Conversation
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
e9d9340 to
d6aacf5
Compare
Builds ready [d6aacf5]
Page Load Metrics (463 ± 45 ms)
|
d6aacf5 to
60da67e
Compare
Builds ready [111772b]
Page Load Metrics (539 ± 49 ms)
|
111772b to
9cdd7ff
Compare
Builds ready [8dbc38a]
Page Load Metrics (463 ± 54 ms)
|
Builds ready [45b3e50]
Page Load Metrics (414 ± 48 ms)
|
Builds ready [96b8ee4]
Page Load Metrics (595 ± 46 ms)
|
Builds ready [dcc16e5]
Page Load Metrics (516 ± 14 ms)
|
|
wow nice, this is ready |
|
this pr is ready but i recommend waiting til after the holiday |
|
Now that v9 is out, I think we're ready to start trying to land this. Could you rebase this on |
dcc16e5 to
fd144d0
Compare
|
🦇 🦇 🦇 🦇 🦇 🦇 🦇 🦇 🦇 🦇 |
Builds ready [cf71e92]
Page Load Metrics (607 ± 24 ms)
|
|
cf71e92 to
92afbc1
Compare
|
just did a manual squash + rebase |
Builds ready [92afbc1]
Page Load Metrics (531 ± 33 ms)
|
11a0576 to
92afbc1
Compare
Builds ready [92afbc1]
Page Load Metrics (1280 ± 45 ms)
|
Builds ready [115911a]
Page Load Metrics (656 ± 49 ms)
|
Builds ready [5f5e489]
Page Load Metrics (666 ± 45 ms)
|
Gudahtt
left a comment
There was a problem hiding this comment.
I tried testing this by deleting the readable-stream patch, updating the graceful-fs patch, and updating the policy file by running yarn lavamoat --autopolicy ./development/build/index.js prod. There are lots of new console warnings now during the build 🤔
Lots of new Buffer constructor deprecation warnings:
[DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
and many from LavaMoat about attempts to write read-access globals.
The Buffer warnings appeared to be from packages that we were using before, so I'm unsure why they didn't show up before 🤔.
I'm guessing the approach taken with the LavaMoat warnings is to assume the write attempts weren't all that important? I'm unsure how to investigate further, as the warning doesn't indicate where the write attempt occurred.
|
should review console warnings |
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
5f5e489 to
8fc7b20
Compare
Builds ready [d526d3f]
Page Load Metrics (559 ± 8 ms)
|
|
I looked into the that "ignoring write attempt" warning, and changed it to throw an error locally to help me debug it. It turns out that the first warning I hit in any process is caused by dart. I encounter that in every process, even those that don't touch dart at all (or so I thought). e.g. |
|
I was able to remove warnings from all build steps apart from |
|
I'm seeing a bunch of changes after running |
|
@Gudahtt the auto policy charges are likely because you made the require dynamic? we dont know to walk it then |
|
Sorry I meant from a clean working tree, after discarding the dynamic import change. I figured it was due to some platform difference (mac vs Linux) |
Gudahtt
left a comment
There was a problem hiding this comment.
I was able to confirm that the policy differences were due to platform; the changes were all related to fsevents.
These cross-platform issues do present challenges to keeping the auto policy up-to-date. We'll have to postpone adding a check in CI to ensure it has been updated, as it'll always fail for contributors using macOS (and possibly Windows). But we can make do for the time being by checking prior to each release to ensure the policy file is up-to-date. I can create a CI check in a separate PR to run on release branches only, to ensure we don't accidentally forget this step.
Similarly, we can address the various console warnings in a separate PR.
LGTM!
This PR aims to add LavaMoat in the MetaMask build system.
Regular config modifications:
Lavamoat fails to dedupe configuration when merging override configuration (E.G. x.y & x.y.z)
Override config additions: