensWithZeroBalance" is enabled. (#36821)
+- Add changes to enable Snap accounts link to stable (#36770)
+- Fixed a bug that caused ENS content hashes not to resolve properly (#36812)
+- Correct transaction shield coverage text style (#36810)
+- Fixed `ShieldController.init` in `SubscriptionController:stateChange` event listener (#36779)
+  fixed `SubscriptionController` polling
+  refactor `useUserSubscription` hook usage.
+- Use template for dollar amount on locale (#36741)
+- Update notifications enabled by default feature flag to control rollout (#36724)
+- Increase our security posture by locking down `cross_origin_opener_policy` to `same-origin-allow-popups` openers only. (#36500)
+- Show correct available token amount in shield subscription plan (#36494)
+- Design team’s review have been implemented (#36523)
+- Helps with ongoing performance regressions when using Solana (#36613)
+- Fixes a bug where first permitting accounts via the EVM provider would cause all requests to the Solana Wallet Standard provider (#36434)
+  to fail with an `The requested account and/or method has not been
+authorized by the user.` error until the user fully revoked dapp
+  permissions and then permitted accounts using the Solana Wallet Standard
+  provider first.
+- Patched ShieldController to `v0.3.2`. (#36809)
+- Fixes positioning issues for dropdowns, tooltips, and popovers (#36967)
+- Fixes a bug where the wallet would not prompt the user (#36963)
+  for unlock and would silently drop personal_sign requests when the
+  wallet was locked and the user was opted into MetaMetrics
+- Renders missing network row in transaction confirmations (#37048)
+- Adds address pattern matching to accounts list search (#37005)
+- Migrates user's existing pinned and hidden state to multichain account designs (#37017)
+- Tweaks messaging for degraded and unavailable networks (#37082)
+- When adding a network the selectedNetworkClientId was not being updated and many of our components still depend on it (#37062)
+- Ensures same toast avatar icon is displayed for the same account when switching to a different account that isn't connected (#37124)
+
 ## [13.5.0]
 
 ### Added
@@ -67,7 +135,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Removed `secure-your-wallet` page and updated `backup-seed-phrase` pages (#36152)
-
 - Remove blockie-identicon and the 'blo' dependency (#36429)
 - Remove extra add network modal (#36309)
 - Changed account selector copy to read x network address(es) (#36293)
@@ -890,7 +957,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - This changelog was split off with 12.22.0
 - All older changes can be found in [docs/CHANGELOG_older.md](https://github.com/MetaMask/metamask-extension/blob/main/docs/CHANGELOG_older.md)
 
-[Unreleased]: https://github.com/MetaMask/metamask-extension/compare/v13.5.0...HEAD
+[Unreleased]: https://github.com/MetaMask/metamask-extension/compare/v13.6.0...HEAD
+[13.6.0]: https://github.com/MetaMask/metamask-extension/compare/v13.5.0...v13.6.0
 [13.5.0]: https://github.com/MetaMask/metamask-extension/compare/v13.4.3...v13.5.0
 [13.4.3]: https://github.com/MetaMask/metamask-extension/compare/v13.4.2...v13.4.3
 [13.4.2]: https://github.com/MetaMask/metamask-extension/compare/v13.4.1...v13.4.2

app/_locales/en/messages.json

@@ -272,13 +272,30 @@ const sendReadyMessageToTabs = async () => {
  * @param {MetamaskController} theController
  */
 function maybeDetectPhishing(theController) {
+  /**
+   * Redirects a tab to the phishing warning page.
+   *
+   * @param {number} tabId - The ID of the tab to redirect
+   * @param {string} url - The URL to redirect to (phishing warning page)
+   * @returns {Promise<boolean>} Returns true if the redirect was successful, false otherwise.
+   *   Returns false for Google pre-fetch requests or if the redirect fails.
+   */
   async function redirectTab(tabId, url) {
     try {
-      return await browser.tabs.update(tabId, {
+      const tab = await browser.tabs.get(tabId);
+
+      // Prevent redirect when due to Google pre-fetching
+      if (tab.url && tab.url.startsWith('https://www.google.com/search')) {
+        return false;
+      }
+
+      await browser.tabs.update(tabId, {
         url,
       });
+      return true;
     } catch (error) {
-      return sentry?.captureException(error);
+      sentry?.captureException(error);
+      return false;
     }
   }
   // we can use the blocking API in MV2, but not in MV3
@@ -354,47 +371,59 @@ function maybeDetectPhishing(theController) {
         blockedUrl = details.initiator;
       }
 
-      if (!isFirefox) {
-        theController.metaMetricsController.trackEvent(
-          {
-            // should we differentiate between background redirection and content script redirection?
-            event: MetaMetricsEventName.PhishingPageDisplayed,
-            category: MetaMetricsEventCategory.Phishing,
-            properties: {
-              url: blockedUrl,
-              referrer: {
-                url: blockedUrl,
-              },
-              reason: blockReason,
-              requestDomain: blockedRequestResponse.result
-                ? hostname
-                : undefined,
-            },
-          },
-          {
-            excludeMetaMetricsId: true,
-          },
-        );
-      }
       const querystring = new URLSearchParams({ hostname, href });
       const redirectUrl = new URL(phishingPageHref);
       redirectUrl.hash = querystring.toString();
       const redirectHref = redirectUrl.toString();
 
+      // Helper function to track phishing page metrics
+      const trackPhishingMetrics = () => {
+        if (!isFirefox) {
+          theController.metaMetricsController.trackEvent(
+            {
+              // should we differentiate between background redirection and content script redirection?
+              event: MetaMetricsEventName.PhishingPageDisplayed,
+              category: MetaMetricsEventCategory.Phishing,
+              properties: {
+                url: blockedUrl,
+                referrer: {
+                  url: blockedUrl,
+                },
+                reason: blockReason,
+                requestDomain: blockedRequestResponse.result
+                  ? hostname
+                  : undefined,
+              },
+            },
+            {
+              excludeMetaMetricsId: true,
+            },
+          );
+        }
+      };
+
       // blocking is better than tab redirection, as blocking will prevent
       // the browser from loading the page at all
       if (isManifestV2) {
         // We can redirect `main_frame` requests directly to the warning page.
         // For non-`main_frame` requests (e.g. `sub_frame` or WebSocket), we cancel them
         // and redirect the whole tab asynchronously so that the user sees the warning.
         if (details.type === 'main_frame') {
+          trackPhishingMetrics();
           return { redirectUrl: redirectHref };
         }
-        redirectTab(details.tabId, redirectHref);
+        redirectTab(details.tabId, redirectHref).then((redirected) => {
+          if (redirected) {
+            trackPhishingMetrics();
+          }
+        });
         return { cancel: true };
       }
-      // redirect the whole tab (even if it's a sub_frame request)
-      redirectTab(details.tabId, redirectHref);
+      redirectTab(details.tabId, redirectHref).then((redirected) => {
+        if (redirected) {
+          trackPhishingMetrics();
+        }
+      });
       return {};
     },
     {

app/_locales/en_GB/messages.json

@@ -4,6 +4,7 @@ import { RpcEndpointType } from '@metamask/network-controller';
 import { rpcErrors } from '@metamask/rpc-errors';
 import { cloneDeep } from 'lodash';
 import { MESSAGE_TYPE } from '../../../../../shared/constants/app';
+import { FEATURED_RPCS } from '../../../../../shared/constants/network';
 import {
   validateAddEthereumChainParams,
   switchChain,
@@ -134,9 +135,6 @@ async function addEthereumChainHandler(
           rpcIndex = clonedNetwork.rpcEndpoints.length - 1;
         }
 
-        // The provided rpc endpoint becomes the default
-        clonedNetwork.defaultRpcEndpointIndex = rpcIndex;
-
         if (firstValidBlockExplorerUrl) {
           // If a block explorer was provided and it doesn't exist, add a new one
           if (blockExplorerIndex === -1) {
@@ -163,6 +161,13 @@ async function addEthereumChainHandler(
         );
       } else {
         // A network for this chain id does not exist, so add a new network
+
+        // If a featured RPC endpoint exists for this chain, include it and keep it as default
+        const featured = FEATURED_RPCS.find((f) => f.chainId === chainId);
+        const featuredEndpoint = featured
+          ? featured.rpcEndpoints[featured.defaultRpcEndpointIndex]
+          : undefined;
+
         updatedNetwork = await addNetwork({
           blockExplorerUrls: firstValidBlockExplorerUrl
             ? [firstValidBlockExplorerUrl]
@@ -171,10 +176,12 @@ async function addEthereumChainHandler(
             ? 0
             : undefined,
           chainId,
+          // Keep featured (if present) as the first and default endpoint
           defaultRpcEndpointIndex: 0,
           name: chainName,
           nativeCurrency: ticker,
           rpcEndpoints: [
+            ...(featuredEndpoint ? [featuredEndpoint] : []),
             {
               url: firstValidRPCUrl,
               name: chainName,
@@ -188,8 +195,16 @@ async function addEthereumChainHandler(
     }
   }
 
-  const { networkClientId } =
-    updatedNetwork.rpcEndpoints[updatedNetwork.defaultRpcEndpointIndex];
+  const existingNetworkClientId =
+    existingNetwork?.rpcEndpoints?.[existingNetwork.defaultRpcEndpointIndex]
+      ?.networkClientId;
+
+  const updatedNetworkClientId =
+    updatedNetwork?.rpcEndpoints?.[updatedNetwork.defaultRpcEndpointIndex]
+      ?.networkClientId;
+
+  // Determines the specific RPC endpoint to use
+  const networkClientId = existingNetworkClientId ?? updatedNetworkClientId;
 
   return switchChain(res, end, chainId, networkClientId, {
     isAddFlow: true,