chore: aligning dependencies with the metamask-design-system

georgewrmarshall commented 2 weeks ago

Description

This PR aligns the dependency versions and configuration files (TypeScript, ESLint, Prettier) in the design-tokens repository with those used in the metamask-design-system monorepo, as part of the migration process. This alignment addresses compatibility issues and ensures that the configurations between the repositories are consistent, making future maintenance more straightforward.

Manual testing steps

Review dependency versions and configuration files (TypeScript, ESLint, Prettier) to ensure they are consistent with the metamask-design-system monorepo.
Verify that there are no errors or compatibility issues introduced by these changes. e.g yarn lint yarn build

Pre-merge author checklist

[x] I’ve followed MetaMask Coding Standards.
[x] I've clearly explained what problem this PR is solving and how it is solved.
[x] I've linked related issues.
[ ] I've included manual testing steps.
[ ] I've included screenshots/recordings if applicable.
[ ] I’ve included tests if applicable.
[ ] I’ve documented my code using JSDoc format if applicable.
[x] I’ve applied the right labels on the PR (see labeling guidelines).

Pre-merge reviewer checklist

[ ] I've manually tested the PR (e.g., pull and build branch, run the app, test code being changed).
[ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and/or screenshots.

socket-security[bot] commented 2 weeks ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@jest/console@27.5.1	None	`0`	21.6 kB	simenb
npm/@jest/core@27.5.1	unsafe	`+1`	180 kB	simenb
npm/@jest/environment@27.5.1	None	`0`	12.4 kB	simenb
npm/@jest/fake-timers@27.5.1	None	`0`	26.5 kB	simenb
npm/@jest/globals@27.5.1	None	`0`	3.56 kB	simenb
npm/@jest/reporters@27.5.1	environment, unsafe	`0`	103 kB	simenb
npm/@jest/source-map@27.5.1	None	`0`	5.65 kB	simenb
npm/@jest/test-result@27.5.1	None	`0`	17.1 kB	simenb
npm/@jest/test-sequencer@27.5.1	None	`0`	10.5 kB	simenb
npm/@jest/transform@27.5.1	Transitive: filesystem	`+2`	74.3 kB	simenb
npm/@jest/types@27.5.1	None	`0`	27.6 kB	simenb
npm/@sinonjs/fake-timers@8.1.0	eval	`0`	89.1 kB	fatso83
npm/@storybook/addon-actions@8.4.2	None	`0`	59.1 kB	domyen, ghengeveld, jreinhold, ...8 more
npm/@storybook/addon-backgrounds@8.4.2	None	`0`	27 kB	shilman
npm/@storybook/addon-controls@8.4.2	None	`0`	259 kB	shilman
npm/@storybook/addon-docs@8.4.2	None	`0`	2.19 MB	shilman
npm/@storybook/addon-essentials@8.4.2	None	`0`	16.6 kB	shilman
npm/@storybook/addon-highlight@8.4.2	None	`0`	9.04 kB	shilman
npm/@storybook/addon-interactions@8.4.2	None	`0`	129 kB	domyen, ghengeveld, jreinhold, ...8 more
npm/@storybook/addon-links@8.4.2	None	`0`	18.9 kB	domyen, ghengeveld, jreinhold, ...8 more
npm/@storybook/addon-measure@8.4.2	None	`0`	32 kB	shilman
npm/@storybook/addon-outline@8.4.2	None	`0`	22.7 kB	shilman
npm/@storybook/addon-toolbars@8.4.2	None	`0`	9.65 kB	shilman
npm/@storybook/addon-viewport@8.4.2	None	`0`	26.9 kB	shilman
npm/@storybook/blocks@8.4.2	environment, eval	`0`	604 kB	shilman
npm/@storybook/builder-vite@8.4.2	environment, eval, filesystem	`0`	457 kB	shilman
npm/@storybook/components@8.4.2	None	`0`	1.29 kB	shilman
npm/@storybook/core@8.4.2	Transitive: environment, network	`+2`	19.5 MB	shilman
npm/@storybook/csf-plugin@8.4.2	filesystem	`0`	10.4 kB	shilman
npm/@storybook/instrumenter@8.4.2	environment	`0`	218 kB	shilman
npm/@storybook/manager-api@8.4.2	None	`0`	1.27 kB	shilman
npm/@storybook/preview-api@8.4.2	None	`0`	1.29 kB	shilman
npm/@storybook/react-dom-shim@8.4.2	None	`0`	10.1 kB	shilman
npm/@storybook/react-vite@8.4.2	None	`0`	12.4 kB	shilman
npm/@storybook/react@8.4.2	environment	`0`	924 kB	shilman
npm/@storybook/test@8.4.2	environment, eval	`0`	1.52 MB	shilman
npm/@storybook/theming@8.4.2	None	`0`	1.58 kB	shilman
npm/@tootallnate/once@1.1.2	None	`0`	4.08 kB	tootallnate
npm/@types/jest@27.5.2	None	`0`	71.4 kB	types
npm/@types/yargs@16.0.9	None	`0`	53 kB	types
npm/abab@2.0.6	None	`0`	10.4 kB	jeffcarp
npm/acorn-globals@6.0.0	None	`+1`	1.22 MB	timothygu
npm/acorn-walk@7.2.0	None	`0`	100 kB	marijn
npm/asynckit@0.4.0	None	`0`	27.4 kB	alexindigo
npm/babel-jest@27.5.1	environment	`0`	14.4 kB	simenb
npm/babel-plugin-jest-hoist@27.5.1	None	`0`	13.7 kB	simenb
npm/babel-preset-jest@27.5.1	None	`0`	2.73 kB	simenb
npm/browser-process-hrtime@1.0.0	None	`0`	3.52 kB	kumavis
npm/combined-stream@1.0.8	None	`0`	11.5 kB	alexindigo
npm/cssom@0.4.4	None	`0`	48.7 kB	nv
npm/cssstyle@2.3.0	None	`+1`	225 kB	jon.sakas
npm/data-urls@2.0.0	None	`+1`	98.8 kB	domenic
npm/decimal.js@10.4.3	None	`0`	283 kB	mikemcl
npm/delayed-stream@1.0.0	None	`0`	8.02 kB	apechimp
npm/diff-sequences@27.5.1	None	`0`	53 kB	simenb
npm/domexception@2.0.1	None	`+1`	35.5 kB	domenic
npm/emittery@0.8.1	None	`0`	35.5 kB	sindresorhus
npm/escodegen@2.1.0	None	`0`	109 kB	michaelficarra
npm/expect@27.5.1	eval	`0`	172 kB	simenb
npm/form-data@3.0.2	filesystem, network	`0`	31 kB	ljharb
npm/html-encoding-sniffer@2.0.1	None	`0`	11.5 kB	domenic
npm/is-potential-custom-element-name@1.0.1	None	`0`	3.92 kB	mathias
npm/is-typedarray@1.0.0	None	`0`	4.41 kB	hughsk
npm/jest-changed-files@27.5.1	environment	`0`	15.1 kB	simenb
npm/jest-circus@27.5.1	eval	`0`	78.1 kB	simenb
npm/jest-cli@27.5.1	Transitive: environment, filesystem	`+3`	502 kB	simenb
npm/jest-config@27.5.1	Transitive: filesystem	`+1`	167 kB	simenb
npm/jest-diff@27.5.1	eval	`0`	85.2 kB	simenb
npm/jest-docblock@27.5.1	None	`0`	9.08 kB	simenb
npm/jest-each@27.5.1	None	`0`	39.9 kB	simenb
npm/jest-environment-jsdom@27.5.1	None	`0`	8.1 kB	simenb
npm/jest-environment-node@27.5.1	unsafe	`0`	7.32 kB	simenb
npm/jest-get-type@27.5.1	None	`0`	3.81 kB	simenb
npm/jest-haste-map@27.5.1	environment, filesystem, shell	`0`	135 kB	simenb
npm/jest-jasmine2@27.5.1	eval	`0`	137 kB	simenb
npm/jest-leak-detector@27.5.1	unsafe	`0`	5.75 kB	simenb
npm/jest-matcher-utils@27.5.1	None	`0`	28.6 kB	simenb
npm/jest-message-util@27.5.1	eval	`0`	18.1 kB	simenb
npm/jest-mock@27.5.1	None	`0`	39.1 kB	simenb
npm/jest-regex-util@27.5.1	None	`0`	3.37 kB	simenb
npm/jest-resolve-dependencies@27.5.1	None	`0`	9.11 kB	simenb
npm/jest-resolve@27.5.1	environment, unsafe	`0`	52.9 kB	simenb
npm/jest-runner@27.5.1	environment	`0`	30.8 kB	simenb
npm/jest-runtime@27.5.1	unsafe	`+1`	85.9 kB	simenb
npm/jest-serializer@27.5.1	unsafe	`0`	7.12 kB	simenb
npm/jest-snapshot@27.5.1	eval	`0`	93.2 kB	simenb
npm/jest-util@27.5.1	environment	`0`	41.9 kB	simenb
npm/jest-validate@27.5.1	None	`0`	32 kB	simenb
npm/jest-watcher@27.5.1	None	`0`	26.7 kB	simenb
npm/jest-worker@27.5.1	environment, shell	`+1`	90.3 kB	simenb
npm/jest@27.5.1	None	`0`	4.74 kB	simenb
npm/jsdom@16.7.0	eval, filesystem, network, shell, unsafe	`+3`	2.85 MB	domenic
npm/mime-db@1.52.0	None	`0`	206 kB	dougwilson
npm/mime-types@2.1.35	None	`0`	18.3 kB	dougwilson
npm/nwsapi@2.2.13	None	`0`	81.6 kB	diego
npm/parse5@6.0.1	None	`0`	331 kB	inikulin
npm/psl@1.10.0	None	`0`	532 kB	lupomontero
npm/querystringify@2.2.0	None	`0`	6.96 kB	lpinca
npm/requires-port@1.0.0	None	`0`	8.56 kB	3rdeden
npm/saxes@5.0.1	None	`0`	164 kB	lddubeau
npm/source-map-support@0.5.21	filesystem	`0`	85.2 kB	linusu
npm/storybook@8.4.2	None	`0`	22.2 kB	shilman
npm/symbol-tree@3.2.4	None	`0`	57.1 kB	joris-van-der-wel
npm/throat@6.0.2	None	`0`	9.14 kB	throat-bot
npm/tough-cookie@4.1.4	None	`+1`	117 kB	ccasey
npm/tr46@2.1.0	None	`0`	210 kB	timothygu
npm/ts-jest@27.1.5	environment, filesystem, unsafe	`0`	260 kB	kul
npm/typedarray-to-buffer@3.1.5	None	`0`	8.84 kB	feross
npm/typescript@5.2.2	None	`0`	40.6 MB	typescript-bot
npm/url-parse@1.5.10	None	`0`	63 kB	swaagie
npm/v8-to-istanbul@8.1.1	filesystem, unsafe Transitive: network	`+3`	287 kB	oss-bot
npm/w3c-hr-time@1.0.2	None	`0`	16.8 kB	timothygu
npm/w3c-xmlserializer@2.0.0	None	`0`	18 kB	domenic
npm/webidl-conversions@6.1.0	None	`0`	25.9 kB	domenic
npm/whatwg-encoding@1.0.5	None	`+1`	348 kB	domenic
npm/whatwg-mimetype@2.3.0	None	`0`	16.2 kB	domenic
npm/ws@7.5.10	network	`0`	122 kB	lpinca
npm/xml-name-validator@3.0.0	None	`0`	23 kB	domenic
npm/xmlchars@2.2.0	None	`0`	59 kB	lddubeau

View full report↗︎

socket-security[bot] commented 2 weeks ago

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/source-map-support@0.5.21, npm/acorn@7.4.1, npm/iconv-lite@0.4.24, npm/write-file-atomic@3.0.3, npm/abab@2.0.6, npm/cssom@0.4.4, npm/cssstyle@2.3.0, npm/symbol-tree@3.2.4, npm/w3c-hr-time@1.0.2, npm/whatwg-encoding@1.0.5, npm/whatwg-mimetype@2.3.0, npm/xml-name-validator@3.0.0, npm/cssom@0.3.8, npm/combined-stream@1.0.8, npm/is-typedarray@1.0.0, npm/mime-types@2.1.35, npm/delayed-stream@1.0.0, npm/asynckit@0.4.0, npm/mime-db@1.52.0, npm/xmlchars@2.2.0, npm/https-proxy-agent@5.0.1, npm/agent-base@6.0.2, npm/source-map@0.7.4, npm/browser-process-hrtime@1.0.0, npm/jest-worker@27.5.1, npm/typedarray-to-buffer@3.1.5, npm/@jest/types@27.5.1, npm/acorn-walk@7.2.0, npm/decimal.js@10.4.3, npm/is-potential-custom-element-name@1.0.1, npm/jest-mock@27.5.1, npm/jest-serializer@27.5.1, npm/jest-regex-util@27.5.1, npm/jest-util@27.5.1, npm/querystringify@2.2.0, npm/requires-port@1.0.0, npm/universalify@0.2.0, npm/url-parse@1.5.10, npm/@types/jest@27.5.2, npm/babel-jest@27.5.1, npm/jest@27.5.1, npm/jest-matcher-utils@27.5.1, npm/@jest/transform@27.5.1, npm/babel-preset-jest@27.5.1, npm/jest-haste-map@27.5.1, npm/babel-plugin-jest-hoist@27.5.1, npm/@jest/core@27.5.1, npm/jest-cli@27.5.1, npm/@jest/console@27.5.1, npm/@jest/reporters@27.5.1, npm/@jest/test-result@27.5.1, npm/emittery@0.8.1, npm/jest-changed-files@27.5.1, npm/jest-config@27.5.1, npm/jest-message-util@27.5.1, npm/jest-resolve@27.5.1, npm/jest-resolve-dependencies@27.5.1, npm/jest-runner@27.5.1, npm/jest-runtime@27.5.1, npm/jest-snapshot@27.5.1, npm/jest-validate@27.5.1, npm/jest-watcher@27.5.1, npm/v8-to-istanbul@8.1.1, npm/jest-diff@27.5.1, npm/jest-get-type@27.5.1, npm/throat@6.0.2, npm/@jest/test-sequencer@27.5.1, npm/jest-circus@27.5.1, npm/jest-environment-jsdom@27.5.1, npm/jest-environment-node@27.5.1, npm/jest-jasmine2@27.5.1, npm/@jest/environment@27.5.1, npm/expect@27.5.1, npm/jest-each@27.5.1, npm/@jest/fake-timers@27.5.1, npm/@sinonjs/fake-timers@8.1.0, npm/diff-sequences@27.5.1, npm/jsdom@16.7.0, npm/@jest/source-map@27.5.1, npm/jest-docblock@27.5.1, npm/jest-leak-detector@27.5.1, npm/@jest/globals@27.5.1, npm/acorn-globals@6.0.0, npm/data-urls@2.0.0, npm/domexception@2.0.1, npm/html-encoding-sniffer@2.0.1, npm/http-proxy-agent@4.0.1, npm/parse5@6.0.1, npm/saxes@5.0.1, npm/w3c-xmlserializer@2.0.0, npm/webidl-conversions@6.1.0, npm/whatwg-url@8.7.0, npm/webidl-conversions@5.0.0, npm/@tootallnate/once@1.1.2, npm/tr46@2.1.0, npm/ts-jest@27.1.5, npm/escodegen@2.1.0, npm/typescript@5.2.2, npm/@types/yargs@16.0.9, npm/tough-cookie@4.1.4, npm/ws@7.5.10, npm/nwsapi@2.2.13, npm/form-data@3.0.2, npm/@storybook/addon-actions@8.4.2, npm/@storybook/addon-backgrounds@8.4.2, npm/@storybook/addon-controls@8.4.2, npm/@storybook/addon-docs@8.4.2, npm/@storybook/addon-essentials@8.4.2, npm/@storybook/addon-highlight@8.4.2, npm/@storybook/addon-interactions@8.4.2, npm/@storybook/test@8.4.2, npm/@storybook/addon-measure@8.4.2, npm/@storybook/addon-outline@8.4.2, npm/@storybook/addon-toolbars@8.4.2, npm/@storybook/addon-viewport@8.4.2, npm/@storybook/blocks@8.4.2, npm/@storybook/core@8.4.2, npm/@storybook/csf-plugin@8.4.2, npm/@storybook/instrumenter@8.4.2, npm/@storybook/manager-api@8.4.2, npm/@storybook/preview-api@8.4.2, npm/@storybook/react-dom-shim@8.4.2, npm/storybook@8.4.2, npm/@storybook/addon-links@8.4.2, npm/@storybook/react@8.4.2, npm/@storybook/builder-vite@8.4.2, npm/@storybook/components@8.4.2, npm/@storybook/react-vite@8.4.2, npm/@storybook/theming@8.4.2, npm/psl@1.10.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

georgewrmarshall commented 2 weeks ago

@SocketSecurity ignore-all

Acceptable risk as we will be protected against supply chain attack by lavamoat

georgewrmarshall commented 2 weeks ago

As we are in the process of migrating we will not fix the announce storybook job

MetaMask / design-tokens